12 AI agents run in the average company in 2026: how to govern them

Summary. The average enterprise already runs a fleet of AI agents, not one. Salesforce's 2026 Connectivity Benchmark of 1,050 IT leaders found companies operate about 12 AI agents today, on track for 20 within two years, and IBM expects most large enterprises to run more than 1,600 by the end of 2026. Gartner projects the largest global enterprises will reach over 150,000 agents each by 2028, up from fewer than 15 in 2025. Governance has not kept pace. Only about 18% of organisations hold a complete inventory of the agents already running inside their walls, seven in ten executives say their current AI governance is not fit for purpose, and just 7 to 8% have integrated cross-agent governance. "Organizations need to find a balance where they can govern agents and manage sprawl, but also safely empower employees to innovate with these tools," says Max Goss, Senior Director Analyst at Gartner. This guide explains how many agents you are really running, why agent sprawl bites, and the six moves that bring a multi-agent fleet under control. It is the fleet-level companion to our deeper guide on the seven governance layers.

The governance problem has changed shape. Two years ago the question was whether to deploy an agent. Now agents arrive faster than IT can track them, from vendors, from platform updates, and from employees wiring up their own. The job is no longer governing one agent well. It is governing a growing fleet you cannot fully see.

How many agents are you actually running?

Start with the count, because most leaders underestimate it. Salesforce's 2026 benchmark puts the average at about 12 agents per enterprise, rising toward 20 within two years. That figure climbs fast at the top end: IBM's 2026 study expects most large enterprises to operate a digital workforce of more than 1,600 agents by the end of the year, and Gartner's forecast of over 150,000 agents at the largest global enterprises by 2028 shows where the curve points.

Adoption is already past the tipping point. Around 51% of enterprises have AI agents in production in 2026, with another wave scaling, and 39% have deployed more than ten. The shape of deployment is the problem: about 50% of agents run in isolated silos with no shared context and no common governance, and only 22% of production deployments coordinate three or more agents on purpose. Most fleets grew by accident, not design.

The number that matters is not the average. It is the gap between how many agents you think you run and how many you actually do.

What agent sprawl is, and why it bites

Agent sprawl is what happens when agents multiply across an organisation without enough visibility, ownership, lifecycle control, security boundaries, or cost discipline. The agents are not the danger. The lack of a map is. A sprawling, unsupervised set of agents ends up acting across sensitive systems with credentials no one audited and permissions no one scoped.

The risks are concrete: data leakage and oversharing, over-permissioned agents that inherit far more access than their task needs, redundant agents doing the same work in different corners of the business, and compliance exposure when an agent touches regulated data outside any policy. IBM's study found that AI agents trigger an average of around 54 incidents a year inside surveyed enterprises, some of them high-severity. Each ungoverned agent is also a non-human identity, and those already outnumber human identities in most companies by a wide margin, which is why an autonomous agent with standing credentials is the security exposure that worries CISOs most.

Gartner's term for the supervisory layer that contains this is the guardian agent: a blend of governance and runtime controls that monitors agent actions, enforces policy, and intervenes when behaviour drifts from intent. The point is not to slow agents down. It is to keep a fleet you cannot watch by hand from doing quiet damage.

The governance gap, in numbers

The honest picture is that deployment has outrun control. Only about 18% of organisations keep a current, complete inventory of the agents running inside their walls, and only around 23% can fully inventory and trace what those agents do. Integrated cross-agent governance, a single policy and view across the whole fleet, exists at just 7 to 8% of enterprises. Seven in ten executives say the governance they have is not fit for purpose, and the same share say teams are deploying technology faster than IT can track.

Matt Lyteson, chief information officer at IBM, framed the shift plainly: "It is no longer just about deploying AI faster. It's redesigning how organizations control, govern and invest in it and embedding control and visibility from the start, so they can scale with confidence." That is the work. The six moves below are how it gets done.

How to govern a fleet of agents: six moves

Governing one agent is a control problem. Governing twelve, or twelve hundred, is a fleet problem. Six moves turn sprawl into a managed estate.

1. Build a live agent inventory

You cannot govern what you have not counted, and only about 18% of organisations can. The first move is a single registry of every agent: its owner, purpose, the tools it can call, the data it can read, the credentials it holds, and its risk rating. Discovery has to be active, not a spreadsheet, because agents appear from platform updates and employee tinkering between audits. The inventory is the spine every later control attaches to.

2. Give every agent a scoped identity

Each agent needs its own identity, scoped to the specific systems and data its job requires, with short-lived credentials rather than standing secrets. Treating agents as first-class non-human identities, governed by least privilege, is the single biggest lever on blast radius, because a hijacked agent inherits exactly what it was allowed to touch and nothing more. This is the identity layer covered in depth in our guide to the seven governance layers.

