As enterprises accelerate their adoption of AI agents, Gartner has warned of a looming “agent sprawl” that could introduce significant operational and security risks. The firm predicts that by 2028, the average Fortune 500 company will deploy more than 150,000 AI agents—up from fewer than 15 in 2025—marking a dramatic surge in autonomous systems across business environments.
This rapid proliferation is already outpacing governance readiness. According to Gartner, only 13% of organizations believe they have adequate AI agent governance frameworks in place, leaving most enterprises exposed to risks such as misinformation, data leakage, and uncontrolled access to sensitive information.
“CIOs and IT leaders are grappling with an explosion of AI agents, often without sufficient oversight,” said Max Goss, Sr. Director Analyst at Gartner. “While some organizations attempt to curb risks by restricting AI usage, this can backfire—driving employees toward shadow AI tools that are harder to monitor and govern.”
Instead of outright restrictions, Gartner emphasizes the need for balanced governance that enables innovation while maintaining control. To address this challenge, the firm has outlined a six-step framework for managing AI agent sprawl:
Gartner advises organizations to begin by establishing clear governance policies that define how AI agents are created, deployed, and shared, along with approved integrations. Building a centralized inventory of agents is equally critical, allowing enterprises to discover and categorize both sanctioned and shadow AI tools using AI TRiSM (trust, risk, and security management) capabilities.
The framework also calls for defining agent identities, permissions, and lifecycle management processes to ensure proper access control and timely retirement of redundant agents. Strengthening AI information governance is another key priority, ensuring that agents only access relevant, up-to-date data while preventing oversharing or misuse.
Continuous monitoring of agent behavior is essential to detect anomalies and enforce compliance, Gartner notes. Finally, organizations must foster a culture of responsible AI usage by equipping employees with training and promoting best practices through internal communities.
As enterprises move toward increasingly AI-native workplaces, Gartner underscores that governance—not restriction—will be the cornerstone of sustainable AI adoption.