Agentic AI is mainstream — sprawl worry
Enterprises are deploying AI agents widely, but nearly all buyers worry those agents will proliferate without control — OutSystems found 94% of respondents concerned about “sprawl.” This shift means organisations are facing governance, security and cost‑control problems as agentic workflows move from experiments into production. (manilatimes.net)
Companies are moving AI agents into everyday operations fast, and nearly all of them worry those systems will spread faster than they can control them. (markets.financialcontent.com) OutSystems said on April 7 that 96% of surveyed organizations already use AI agents in some capacity, 97% are exploring company-wide agentic AI strategies, and 94% are concerned about “AI sprawl.” The company said its 2026 State of AI Development report surveyed nearly 1,900 information technology leaders worldwide. (markets.financialcontent.com) (www.outsystems.com) An AI agent is software that can take a goal, choose steps, call tools, and complete work with limited human input. OutSystems said 49% of respondents now rate their organizations’ agentic AI capability as advanced or expert, a sign that these systems are moving beyond pilots. (markets.financialcontent.com) The problem is not just how many agents companies deploy, but whether anyone can track what each one can access, what data it uses, and what actions it can trigger. The National Institute of Standards and Technology says artificial intelligence risk management needs governance across the full lifecycle, not just one-time testing before launch. (www.nist.gov) Security teams are also dealing with a newer class of risks created when language-model systems can connect to tools, databases, and outside services. The Open Worldwide Application Security Project’s 2025 Top 10 for large language model applications says those systems face threats including prompt injection, sensitive information disclosure, and excessive agency, meaning a model can take actions beyond what users intended. (owasp.org) Governance is turning into a product category of its own as vendors try to put a control tower over fast-growing fleets of agents. Microsoft said on April 2 that it released an open-source Agent Governance Toolkit for runtime security, and it argued that infrastructure to govern autonomous agent behavior has not kept pace with how easy agents are to build. (opensource.microsoft.com) Standards bodies are moving in the same direction. The International Organization for Standardization says ISO/IEC 42001 sets requirements for an artificial intelligence management system, giving companies a formal way to set policy, assign accountability, and audit how AI is built and used. (www.iso.org) Analysts expect the deployment curve to keep rising. Gartner said in August 2025 that 40% of enterprise applications would include task-specific AI agents by the end of 2026, up from less than 5% in 2025. (www.gartner.com) That leaves companies trying to solve an old enterprise problem in a new form: software spread. The difference with AI agents is that each new system can read, decide, and act, so inventory, permissions, logging, and cost controls are becoming part of deployment, not cleanup after the fact. (www.nist.gov) (opensource.microsoft.com)
