Enterprises worldwide are running 28.6 million active AI agents, a figure Statista forecasts will exceed 2.2 billion by 2030. The multiplication is creating a governance crisis that has spawned an entirely new technology category: agent management platforms. Google Vertex AI Agent Builder, Amazon Bedrock Agents, Microsoft 365 Copilot, Decagon AI, and Sierra AI are all competing for the same position, according to a ZDNET analysis published May 4.
The category exists because agents deployed without management frameworks are enterprise shadow IT with autonomous decision-making capability.
The Shadow Agent Problem
“It works until it doesn’t, and when it stops working, you have no audit trail, no version control, and no governance to fall back on,” wrote Shelly Palmer, professor at Syracuse University and CEO of The Palmer Group.
The problem compounds with scale. Consumer tools like OpenClaw make it trivial for individual employees to automate work tasks outside IT governance. “It’s safe to assume some employees will try to automate their work tasks with those,” Brian Jackson, principal research director at Info-Tech Research Group, told ZDNET. “This leads to a problem in tracking all the agents you have deployed in the enterprise environment.”
Diptamay Sanyal, principal engineer at CrowdStrike, described the failure mode: “You end up with dozens of agents with no shared context model, no consistent governance, and no reusable patterns,” he told ZDNET. A proper management platform provides composable primitives, multi-tenant isolation, model routing across LLM providers, and observability into agent behavior.
Data Access Is the Core Risk
Every agent wants access to the same organizational data. Manu Narayan, CIO at GitLab, identified the central governance challenge: “If you don’t build your AI stack intentionally, you could end up with dozens of vendors, and all of their agents, holding the keys to the kingdom,” he told ZDNET.
The result is what Yash Vijay Patil, software engineer at Texas A&M University, described as “a fragmented ecosystem of loosely managed agents with inconsistent behavior, duplicated functionality, and unclear ownership.” Monika Malik, lead data and AI engineer at AT&T, echoed the concern: “The problem will not be too few agents, but too many unmanaged ones.”
The Platform War
The competitive dynamics mirror previous infrastructure consolidation cycles. Vendors are positioning agent management as the control plane for enterprise AI, the same strategic position that Kubernetes captured for containers and Jenkins for CI/CD pipelines.
But the consolidation is already fragmenting along existing enterprise boundaries. Jackson observed that agent implementations will likely tie to familiar systems of record within business lines: “You end up with a situation where marketing is managing agents out of what used to be the CRM platform, while IT is managing agents from an asset management and observability platform.”
That fragmentation is the opposite of what agent management platforms promise. If every business unit picks the management tool that extends its existing vendor relationship, the enterprise ends up with multiple agent management silos, replicating the sprawl problem at a higher layer of abstraction.
The Container Parallel
The comparison to early container adoption is instructive. Containers went through an identical cycle: rapid grassroots adoption, shadow deployments, governance panic, and then platform consolidation around Kubernetes. The difference is speed. Container adoption took roughly five years from Docker’s 2013 launch to Kubernetes dominance in 2018. Agent adoption is compressing that timeline. Statista’s projection from 28.6 million to 2.2 billion agents in four years suggests the governance window is closing faster than vendor platforms can mature.
The enterprises that treat agents as infrastructure rather than features, as CrowdStrike’s Sanyal advocates, will have governance before they need it. The rest will discover the cost of shadow AI the way they discovered the cost of shadow IT: during an audit, a breach, or a compliance failure.