The Question

Every enterprise IT security team knows what shadow IT looks like: an employee signs up for a SaaS application, connects it to corporate data, and IT discovers the exposure six months later during an audit. The governance problem was hard enough when the risk was unauthorized data access through an unsanctioned application.

Low-code agent platforms have changed the risk profile entirely. Microsoft Copilot Studio, Salesforce Agentforce, OpenAI's Assistants API, and a growing list of no-code agent builders allow non-technical employees to build and deploy AI agents without writing a single line of code. A marketing manager can build an agent that queries the CRM in an afternoon. A finance analyst can build an agent that reads from the ERP before lunch. An IT coordinator can build an agent that opens and closes helpdesk tickets without ever engaging the security team.

None of these agents are being registered. None are going through security review. None have documented permission scopes. The people who built them may leave the company next quarter, taking institutional knowledge of what those agents can access with them.

Agent sprawl is not an edge case — it is the default outcome when low-code agent platforms are deployed without a governance program, and the organizations that discover their agents months after deployment are the ones paying the highest remediation cost.


Why This Matters Now

The acceleration of low-code agent deployment became measurable in 2025. Microsoft reported in its October 2025 Work Trend Index that more than 400 million Copilot Studio agent flows had been created across commercial tenants — the majority by business users, not IT teams. Salesforce reported that Agentforce deployment grew faster than any previous Salesforce product in its first year, with a significant share of deployments driven by sales and service line-of-business teams operating outside traditional IT procurement cycles.

This mirrors exactly what happened with SaaS adoption between 2010 and 2015, with one critical difference in timeline compression: the enterprise SaaS sprawl problem took five years to become acute. The agent sprawl problem is arriving in eighteen months because the deployment friction is dramatically lower. Building a Copilot Studio agent requires no coding, no infrastructure provisioning, and no IT ticket. The time from "I had an idea" to "this agent is running against our CRM" is measured in hours.

The governance frameworks have not kept pace. Gartner's 2025 AI Governance survey found that fewer than 22% of enterprises with active AI agent deployments had a formal agent registry — a simple list of what agents exist, who owns them, and what they can access. The remaining 78% were operating on the assumption that their existing software asset management processes would catch agent deployments. They do not — SAM tools index installed software, not agents built inside SaaS platforms by line-of-business users.

The regulatory dimension is also sharpening. The EU AI Act's provisions on high-risk AI system registration came into force in August 2025. Enterprise agents with access to HR data, financial data, or customer personal data may qualify as high-risk under the Act's criteria — creating a compliance liability for unregistered agent deployments that security teams are only beginning to assess.


What the CURVE™ Data Shows

The 2026 Stackcurve AI Enterprise Agent Platform CURVE™ Report assessed eighteen vendors across agent governance, observability, and lifecycle management capabilities. The governance layer — specifically agent discovery, registry, and access control — showed the sharpest differentiation between vendors.

Purpose-built governance platforms — Zenity and Valence Security — scored highest on cross-platform agent discovery, risk assessment, and policy enforcement across heterogeneous agent environments (Microsoft, Salesforce, ServiceNow, and open-source agent frameworks). Their advantage is platform-agnostic visibility; they are not native to any one agent platform and therefore can aggregate the full agent population across a mixed enterprise environment.

Platform-native governance consoles — Microsoft Copilot Studio's admin center, Salesforce Agentforce's governance dashboard, and ServiceNow's Agent Lifecycle Management — scored well for single-platform governance but showed significant gaps in cross-platform visibility. Enterprises running agents on more than one platform (which is most enterprises with serious deployments) cannot rely on platform-native tools alone.

Emerging CIEM/CNAPP extensions — Wiz, Palo Alto Prisma Cloud, and CrowdStrike Falcon — are extending their cloud entitlement and workload security capabilities to cover agent identities and permissions, with varying degrees of completeness as of Q1 2026.

The full vendor rankings are in the 2026 Stackcurve AI Enterprise Agent Platform CURVE™ Report — free to download.


The Gap Most Buyers Miss

Most enterprise buyer conversations about agent governance focus on the agent itself — what the agent does, what model it uses, what guardrails are configured. The gap that creates the actual sprawl risk is not in the agent; it is in the infrastructure around the agent.

No agent registry means no baseline

You cannot govern what you cannot see. The first step in an agent governance program is a complete inventory: what agents are running, who built them, what platforms they run on, what tools and APIs they can access, and what credentials they use. Most enterprises that begin this inventory exercise discover they have significantly more agents running than they were aware of. One Fortune 500 financial services firm that Stackcurve spoke with discovered 340 Copilot Studio agents in production during their first governance audit — against an IT-sanctioned list of 40. The 300 undocumented agents had been built by business users over an eighteen-month period.

