A survey published on April 7 by OutSystems, involving nearly 1,900 global IT leaders, confirmed what we’ve been seeing in the projects we run: agentic AI has officially entered the enterprise mainstream. Almost every organization already has agents running in production. The problem is that 94% of them report that these agents are creating chaos.
Chaos is not a metaphor. It’s AI sprawl — the uncontrolled proliferation of agents without a centralized inventory, without proper access controls, and without action auditing. It’s a data team creating agents via API without IT knowing. It’s an automation vendor connected to the CRM with broader access than any human would ever have. It’s a model making decisions that affect customers without any traceable log.
Gartner goes even further: it predicts that more than 40% of agentic AI projects will be canceled by 2027. Not because of technical failure, but due to a lack of governance.
There is a group of 6% that hasn’t fallen into this trap. Nothing is more important right now than understanding exactly what they’re doing differently.
Why governance always arrives late
There’s a predictable dynamic in enterprise technology adoption. The pressure to deploy is immediate. The pressure to govern comes later — usually after an incident.
With AI agents, this cycle is even more compressed than with any previous technology. A developer with access to an API can create a functional agent in just a few hours, without needing architecture approval or security review. The agent is already in production before anyone even discusses controls.
Multiply that by dozens of teams, add the pressure from the board asking “when are we getting agents?”, and include vendors embedding agentic capabilities directly into the tools teams already use — Copilot, Salesforce, ServiceNow. The result is an organization with dozens or even hundreds of agents in production that no IT team can fully map.
This is the chaos that 94% of companies are describing.
What the 6% do before the first deployment
The companies that govern agentic AI effectively don’t have more resources or better technology — they have discipline in five specific areas:
1. Inventory before any deployment
The first question asked by organizations with mature governance isn’t “what will this agent do?” — it’s “where are all our agents running today?”
Agent inventory is not a compliance project. It is the prerequisite for any control policy. Without a map of what exists, any governance framework is useless — you end up regulating what you know and ignoring what you don’t even know exists.
The inventory must answer three basic questions: which agents exist, what each one can access, and who authorized their deployment. It sounds simple, but most organizations cannot answer all three questions about every agent currently operating in their environment.
2. Least privilege applied from day one
An AI agent doesn’t need full system access — it only needs exactly what is required for its specific task, and nothing more.
The principle of least privilege has been standard in network security for decades, yet most agentic AI implementations completely ignore it. The agent is given service credentials with broad scope simply because it’s easier to configure. The result is an agent with access to customer data, contracts, and financial systems to perform a task that only required read access to a specific table.
The companies in the 6% group define access scope before deployment, ensuring every agent has clearly documented minimum permissions — not unrestricted access inherited from the development environment.
3. Action auditing, not just output auditing
An agent can produce the correct result through the wrong path, and you’ll only discover it when it becomes a problem.
The difference between mature governance and wishful thinking lies in the logs. Organizations with effective control don’t just log the agent’s final output — they log every action taken along the way: which tool was called, which data was accessed, and which decision was made at each step.
For regulated industries — banking, healthcare, energy — this is not a best practice. It’s a compliance requirement. Without traceable action logs, any audit becomes impossible. And without traceability, you’re not governing agents — you’re just hoping they work correctly.
4. Human-in-the-loop for high-impact decisions
Automating everything that can be automated is the long-term goal. It is not where you start.
The organizations that got this right defined two clear criteria before their first deployment: what can be fully automated without human supervision, and what requires approval or review before execution.
The line between the two cannot be implicit — it must be documented, reviewed by compliance, and built into the agent’s workflow. Decisions that affect contracts, sensitive customer data, or irreversible actions require a human escalation point — not as an emergency fallback, but as a designed component.
Automating with structured supervision is not being overly cautious. It’s the difference between an autopilot that the pilot can take over and one that no one knows how to turn off.
5. Centralized control of models and vendors
Shadow AI is the number one cause of agentic AI chaos reported by the 94%.
Shadow AI occurs when departments acquire AI capabilities — APIs, plugins, integrations — without IT visibility or control. Marketing uses a content generation agent, finance connects an agent to the ERP, operations creates automations via low-code platforms using third-party models. Each of these moves seems small and harmless, but together they create an attack surface that no security team can map.
Companies with effective governance have a single point of control: which models are approved for use, which vendors have contracts with proper security and compliance clauses, and which data is allowed to leave the corporate perimeter. This catalog exists before the first agent goes into production — not as a reaction to an incident.
The cost of waiting
The most common argument is: “We’ll structure governance once we scale.”
But this argument ignores how agent proliferation actually works. You don’t scale first and then govern. You reach a point where governing what already exists is far more expensive and risky than building from scratch — because there are dependencies, processes already running on uncontrolled agents, and teams that have adapted their workflows around the specific behavior of poorly configured agents.
The window to establish governance before chaos sets in is short, and it closes quietly — not with a dramatic incident, but with the gradual realization that you no longer know what your organization’s agents are actually doing.
Gartner predicted 40% of agentic AI projects will be canceled by 2027. Cancellation is not the worst-case scenario. The worst case is keeping agents in production that you cannot audit, all in the name of capabilities you cannot properly measure.
A direct question
If I asked you right now how many AI agents your organization has running in production — including those created by business teams without going through IT — could you answer with precision?
If the answer is no, you’re closer to the 94% than to the 6%.
The practices we discussed are not complex to implement. They are engineering discipline applied to a new domain. And the difference between being in the 6% or the 94% will depend on when you start.