3. Put a control plane over the fleet

A fleet needs a control plane: one place to discover, govern, and secure agents across clouds and vendors. This category arrived fast in 2026, with Microsoft Agent 365 reaching general availability as a control plane to manage agents across Microsoft, AWS, and Google Cloud, and Gartner's guardian agents describing the runtime-supervision pattern. The control plane is where policy, monitoring, and intervention live for the whole estate rather than one agent at a time.

4. Standardise how agents connect

Ungoverned agents tend to be wired together with bespoke glue that no one can audit. Open protocols fix that. Anthropic's Model Context Protocol, now stewarded by the Linux Foundation's Agentic AI Foundation with more than 18,000 community-indexed servers, standardises how an agent connects to tools and data. Google's Agent2Agent protocol, with over 150 technology partners by April 2026, standardises how agents talk to each other across vendors. A two-layer stack, MCP for tools and A2A for coordination, is becoming the default, and standard connections are far easier to monitor and govern than custom ones.

5. Classify by autonomy and size the controls

Uniform governance is a documented cause of failure, because identical controls over-restrict simple agents and under-restrict autonomous ones. Classify each agent in the inventory by what it can actually do, from read-only retrieval to agents that execute actions, and apply controls proportionate to that level. A reporting agent ships with light governance; an agent that can move money or change configuration does not ship until the heavy controls and human approvals are in place.

6. Observe, supervise, and intervene

The final move is continuous oversight: log every agent action to a tamper-resistant trail, watch for anomalies such as an agent calling a tool it never used or reading far more data than usual, and wire in circuit breakers and kill switches that stop a misbehaving agent or a cascading multi-agent failure without a code deploy. This is the guardian-agent pattern in practice, and it is also the difference between a contained incident and a headline.

Gartner's six steps and the move to guardian agents

Gartner's April 2026 guidance on managing agent sprawl points the same way: inventory and assign ownership, classify agents by risk, enforce least-privilege access, monitor behaviour continuously, retire agents that are redundant or unused, and put a supervisory layer over the rest. The supervisory layer is where guardian agents come in, automated controls that watch other agents and act when something goes wrong. The throughline across Gartner, IBM, and the protocol bodies is consistent: visibility first, then identity, then a control plane, then proportionate policy. Skip the inventory and every later step is guesswork.

What it means for India

For Indian enterprises and global companies with Indian operations, multi-agent governance lands on top of a fresh privacy regime. Agents that read customer or employee records are processing personal data, so they fall under the Digital Personal Data Protection Rules that India notified on 13 November 2025, with their consent, security-safeguard, and 72-hour breach-notification duties. An ungoverned agent that quietly copies personal data across systems is exactly the failure the rules penalise, and the penalty for weak safeguards reaches the top of the DPDP scale.

The practical sequence for Indian CTOs is the same as anywhere, with one local emphasis: start with the inventory, because most organisations cannot yet name their agents, and tie that inventory to the DPDP record of processing. An agent registry that also records what personal data each agent touches does double duty, satisfying both the security need and the regulator. Pairing a recognised framework such as NIST AI RMF or ISO/IEC 42001 with the DPDP programme gives one control set across both.

FAQ

How eCorpIT can help

eCorpIT is a CMMI Level 5 technology organisation in Gurugram whose senior engineering teams help enterprises bring a growing agent fleet under control. We build the agent inventory, scope identities and least-privilege access, stand up a control plane, standardise connections with MCP and A2A, and wire in the observability and kill switches a multi-agent estate needs, mapped to NIST AI RMF, ISO/IEC 42001, the EU AI Act, and India's DPDP Rules. You can read more about eCorpIT and its director Manu Shukla. To scope an agent governance review, contact our team.

References

1. Digital Applied: AI agent adoption 2026, enterprise data points (Salesforce 12-agent benchmark)

1. IBM: New study finds CIOs and CTOs face a growing AI control gap

1. Gartner: Six steps to manage AI agent sprawl (Max Goss, guardian agents)

1. Gartner: Applying uniform governance across AI agents will lead to failure

1. Gartner: 40% of enterprise apps will feature task-specific AI agents by 2026

1. iEnable: AI agent sprawl and the enterprise governance crisis

1. Beam AI: 1,600 AI agents per enterprise and the governance gap

1. Futurum: Microsoft Agent 365 turns shadow AI into a governed asset class

1. Zylos Research: agent interoperability protocols, MCP, A2A, ACP

1. Google Developers: announcing the Agent2Agent protocol

1. OWASP GenAI Security Project: agentic exploit round-up Q1 2026

1. CyberArk: machine identities outnumber humans by more than 80 to 1

1. EY India: DPDP Rules 2025 notified by MeitY

_Last updated: 21 June 2026._