Camilo Rojas

Agent Sprawl and Enterprise Adoption: Managing the Proliferation Challenge

Tags: AI, Agents, Enterprise, Governance, Strategy, Adoption, Management, Architecture
Agent Sprawl and Enterprise Adoption: Managing the Proliferation Challenge hero image

Introduction

Enterprises are facing a new challenge. It’s called agent sprawl. And the reason behind it lies in the explosive adoption of AI technologies that are being expressed in enterprise through agents.

We estimate that for every employee there will be between ten and a hundred agents in two years. This comes from empirical conversations with clients and illustrates the explosive growth of agents through organizations. This growth will generate a significant challenge for administrators, security professionals, and executives that have to secure the agentic platforms that shield their most important asset: enterprise information.

Recently I spoke with a client that expressed that they had reached 4000 agents with Copilot and they were eager to hear on how to manage and control this explosion. If you are like them, this article is for you.

This post summarizes observations we’re starting to see with enterprises and provides guidance on how to properly structure a program that manages the complexity of agent sprawl.

Understanding Agent Sprawl

As enterprises begin to build their own initial agents, they are now being targeted by hundreds or thousands of companies that are including agents within their tools. If you’re using a platform such as Salesforce or ServiceNow, you can bet that in your future you will also receive agents built by these companies. These agents will be built on technology that those ISVs define—technology that might be in a different stack than what you are thinking will be your agent platform.

How Agent Sprawl Emerges

Agent sprawl does not appear in the enterprise due to a lack of proper controls. On the opposite, it’s a reaction to the explosive adoption and the expectation of value that is going to be delivered by agents. The potential value offered for placing an agent on top of a solution and unlocking the value for its users—whether internal or external—is a promise very powerful and difficult to negate.

But the reality is that opening those channels with only the functional results as a goal generates complex challenges in the way we adopt agentic solutions.

The Cost of Unmanaged Proliferation

Thinking of previous historical technology adoption patterns, we’ve seen that as soon as value is proved by a solution stack, it quickly becomes adopted through the enterprise, usually centered around business domains that carry a strong value proposition.

In the case of agentic technologies we’re seeing a lot of believers in the business value of agents and the power it unlocks. Hence generating from lines of business the need to start using agentic technologies—usually not in the sanctioned way that technology officers would want. This generates what we call shadow AI: lines of business moving faster in adoption than our ability to control these technologies.

The costs manifest across multiple dimensions:

  • Security exposure — Each unsanctioned agent represents a potential data exfiltration point or compliance violation
  • Duplicate effort — Multiple teams building agents that do essentially the same thing
  • Integration fragmentation — Agents on different platforms that can’t communicate, creating new silos
  • Unpredictable costs — Without visibility, LLM expenses can spiral unexpectedly
  • Knowledge trapped — Institutional knowledge locked in isolated implementations

Shadow AI

One of the consequences of agent sprawl is the appearance of shadow AI. We are seeing more and more clients overwhelmed with the amount of agents being produced by all types of users—developers, line of business, and even executives.

We are seeing different strategies to overcome shadow AI:

  • Network scanning technologies — Bringing light to the solution. Technologies that identify endpoints exposing common API signatures offered by AI agents
  • Choke points — Restricting LLM usage internally only for sanctioned use cases

Both strategies offer alternatives to begin wrangling and structuring policies around unofficial enterprise AI usage.

The Enterprise Adoption Challenge

Balancing Innovation, Control and Cost

There are three main elements that have to be balanced for successful agentic deployments:

  1. Innovation and business value
  2. Risk
  3. Cost

Depending on use case you might find different risk profiles. Customer care use cases offer the highest business value impact on client experience, usually affecting the top line. On the other hand, digital labor agentic use cases involving employees have a less risky profile, affecting operational efficiency. In that sense: less risk offers less value, high value usually is accompanied by high risk.

The third aspect is cost. Depending on model, use case and usage, companies face a range of strategies:

  • AI carte blanche — Open access to all models
  • Selective models — Specific models for specific use cases
  • Pattern-based selection — Dissecting agent execution patterns to choose models dynamically

We are seeing some industries like financial services more focused on expanding high value use cases, while distribution sector focuses on internal efficiency and cost optimization.

Cultural Transformation

The technical challenges are significant, but the cultural transformation required is more profound. Organizations must shift from viewing AI as a departmental tool to recognizing it as enterprise infrastructure requiring the same rigor as any other critical system.

