Gartner Warns of Enterprise AI Agent Sprawl
Analyst firm Gartner told attendees at its Digital Workplace Summit that enterprises face a rapid expansion of AI agents and a risk of "agent sprawl." According to Gartner, the average Global Fortune 500 enterprise is expected to run more than 150,000 AI agents by 2028, up from fewer than 15 today. Gartner presented survey findings showing that half of respondents limited internal rollouts to low-risk users, while broader adopters were 3.3 times more likely to report higher value. According to Gartner's 2025 survey of 360 IT application leaders, only 15 percent said they were considering, piloting, or deploying fully autonomous agents, and just 13 percent believe they have the right governance in place. Gartner outlined a two-tier governance model and highlighted higher reported value where third-party governance tools were used.
What happened
Analyst firm Gartner presented warnings about widespread "agent sprawl" at its Digital Workplace Summit in London, saying enterprises face rapid growth in AI agents. According to Gartner, the average Global Fortune 500 enterprise is expected to run more than 150,000 AI agents by 2028, up from fewer than 15 today. Max Goss, senior director analyst at Gartner, said, "As CIOs and IT leaders see an explosion of AI agents across their organizations, many are contending with an ungoverned sprawl of agents."
According to Gartner's 2025 survey of 360 IT application leaders, only 15 percent of respondents said they were considering, piloting, or deploying fully autonomous AI agents, and just 13 percent of organizations believe they have the right governance in place overall. Gartner reported that half of surveyed organizations limited internal AI rollouts to low-risk or trusted users, and that broader adopters were 3.3 times more likely to report higher value from generative AI. The data also showed organizations that invested in third-party governance tools were nearly twice as likely to report higher value. Gartner described a governance model that uses a centralized committee and operational, domain-embedded teams to translate policy into controls.
Editorial analysis - technical context
Companies embedding large numbers of autonomous or semi-autonomous agents expand the attack surface for data leakage, error propagation, and API sprawl. Industry-pattern observations show that without centralized policy plus domain-level enforcement, discovery and lifecycle management of agents become operational bottlenecks. Tooling that provides inventory, audit trails, and access controls will be central to reducing misconfiguration risk and maintaining data provenance.
Industry context
For practitioners, Gartner's findings align with broader reporting that enterprise AI adoption often outpaces governance maturity. Organizations that restrict access for risk reasons can reduce immediate exposure but may also limit measured value, a trade-off Gartner quantified in its survey results. Observers should treat governance work as cross-functional, requiring legal, security, architecture, and business input rather than a purely IT or security project.
What to watch
Indicators to monitor include inventory accuracy for deployed agents, frequency of agent-initiated data exports, adoption rates of third-party governance platforms, and whether internal teams publish domain-specific control mappings. Public vendor announcements that add agent-tracking and control APIs to enterprise products will also affect how teams operationalize Gartner-style governance models.
Scoring Rationale
Gartner's survey and projections are practically relevant for enterprise AI teams and inform governance tooling and process priorities. The story is notable for practitioners but does not introduce new technical capabilities or a paradigm shift.
Practice interview problems based on real data
1,500+ SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems
