# Enterprises Face Rapid Agent AI Sprawl

> Source: <https://letsdatascience.com/news/enterprises-face-rapid-agent-ai-sprawl-00d60b4d>
> Published: 2026-07-04 14:01:02+00:00

# Enterprises Face Rapid Agent AI Sprawl

Gartner said an average global Fortune 500 enterprise could run more than **150,000 AI agents** by **2028**, up from fewer than **15** in 2025. Towards AI used that forecast to frame the operational risk of agent sprawl, where different teams deploy agents with separate prompts, credentials, and permissions. For practitioners, the issue is security and governance rather than novelty: untracked agents can expand service-account sprawl, create inconsistent behavior, and make incident reconstruction harder. The safe response is not blanket blocking but inventory, ownership, least-privilege access, lifecycle controls, and telemetry that treats agents as production actors.

Agent sprawl turns a productivity story into an operations and security-control problem. The more agents a company deploys, the more identities, prompts, tools, permissions, logs, and failure modes platform teams must govern. The useful question is not whether agents are valuable, but whether they are visible and accountable enough to run near production systems.

### What happened

Gartner said in an April 2026 press release that by **2028** an average global Fortune 500 enterprise could have more than **150,000** AI agents in use, up from fewer than **15** in 2025. Towards AI used the same theme to describe enterprise agent sprawl and the ownership gaps created when business units deploy agents independently.

### Security context

The risk is familiar to security teams: too many identities, too many credentials, weak lifecycle management, and limited auditability. AI agents add a harder layer because they can combine natural-language instructions, tool access, and automated actions. IBM's explainer similarly describes agent sprawl as uncontrolled proliferation without unified governance.

### For practitioners

Teams should inventory agents as production assets, assign owners, restrict tool scopes, rotate credentials, log actions, and define retirement rules. Agent orchestration should include permission boundaries and observability, not just task routing. Without that control plane, small experiments can become hidden infrastructure.

### What to watch

Watch whether identity providers, cloud platforms, and agent frameworks converge on common controls for agent identity, policy enforcement, and audit trails. The next useful product wave is likely governance plumbing, not another isolated agent builder.

## Key Points

- 1Gartner forecasts Fortune 500 enterprises could average more than 150,000 AI agents by 2028, creating governance pressure.
- 2The security risk comes from unmanaged identities, credentials, tool permissions, prompt state, and incomplete activity logs.
- 3Practitioners need inventory, ownership, least-privilege access, telemetry, lifecycle controls, and retirement rules before agent deployments scale.

## Scoring Rationale

A notable enterprise AI governance and security issue with primary Gartner support and clear practitioner consequences. The score rises because the scale forecast and control-plane implications are broader than a single vendor product note.

## Sources

Public references used for this report.

Practice with real Ad Tech data

90 SQL & Python problems · 15 industry datasets

[Active Search Campaigns by BudgetEasy](/problems/sql/active-search-campaigns-by-budget)

[High CPC Clicks & Poor Landing PagesMedium](/problems/sql/high-cpc-clicks-poor-landing-page)

[Campaign ROAS by Attribution ModelHard](/problems/sql/campaign-roas-by-attribution-model)

250 free problems · No credit card

[See all Ad Tech problems](/problems/datasets/adtech)