Key elements for this transformation:

  • Executive sponsorship — Without C-level commitment, governance frameworks become suggestions rather than requirements
  • Cross-functional collaboration — Agents don’t respect organizational boundaries; a customer service agent might need data from sales, product, and finance
  • New capabilities — Not just prompt engineering, but agent architecture, orchestration design, and lifecycle management across the organization
  • Change management — Demonstrating that governed agents are actually easier to build and maintain than shadow implementations

Strategies for Controlled Agent Adoption

1. Centralized Governance Framework

A governance framework isn’t about saying “no” to innovation. It’s about creating guardrails that enable safe, rapid deployment.

Agent Classification — Establish tiers based on risk and impact:

  • Tier 1: Read-only agents with no access to sensitive data (low risk)
  • Tier 2: Agents that can modify data within defined boundaries (medium risk)
  • Tier 3: Agents with broad permissions or customer-facing roles (high risk)

Each tier has different approval processes, security requirements, and monitoring levels. The key is making the process fast enough that teams don’t circumvent it.

Additional governance elements:

  • Clear approval workflows appropriate to each tier
  • Non-negotiable security standards for authentication, authorization, and audit logging
  • Compliance requirements built into the approval process
  • Sunset policies requiring agents to demonstrate continued value

2. Agent Lifecycle Management

This challenge will become a reality in the upcoming months for most companies. Acquiring the required skills not only in build time but also in runtime environments for agents becomes a critical discipline.

Agents are now a formal enterprise layer in new enterprise computing platforms. As such, they require a lifecycle development program—what we call the Agentic Development Lifecycle or ADLC.

The ADLC captures the whole process:

  • Requirements gathering — Clear business case, data needs, actions, stakeholders
  • Building and testing — Different approaches than traditional software; testing for prompt injection, hallucination handling, graceful degradation
  • Deploying — Managing dependencies between agents; change management becomes one of the toughest areas
  • Monitoring — Continuous tracking of performance, cost, satisfaction, error rates
  • Deprecating and removing — Clear processes for end-of-life, migration, and archiving

Clients are adopting orchestration of agents and tools. There are dependencies being created between agents that will make change management one of the toughest areas in the ADLC.

3. Standards and Best Practices

Standardization accelerates adoption by reducing cognitive load and ensuring consistency. This is a key factor in the pursuit of having a agentic production line with industrial strength:

  • Agent design patterns — Documented approaches for common scenarios like escalation to humans or multi-step workflows
  • Naming conventions — Clear standards so agents are discoverable and purpose is obvious
  • Documentation requirements — Mandatory coverage of purpose, capabilities, limitations, data sources, escalation paths. Powered by AI
  • Prompt engineering guidelines — Shared best practices and a library of proven prompts
  • Model selection criteria — When to use which models based on cost, performance, and capability
  • Security baselines — Minimum requirements all agents must meet

4. Center of Excellence Model

A Center of Excellence serves as the hub for agent expertise, governance, and support. It’s not a bottleneck—it’s an enabler.

The CoE:

  • Maintains the governance framework and standards
  • Provides training and enablement for agent developers
  • Operates the agent registry and catalog
  • Monitors agent performance and costs across the organization
  • Identifies opportunities for consolidation and optimization
  • Stays current with emerging agent technologies

Start small—three to five people can support a large organization if they focus on enablement rather than doing all the work themselves. The CoE should operate as a service organization where teams come for guidance, not permission.

5. Federated Ownership with Central Oversight

The most successful agent programs balance central governance with distributed ownership. Business units own their agents and are accountable for performance and costs, but operate within the framework established by the CoE.

  • Domain organization — Agents organized around business domains with domain owners responsible for their portfolio
  • Shared services — Centralized authentication, audit logging, model access, monitoring infrastructure
  • Charge-back model — Costs attributed to owning business units to create accountability
  • Clear escalation paths — Routes to the CoE for guidance and exception approval

Technical Solutions to Agent Sprawl

Agent Registry and Catalog

You can’t manage what you can’t see. An agent registry provides visibility into every agent in the organization.

Core capabilities:

  • Discovery — Automatically detect agents across the organization, including those deployed outside official channels
  • Metadata — Capture owner, purpose, data sources, dependencies, cost, usage patterns
  • Search and browse — Enable users to find existing agents before building new ones
  • Dependency mapping — Visualize how agents interact with each other and enterprise systems
  • Compliance tracking — Flag agents that don’t meet governance requirements

Start with a simple registry, even a well-maintained spreadsheet is better than nothing. Make registration easy and valuable: registered agents get priority support, access to premium models, and visibility in the enterprise catalog.

Deduplication and Consolidation

As you gain visibility through the registry, patterns emerge: multiple teams building similar agents, overlapping capabilities, opportunities for consolidation.

