Enterprises Face Rapid Agent AI Sprawl Gartner forecasts that by 2028, an average Fortune 500 enterprise could run over 150,000 AI agents, up from fewer than 15 in 2025, creating governance and security risks due to unmanaged identities, credentials, and permissions. Towards AI warns that agent sprawl, where business units deploy agents independently, leads to operational and security control problems, requiring inventory, ownership, least-privilege access, and lifecycle controls. Enterprises Face Rapid Agent AI Sprawl Gartner said an average global Fortune 500 enterprise could run more than 150,000 AI agents by 2028 , up from fewer than 15 in 2025. Towards AI used that forecast to frame the operational risk of agent sprawl, where different teams deploy agents with separate prompts, credentials, and permissions. For practitioners, the issue is security and governance rather than novelty: untracked agents can expand service-account sprawl, create inconsistent behavior, and make incident reconstruction harder. The safe response is not blanket blocking but inventory, ownership, least-privilege access, lifecycle controls, and telemetry that treats agents as production actors. Agent sprawl turns a productivity story into an operations and security-control problem. The more agents a company deploys, the more identities, prompts, tools, permissions, logs, and failure modes platform teams must govern. The useful question is not whether agents are valuable, but whether they are visible and accountable enough to run near production systems. What happened Gartner said in an April 2026 press release that by 2028 an average global Fortune 500 enterprise could have more than 150,000 AI agents in use, up from fewer than 15 in 2025. Towards AI used the same theme to describe enterprise agent sprawl and the ownership gaps created when business units deploy agents independently. Security context The risk is familiar to security teams: too many identities, too many credentials, weak lifecycle management, and limited auditability. AI agents add a harder layer because they can combine natural-language instructions, tool access, and automated actions. IBM's explainer similarly describes agent sprawl as uncontrolled proliferation without unified governance. For practitioners Teams should inventory agents as production assets, assign owners, restrict tool scopes, rotate credentials, log actions, and define retirement rules. Agent orchestration should include permission boundaries and observability, not just task routing. Without that control plane, small experiments can become hidden infrastructure. What to watch Watch whether identity providers, cloud platforms, and agent frameworks converge on common controls for agent identity, policy enforcement, and audit trails. The next useful product wave is likely governance plumbing, not another isolated agent builder. Key Points - 1Gartner forecasts Fortune 500 enterprises could average more than 150,000 AI agents by 2028, creating governance pressure. - 2The security risk comes from unmanaged identities, credentials, tool permissions, prompt state, and incomplete activity logs. - 3Practitioners need inventory, ownership, least-privilege access, telemetry, lifecycle controls, and retirement rules before agent deployments scale. Scoring Rationale A notable enterprise AI governance and security issue with primary Gartner support and clear practitioner consequences. The score rises because the scale forecast and control-plane implications are broader than a single vendor product note. Sources Public references used for this report. Practice with real Ad Tech data 90 SQL & Python problems · 15 industry datasets Active Search Campaigns by BudgetEasy /problems/sql/active-search-campaigns-by-budget High CPC Clicks & Poor Landing PagesMedium /problems/sql/high-cpc-clicks-poor-landing-page Campaign ROAS by Attribution ModelHard /problems/sql/campaign-roas-by-attribution-model 250 free problems · No credit card See all Ad Tech problems /problems/datasets/adtech