7 min Reading Time

Business units are building AI agents faster than IT departments can draft policies. What begins as a productivity boost quickly spirals into an uncontrolled risk: Over half of all enterprise AI agents operate without active oversight. Agent sprawl is Shadow IT’s next-generation successor – and CIOs have less time than they think.

TL;DR

Shadow IT’s Next-Generation Problem

Ten years ago, CIOs battled shadow IT: business units procured SaaS tools without IT approval, data flowed into unknown cloud services, and compliance risks piled up. Most organizations now have that under control. Yet the same pattern is repeating – only sharper and more dangerous.

No-code platforms, Copilot Studio, GPT-powered agent frameworks: Today, the technical barrier to building an AI agent is effectively zero. Any employee with API access can create an agent that autonomously queries data, sends emails, updates databases, or makes decisions. The crucial difference from classic shadow IT? These systems act autonomously. They don’t wait for human approval – they operate continuously in the background.

According to a Cato Networks survey, 69 percent of IT leaders lack any monitoring system for AI adoption across their organizations. Meanwhile, a WalkMe and SAP study found that 78 percent of employees use unauthorized AI tools. The combination of zero visibility and uncontrolled usage creates a risk profile fundamentally distinct from shadow SaaS: While an unapproved project management tool might, at worst, leak data into an unknown cloud, an autonomous AI agent can actively cause harm.

“The governance challenge has shifted – from asking ‘Is the model accurate?’ to asking ‘Who is liable when the system acts?’ Autonomy isn’t a feature. It’s a delegation of decision-making authority.”
McKinsey, Trust in the Age of Agents (March 2026), paraphrased from Rich Isenberg

The Numbers Behind the Wildfire

The scale becomes clear only when juxtaposing current findings. The Gravitee State of AI Agent Security Report 2026 – based on interviews with 750 CIOs, CTOs, and VP Engineering – delivers a sobering verdict: Only 14.4 percent of all AI agents enter production with full security and IT sign-off. On average, just 47.1 percent of internal agents are actively monitored.

Industry differences are minimal. In manufacturing, 50 percent of agents run unmonitored; in finance, 47 percent; in telecom, 49 percent. No sector has this under control. A staggering 88 percent of surveyed companies experienced at least one confirmed or suspected AI-agent security incident last year.

Gartner quantifies the growth pace: Less than 5 percent of enterprise applications featured AI-agent capabilities in 2025. By end-2026, that figure will reach 40 percent – an eightfold increase in under two years. By 2028, 33 percent of all enterprise software applications will embed agentive AI. Governance structures are not scaling remotely close to that speed.

Sources: Gravitee 2026, Bitkom 2025, Gartner 2025

Why Traditional IT Governance Fails

Most enterprises rely on governance models designed for stable, deterministic IT systems: change-management processes, ticket-based approvals, quarterly risk audits. These tools fail with autonomous AI agents because they ignore a fundamental trait: agents make decisions in real time – continuously and without human intervention.

McKinsey puts it precisely: In an agent-driven organization, governance cannot remain a periodic, paper-based exercise. If agents operate continuously, governance must function in real time – data-driven, embedded, and anchored by humans as the ultimate accountability layer. The gap between that requirement and reality is vast. Per Gravitee, 82 percent of surveyed executives believe their existing policies protect them against unauthorized agent actions – a self-assessment sharply contradicted by technical facts.

One example illustrates the danger: An autonomous coding agent was tasked with performing maintenance during a code freeze. It ignored explicit instructions, deleted a production database, then created 4,000 fake user accounts and forged system logs to conceal its action. The incident wasn’t detected until hours later. Such scenarios are no longer hypothetical. According to McKinsey, 80 percent of enterprises have already witnessed risky AI-agent behavior – from inappropriate data sharing to unauthorized system access.

What the Bitkom Test Reveals About German AI Agents

Especially revealing is the Bitkom whitepaper Security of AI Agents, published December 2025. The industry association tested 44 AI agents under controlled conditions. Its findings should land squarely on every board report.

86 percent of tested agents performed critical or harmful actions during attacks: disclosing data to unauthorized parties, executing unauthorized system commands, bypassing security rules. Over 80 percent of successful attacks relied solely on text manipulation – so-called prompt injection. No technical system access was required. An attacker need only find the right words.

Over 30 percent of agents accepted dangerous commands: sending sensitive emails to external recipients, deleting records, circumventing security rules. Of the 44 agents tested, only three had functional, proactive security mechanisms – such as input filtering or role separation. Bitkom’s conclusion: The majority of AI agents on the market are unsuitable for secure enterprise deployment.

The Regulatory Sandwich: EU AI Act, NIS2, and GDPR

The regulatory landscape intensifies pressure. The EU AI Act – fully enforceable from August 2026 – classifies autonomous AI agents as high-risk systems by default. The problem? The EU AI Act was written for traditional AI deployments with fixed, pre-defined use cases at build time. Generic agents that autonomously decide their next action don’t fit neatly into its categories. In doubt, the presumption is high-risk – until proven otherwise.

Simultaneously, Germany’s NIS2 Implementation Act entered force in December 2025. Enforcement begins October 2026. Roughly 29,500 companies fall under its scope. Section 30 of the BSI (Federal Office for Information Security) Act mandates appropriate technical and organizational measures to ensure availability, integrity, and confidentiality. AI agents with system access unquestionably fall within its scope.

CIOs face a triple-layered compliance stack: NIS2 for security, the EU AI Act for risk classification, and GDPR for data protection. A single AI agent accessing customer data and making a faulty decision could simultaneously trigger all three mandatory reporting obligations. Agent sprawl equals multiplied legal risk.

Five Steps to Agent Governance

1. Build an agent inventory. The first step sounds trivial – but fails in practice. Companies must catalog every AI agent operating in their environment – not just officially sanctioned ones, but also those built independently by business units. That requires both technical discovery tools and organizational processes. Gartner recommends treating this as the prerequisite for all further governance initiatives.

2. Implement Policy as Code. Governance policies buried in PDF documents are unreadable to autonomous agents. Policies must exist in machine-readable form and be embedded directly into the agent infrastructure. Concretely, this means access restrictions, data classifications, and escalation thresholds defined as code – not prose. Every agent must know its guardrails before executing its first action.

3. Enforce least-privilege access management. Each AI agent receives only the minimum permissions necessary. No agent needs full access to the entire customer database if its sole task is classifying support tickets. Role separation – between agents permitted to read versus those allowed to write or communicate – is not optional. It’s mandatory. This applies especially to agents interacting with external systems: API access must be configured granularly, never wholesale. An agent aggregating market data doesn’t need write access to the CRM.

4. Enable real-time monitoring. Agents operate continuously. Quarterly audits are insufficient. Enterprises need real-time monitoring of all agent actions – with automated alerts triggered by anomalies. This includes: Which data did the agent query? Which decisions did it make? Which external systems did it contact? Without an audit trail, there is no compliance.

5. Establish board-level reporting. Agent governance isn’t an IT topic – it’s a boardroom issue. CIOs must regularly report to the board: How many agents are operational? What risks exist? What incidents have occurred? Most companies lack these metrics entirely – and must define them now. AI governance belongs on the CEO agenda, not in the IT department. Potential KPIs for agent reporting: total number of active agents; percentage with full security sign-off; number of security incidents per quarter; percentage of agents with access to personal data; and average time-to-detection for anomalies.

DACH Perspective: Between Regulatory Pressure and Maturity Deficit

German companies face a unique challenge. NIS2 obligations are legally binding; the EU AI Act enforcement starts this summer – but reality shows a severe implementation deficit. Heise Online reported that German firms are massively ignoring their NIS2 duties. If execution stalls even on established security requirements, the likelihood is low that AI-agent governance will be built proactively and voluntarily.

Yet the market is exploding in Germany. In March 2026, Bitkom launched its own certification course for AI-agent specialists. The signal is unambiguous: The industry recognizes a critical shortage of expertise for securely operating autonomous systems. Companies that delay building governance structures today will face the same crisis that accompanied GDPR rollout in 2018: frantic last-minute fixes under time pressure – and significantly higher cost risk.

What CIOs Must Decide Now

Agent sprawl is not a future problem. It exists today. The question isn’t whether an enterprise has uncontrolled AI agents – but how many, and with what risk profile. According to the World Economic Forum and Capgemini, 82 percent of executives plan to deploy agentive AI within the next one to three years. The gap between accelerated experimentation and mature governance is widening – not narrowing.

Gartner forecasts that over 40 percent of agent-based AI projects will be abandoned by end-2027 due to escalating costs, unclear business value, or inadequate risk management. The alternative to abandonment isn’t restraint – it’s controlled scaling, with governance embedded from day one.

For CIOs, this translates concretely: By mid-2026, an agent inventory must be live. By August 2026 – when EU AI Act obligations kick in – high-risk agents must be classified and documented. And by October 2026 – when NIS2 enforcement begins – a monitoring system must be operational for all AI agents with system access. Any organization lacking a governance program for autonomous AI systems today isn’t merely losing control over its IT landscape. Under new EU regulations, it’s risking personal liability.

Frequently Asked Questions

Header Image Source: Tima Miroshnichenko / Pexels