Unchecked AI agents create security and compliance chaos in businesses
Businesses are struggling to control the rapid spread of AI agents across their operations. A new report reveals that over half of these automated systems go unmonitored, creating security and compliance risks. The issue stems from poor coordination between teams and a lack of clear strategy.
The EU AI Act’s stricter rules now demand auditable AI deployments, adding pressure on companies to tighten oversight. Yet many still deploy agents without proper governance, leaving gaps in accountability and security. The problem, known as agent sprawl, happens when different departments roll out AI agents independently. Without central coordination, these systems can access sensitive data, make unauthorised decisions, and remain unchecked for years. A 2026 study by Gravitee found that more than 50% of active AI agents operate without monitoring or security measures.
Most companies try to manage the issue with orchestration tools, access controls, or agent registries. But these fixes often address only part of the problem. The real challenge lies deeper: misalignment between IT, business, and compliance teams. Research from Cloudflights shows that 49% of firms cite poor coordination as their biggest hurdle with agentic AI.
Strategic gaps make the situation worse. Only 29% of companies have defined business cases for their AI agents, according to the same study. Without clear goals, ownership, or deactivation plans, abandoned agents linger as technical debt. Firms with strong alignment, however, scale agentic AI six times more effectively than those without. The EU’s stricter compliance rules push companies to improve AI governance. But without better coordination and strategic planning, agent sprawl will persist. Unmonitored systems risk security breaches, regulatory penalties, and wasted resources—problems that will only grow as AI adoption spreads.