Not all duplication is bad. Sometimes teams need slightly different implementations for valid reasons. Evaluate whether consolidation makes sense based on:

  • Similarity of requirements
  • Willingness of teams to adopt a shared solution
  • Cost savings from consolidation
  • Risk of creating a single point of failure

For common capabilities like document summarization, sentiment analysis, or entity extraction, build shared agent services that multiple applications can consume.

Resource Optimization

Agent sprawl isn’t just about quantity—it’s about efficiency.

  • Model selection — Not every agent needs a SOTA (State of the art); route simple queries to smaller, faster, cheaper even local models
  • Caching — Implement intelligent caching for common queries
  • Batch processing — For non-interactive agents, batch requests for volume discounts
  • Load balancing — Distribute workloads across multiple model providers
  • Cost monitoring — Track costs per agent, per user, per interaction; identify outliers
  • Performance tuning — Monitor response times; sometimes a fine-tuned smaller model improves both speed and cost

Measuring Success

Key Performance Indicators

Adoption:

  • Number of active agents
  • Number of users interacting with agents
  • Interactions per agent per day

Quality:

  • User satisfaction scores (thumbs up/down)
  • Task completion rates
  • Escalation rates to humans
  • Error rates

Efficiency:

  • Time saved per interaction
  • Cost per interaction
  • Response time
  • Automation rate

Governance:

  • Percentage of agents in compliance
  • Time from request to deployment
  • Security incidents involving agents

Financial:

  • Total agent program costs
  • Cost per business outcome
  • ROI by agent category

ROI and Business Value Metrics

Agents must deliver business value that exceeds their cost. A complex area is how do you measure business value from agents.

Direct value:

  • Revenue generated (sales agents)
  • Costs avoided (automation agents)
  • Customer satisfaction improvements
  • Employee productivity gains

Indirect value:

  • Faster time to market
  • Improved data quality
  • Better decision-making
  • Enhanced employee experience

Compare agent performance to the baseline. Without this comparison, you don’t know if agents are actually improving things.

Adoption Maturity Model

Organizations progress through stages:

  • Stage 1: Experimentation — Ad hoc development, no governance, high enthusiasm but limited scale
  • Stage 2: Departmental Adoption — Individual departments deploy agents; some coordination but largely siloed; shadow AI emerges
  • Stage 3: Governed Expansion — Governance framework established, CoE formed, standards defined, agent registry in place
  • Stage 4: Enterprise Integration — Agents integrated into core processes; cross-functional orchestration; mature lifecycle management
  • Stage 5: Optimization and Innovation — Continuous improvement; advanced techniques; AI becomes competitive differentiator

Most organizations today are between Stage 1 and Stage 3. The goal isn’t to rush to Stage 5, but to progress deliberately.

Implementation Roadmap

Phase 1: Assessment and Planning

Understand where you are:

  • Inventory existing agents, both official and shadow
  • Assess current governance and controls
  • Identify key stakeholders and champions
  • Evaluate technical infrastructure gaps

Design your future state:

  • Define the governance framework
  • Establish agent classification system
  • Design approval workflows
  • Create security and compliance standards
  • Plan CoE structure

Quick wins:

  • Implement basic agent registry
  • Document top 10 agents and their value
  • Establish communication channels for agent developers
  • Create initial prompt engineering guidelines

Phase 2: Governance Implementation

Launch the CoE:

  • Hire or assign team members
  • Establish operating model and service catalog
  • Create training programs
  • Launch internal communication campaign

Roll out standards:

  • Publish agent development standards
  • Deploy agent registry platform
  • Implement approval workflows
  • Establish security baselines
  • Create agent templates and accelerators

Remediate shadow AI:

  • Identify and catalog shadow agents
  • Assess risk and value of each
  • Bring high-value agents into compliance
  • Decommission low-value or high-risk agents

Phase 3: Scaling and Optimization

Enterprise rollout:

  • Extend governance framework to all business units
  • Mandate agent registration for new deployments
  • Implement charge-back model
  • Scale CoE to support increased demand

Advanced capabilities:

  • Agent orchestration platform
  • Advanced monitoring and analytics
  • Agent-to-agent communication
  • Shared agent services
  • Agent marketplace for reusable components

Continuous improvement:

  • Regular review of agent portfolio performance
  • Consolidate duplicate agents
  • Optimize costs through model selection and caching
  • Refine governance based on operational experience

Conclusion

Agent sprawl is an endemic situation that can be controlled by governance. It requires discipline through the organization on a coordinated adoption plan for agents—shifting from an artisanal way to build and deploy agents into a robust production line of industrial strength.

This transformation requires time, experience and growth within organizations across people, processes, and technology. Agent sprawl is a reality that we will start to see in the following months crop up in most enterprises.

The good news is that there are ways to manage it properly and capture the business value promised by agentic AI. I hope the ideas in this article help you in your journey.