Agent sprawl is the tech debt enterprises will spend 2027 and 2028 paying down, and the bill is being run up right now.
Gartner forecasts that the average global Fortune 500 enterprise will have over 150,000 AI agents in production by 2028, up from fewer than 15 in 2025. Microsoft Agent 365 hit general availability on May 1, 2026, at $15 per user per month, marketed explicitly as a control plane for agent fleets. Google launched the Gemini Enterprise Agent Platform at Cloud Next on April 22, 2026, with a built-in Agent Registry, cryptographic Agent Identity, and Model Armor for runtime defense. On April 28, Gartner published a six-step framework for managing agent sprawl from the Digital Workplace Summit in London. Three tier-one vendors and the most-cited analyst firm in enterprise IT all named the same problem in the same week. They are not raising the alarm early. They are raising it on schedule.
The companies that install an agent management plane in 2026 will avoid a cleanup project that costs more than the agents themselves. The companies that wait will rediscover, with new vocabulary, every governance failure of the SaaS sprawl era. This post is the practical version: what agent sprawl actually is, why it compounds faster than prior IT debt categories, and the six-step framework that converts a coming mess into a managed asset class.
Why Agent Sprawl Outpaces Every Prior IT Debt Category
Agent sprawl is the uncontrolled multiplication of AI agents across an enterprise without a unified inventory, identity model, or oversight layer. It is structurally worse than SaaS sprawl, shadow IT, or microservice proliferation because agents are creatable by non-developers, act with delegated authority, and chain with each other. A single workflow can spawn dozens of sub-agents in hours. Gartner’s 15-to-150,000 trajectory is not a curve. It is a step function.
Three properties make agents accumulate faster than anything before them. They self-replicate through orchestration: one supervisor agent spawns specialist agents on demand, and each specialist may invoke others. They cross trust boundaries by design: an agent built in Microsoft Copilot Studio can be invited into a Slack workspace, granted Salesforce read access, and chained into a customer-facing workflow without a single approval ticket. They are created by business users: every Microsoft 365 license that includes Copilot Studio is a license to ship agents into production. The friction that throttled SaaS sprawl, the act of getting a credit card and a vendor contract, does not exist for agents.
The result is a compounding inventory problem. By the time a CIO asks “how many agents do we have,” the honest answer is unknowable without tooling that did not exist twelve months ago. The governance vacuum that already exists around agent privileges is the precondition. Sprawl is what fills it.
What an Agent Management Plane Actually Does
An agent management plane is the centralized control layer that gives an enterprise a single source of truth for every agent in operation, regardless of which platform created it. It does five things at minimum: discovery, identity, policy, observability, and lifecycle. Without all five, agents accumulate as opaque liabilities. With all five, they accumulate as a governable digital workforce.
Discovery means a continuously updated registry that pulls from every agent runtime in use. That includes Microsoft Agent 365, the Gemini Enterprise Agent Platform, Salesforce Agentforce, Amazon Bedrock Agents, and the long tail of department-built agents on LangChain, CrewAI, and n8n. Identity means every agent has a unique, cryptographically verifiable ID tied to a sponsor, a purpose, and a permission scope. Google’s Agent Identity construct and Microsoft’s Entra-based agent identities both encode this directly. Policy means rules expressed once and enforced everywhere: which data classes an agent may touch, which other agents it may call, which actions require human-in-the-loop confirmation.
Observability means runtime telemetry on every agent action: prompts, tool calls, data accessed, decisions made. Lifecycle means agents are versioned, reviewed on a cadence, and retired when their use case lapses. The Forrester observation summarizing the Microsoft and Google launches put it correctly: vendors are now positioning AI governance as an operational discipline owned jointly by IT and security. The management plane is what that discipline runs on.
The companies that already know this from running agent deployments at scale are spending 2026 consolidating onto a single plane. The companies that do not yet know it are buying agent platforms department by department and inheriting the integration debt.