Credential management is the acute risk

Agent sprawl becomes an active security risk at the credential layer. Enterprise agents authenticate to tools and data sources using service accounts, API keys, or personal credentials. When agents are built informally by business users, credential hygiene degrades rapidly: shared API keys are embedded in agent configurations, personal credentials are used because the builder does not know how to provision a service account, and OAuth tokens are granted and never reviewed. When the employee who built the agent leaves the company, the agent continues running under their credentials — or under shared credentials that are not rotated because nobody knows which agents depend on them.

Ownership gaps create accountability voids

Shadow IT apps have owners — someone is paying for them, and that creates accountability. Agents built on platform-inclusive tools (Copilot Studio is included in Microsoft 365 E3/E5, Agentforce is included in Salesforce enterprise tiers) have no separate purchase record. When the person who built the agent leaves, ownership becomes undefined. The agent continues running, continues accessing data, and continues taking actions — with no accountable owner and no one reviewing its behavior.

Approval workflows are the prevention mechanism

The governance programs that are working in 2026 share a common structural element: a lightweight approval workflow that requires agents to be registered before they can access production data or systems. The workflow does not need to be onerous — a two-question form (what does this agent do; what data and tools does it access) submitted to IT security for review is sufficient to create visibility and accountability. The barrier is not the rigor of the review; it is the existence of a review requirement that is consistently enforced.


Questions Your Buying Team Should Be Asking

1. What agent platforms are currently deployed in our environment, and do we have a cross-platform registry that covers all of them?

Most enterprises are running agents on at least two platforms — typically one Microsoft-native (Copilot Studio) and one third-party (OpenAI, Salesforce, or ServiceNow). A governance program that only covers one platform has structural blind spots. Your first question to any governance vendor should be which agent platforms their discovery covers natively, and which require manual integration.

2. How does your platform discover agents that business users have built on low-code platforms without IT involvement?

Discovery of IT-sanctioned agents is straightforward. Discovery of business-user-built agents on low-code platforms requires integration at the platform API level — not just a manual registry. Ask governance vendors specifically how they surface Copilot Studio agents, Agentforce agents, and OpenAI Assistants that were built outside IT's awareness.

3. What credential types do agents in our environment use, and how are those credentials rotated and audited?

This question surfaces the credential hygiene gap faster than any audit. If your team cannot answer it, you do not have a governance program — you have a list of agents someone thought was complete. The answer should include which agents use service accounts vs. API keys vs. personal credentials, and what the rotation schedule is for each.

4. What happens to agents when their owner leaves the organization?

Offboarding procedures for human employees are well-established. Offboarding procedures for the agents those employees built are not. Ask whether your HR offboarding workflow triggers an agent ownership review, and what happens to agents whose owner cannot be identified.

5. How do we enforce a pre-production approval requirement for new agent deployments without creating so much friction that users build around it?

The governance program that requires a six-week security review before any agent deployment will drive users to build agents in personal accounts or use personal API keys. The governance program that requires a five-minute registration form and a 48-hour turnaround will get used. Ask vendors and internal stakeholders what the approval workflow looks like in practice — not in policy.


The Stackcurve Take

Agent sprawl is not a future risk. It is the current state of most enterprise environments that have deployed low-code agent platforms at scale. The organizations that manage it well in 2026 will not be the ones with the most sophisticated governance technology — they will be the ones that established a simple, consistently enforced registry and approval workflow before the sprawl became structurally difficult to unwind.

The governance program does not need to be complex. It needs to be complete: every agent registered, every credential documented, every owner accountable, every approval workflow enforced. Purpose-built platforms like Zenity provide the cross-platform discovery layer that makes this achievable at enterprise scale. Platform-native consoles provide depth for single-platform governance. Neither replaces the organizational decision to require registration before production access.

The enterprises that will pay the highest remediation cost are the ones running agent governance programs that cover only the agents IT knows about — which, in most enterprise environments today, is a fraction of the agents actually running.

The 2026 Stackcurve AI Enterprise Agent Platform CURVE™ Report covers agent governance, observability, and lifecycle management platforms in full. Download it free →


← Back to Research Library

Stackcurve Advisory Briefs are independent research. No vendor pays for placement, tier assignment, or editorial influence. The CURVE™ methodology is disclosed in full at stackcurve.net/research/methodology.