With the average Global Fortune 500 company expected to deploy over 150,000 AI agents by 2028—up from fewer than 15 today—there is an urgent need for robust governance to avoid an uncontrollable sprawl of autonomous bots that threatens operational stability and business value.
- Unchecked AI agents on track to multiply ten thousandfold by 2028
- Strong governance drives 3.3x higher value from generative AI tools
- Gartner prescribes centralized and operational governance tiers
What happened
Gartner reports that the average Fortune 500 enterprise currently runs fewer than 15 AI agents but projects explosive growth to more than 150,000 agents by 2028. This rapid increase poses a risk of 'agent sprawl,' where thousands of autonomous AI bots operate with insufficient oversight, creating IT complexity and opening the door to misinformation and data security issues.
Their study found that half of surveyed organizations restrict AI access to trusted users, which correlates with lower reported returns on generative AI investments. Conversely, companies adopting AI broadly—under stronger governance frameworks—were over three times more likely to gain substantial business value.
Why it matters
As enterprises integrate AI agents into critical systems like CRM, ERP, and collaboration platforms, unmanaged AI growth can lead to operational chaos. Without proper policies, permissions, and monitoring, shadow AI deployments may cause data leaks, compliance violations, and lost trust in AI outputs.
Gartner emphasizes that limiting AI usage alone does not constitute governance. Instead, effective governance involves clear policies on agent creation, usage, and data access, supported by tools for discovery and risk management to maintain control of AI-driven processes and safeguard enterprise data integrity.
What to watch next
Organizations must build centralized AI governance committees that include CIOs, CISOs, legal, and business leaders to define enterprise AI strategy and policy. Operational teams embedded within application domains need to adapt these policies into practical controls to manage AI agents across diverse platforms.
Looking ahead, expect wider adoption of AI trust, risk, and security management (AI TRiSM) technologies for real-time monitoring and auditing of agent behaviors. Responsible AI education will become as essential as cybersecurity training, ensuring workforce readiness for the evolving AI landscape.