The Six-Step Framework for Installing Governance Before Sprawl
Gartner’s April 28 framework maps cleanly onto the management plane. Treated as a sequence rather than a checklist, it produces an installable governance program that survives the agent population growing two orders of magnitude. The order matters: skipping ahead produces a control without a thing to control, or a thing without a control over it.
| Step | What it installs | Why it precedes the next step |
|---|---|---|
| 1. Establish agent governance and policies | Clear rules for who can build agents, which connectors are permitted, and what review gates apply | Every later step references the policy as the source of truth |
| 2. Build a centralized agent inventory | A continuously updated registry across sanctioned platforms and shadow tools, typically powered by AI TRiSM tooling | You cannot govern what you cannot see |
| 3. Define agent identity, permissions, and lifecycle | Unique IDs, scoped permissions, sponsor accountability, and a retirement process for redundant agents | Permissions without identity collapse into role mush; lifecycle without identity produces orphan agents |
| 4. Develop AI information governance | Controls on what data each agent may access, with permission, freshness, and archival policies | Agents are data pipelines wearing a chat interface; ungoverned data access is the most common breach vector |
| 5. Monitor and remediate agent behavior | Continuous telemetry, anomaly detection, and intervention paths for out-of-scope behavior | Static permissions decay; behavior monitoring catches the drift |
| 6. Foster a culture of responsible AI usage | Training programs, communities of practice, and internal advocacy that scale governance literacy beyond the IT team | Agents are built by business users; governance has to live where they work |
Steps one through three are the structural foundation. Steps four and five are the operational layer that runs every day. Step six is the cultural reinforcement without which steps one through five degrade into shelfware. Gartner’s framing is correct: the failure mode is not picking the wrong tool. It is installing the controls in the wrong order, or skipping the cultural step and watching adoption stall.
Where most enterprises are right now
Most enterprises in May 2026 sit between steps zero and one. A Copilot license rollout is in flight. A handful of Agentforce pilots are live in sales operations. A finance team built three n8n workflows that call OpenAI APIs against expense data. A marketing analyst stood up a CrewAI script on a personal laptop. None of this is centrally inventoried. None of it is identity-scoped. None of it is monitored.
The honest first move is the inventory: run discovery against the four platforms most likely to host shadow agents, before any policy is drafted. The policy that follows will be informed by what was found, rather than by what was hoped. This is the same discovery-first discipline that converts pilot programs into production capability: you cannot manage what you have not measured.
The Vendor Landscape: Three Control Planes, One Problem
Microsoft, Google, and IBM each shipped a control plane for agents in the first half of 2026, and each addresses the same problem from a different starting point. None is a complete solution on its own. All three are responses to the same forecast.
Microsoft Agent 365 went GA on May 1, 2026, structured around three pillars: observe, govern, and secure. Each license covers an individual who manages, sponsors, or uses agents, ensuring agent activity is consistently governed across the organization. Microsoft Entra Conditional Access enforces dynamic, granular access policies for agents that operate independently and extends existing user policies to agents acting on behalf of users. Context mapping, policy-based controls, and runtime blocking ship in public preview through Intune and Defender in June 2026.
Google’s Gemini Enterprise Agent Platform, announced April 22, 2026, at Google Cloud Next, consolidates Vertex AI into an agent-native control surface. Agent Identity assigns every agent a unique cryptographic ID. Agent Gateway provides traffic control between agents and data sources. Model Armor defends against prompt injection, tool poisoning, and sensitive data leakage at runtime. An Agent Registry catalogs agents and endpoints. The architecture choice is explicit: agents are first-class infrastructure objects, not application features.
IBM announced an AI operating model blueprint at Think 2026, with tooling explicitly designed to manage thousands of agents at governance scale. The framing matches the vendor pattern: agents are not a feature of an app, they are a managed population.
The control planes do not interoperate fully. An enterprise running Microsoft 365, Google Workspace, AWS, and Salesforce will run agents on at least four control planes. The integration layer between them is where 2027’s tech debt is being underwritten today.
What This Costs and Why CFOs Should Care
The cost of agent sprawl is not a single line item. It compounds across four cost categories and lands on the operating budget within twelve to eighteen months of unmanaged growth. Treating it as an IT problem misses the financial geometry. It is a finance problem disguised as an IT problem.
The four cost categories are duplicate licensing, security incident exposure, integration debt, and remediation labor. Duplicate licensing accumulates when sales, support, and operations each procure their own agent platform without enterprise visibility, paying three vendors for overlapping capability. Security incident exposure is the breach math: agents have privileged access by design, and an ungoverned agent is a breach pathway with autonomy. Integration debt is the cost of consolidating four control planes onto one when the duplication finally becomes intolerable. Remediation labor is the consultancy spend on the cleanup project itself, which historically runs two to four times the original deployment cost.
The pattern repeats every IT generation. SaaS sprawl produced a SaaS management category that now charges enterprises 2 to 5 percent of their SaaS spend just to inventory it. Microservice sprawl produced service mesh as a category. Cloud sprawl produced FinOps. Agent sprawl will produce an agent management plane category, and the enterprises that buy in 2026 will pay setup costs. The enterprises that buy in 2028 will pay setup costs plus remediation costs plus the breach-loss differential between governed and ungoverned posture.
The accounting discipline is the same one that surfaces AI ROI in dollar terms. Unquantified risk stays unfunded. Quantified risk gets budget. A CFO presented with a credible projection of ungoverned-agent population, breach exposure, and consolidation cost will fund the management plane. A CFO presented with “we have a governance gap” will not.
The Compliance Clock Is Already Running
The EU AI Act’s transparency and risk-management obligations apply to AI systems, and an autonomous agent acting on behalf of an organization is unambiguously a system the regulation contemplates. The August 2026 deadlines for general-purpose AI obligations land before most enterprise agent populations have been inventoried, let alone governed. The compliance posture an organization can demonstrate to a regulator is the posture its management plane produces. There is no other artifact to show.
The same is true for sector-specific regulators. Financial services firms operating under SEC Rule 17a-4 communications retention requirements are already obligated to preserve the substantive content of agent interactions where those agents act in business communications. Healthcare organizations under HIPAA must document data flows; an undocumented agent flow is a documented audit finding. The EU AI Act compliance work coming due intersects directly with the agent inventory: the regulation assumes you have one.
The enforcement timing favors enterprises that started in 2026. Agent populations doubling every quarter mean the cost of inventory grows superlinearly with delay. An organization that runs its first inventory at 50 agents catalogs 50 agents. The same organization waiting until Q1 2027 catalogs 500. By Q3 2027, 5,000. The math is not friendly to procrastination.
The Bottom Line
Agent sprawl is not a hypothetical. It is the operating reality of any enterprise that licensed Copilot, Agentforce, or Gemini Enterprise in the last year and has not installed an agent management plane on top. The Gartner forecast of 150,000 agents per Fortune 500 firm by 2028 is the upper-bound projection of behavior already underway. The Microsoft, Google, and IBM control plane launches in April and May 2026 are vendor confirmation that the problem has crossed the threshold of board-level attention.
The six-step framework is installable in a quarter for a mid-market enterprise and in two for a global one. It does not require a new headcount. It requires the existing IT and security teams to treat agents as a governed asset class on the same footing as identities, endpoints, and data, and to install the management plane before the population growth makes retrofitting expensive. The companies that do this in 2026 ship agents into production with a defensible governance posture. The companies that wait will spend 2027 and 2028 unwinding a tech debt category they could have prevented.
If you’re sizing your agent population, drafting an agent governance policy, or scoping a management plane against the six-step framework, that’s exactly the work we do.