Agent Sprawl: When Everyone Builds Agents
- vikashsingh01
- Aug 5
- 6 min read
Updated: Aug 5
Table of Contents
Introduction: Understanding the Problem
Introduction: Understanding the Problem
If you search “AI agent survey” today, you’ll notice that most reputable sources are reporting the same thing: AI agents are already in production across a majority of orgs. Depending on the report, adoption rates range from 50% to as high as 80%.
Consider this from Salesforce, June 2025:
Almost four out of five (78%) leaders report that their companies are already using AI agents, with 72% rating their technical infrastructure’s adaptability to AI as good or very good, enabling rapid growth and scaling.
And importantly, these aren’t just generative tools like ChatGPT or Microsoft Copilot. We’re talking about autonomous agents - software that doesn’t just assist, but takes action on behalf of employees.
This marks a big shift from passive productivity tools to proactive, goal-driven digital coworkers.
And when you zoom out, how we got here actually makes a lot of sense. The tech matured fast, the tools became more accessible to the average employee, and IT is still busy trying to lock down ChatGPT from the last three AI waves.
That’s created the conditions for a new kind of mess: agent sprawl.
What is Agent Sprawl?
Simply put, agent sprawl is the uncontrolled growth of agents within an org. It’s what happens when agents begin popping up across different teams - built for different needs, using different platforms, with different logic - often without IT even knowing they exist.
The result?
🔁 Redundant agents doing the same tasks differently
💸 Wasted compute and resources from poorly optimised or overlapping agents
🧱 Disconnected platforms with no clear integration strategy
🔒 Inconsistent security and access leading to potential exposure of data
🔍 No way to audit, enforce policies, or catch risky behavior
🤷♀️ Nobody can answer: “What is this agent doing? Who made it? Is it still running?”
If you think this is partially happening because employees are careless, well you would be right because they are. But it’s not done out of malice. People want to be more productive, and they don’t particularly care about the how, as long as it gets the result.
Every team has a use case.
Sales wants a forecasting agent.
IT wants one to help automate user provisioning.
Finance wants help with approvals.
Project Managers want… something. I’m not sure, but something tells me there’s a Gantt chart somewhere.
It all adds up, and fast. Just like the SaaS sprawl of the 2010s, it starts with good intentions but ends in silos, inefficiencies, and new risks for IT and leadership to manage.
We've Already Seen This Before
Era | Approx. years | Enabling conditions | Sprawl impact |
On-Prem Software | 1980s - 1990s | N/A | Not a sprawl yet - tightly controlled by IT and expensive. Software was licensed, installed, and managed locally. |
SaaS (Software as a Service) | 2000 - 2013 | • Easy cloud access • Per-user pricing • Fast setup | • Security blind spots • A new need for expensive integrations as a result of every department having their 'own tools’ |
Workflow Automation | 2014 - 2018 | • Easy to connect to services as most SaaS tools had open APIs • Drag-and-drop user experience. | • “Where is this data coming from?” • Work happening across dozens of disconnected flows |
Low-Code / No-Code | 2018 - 2022 | • Ability to create your own tools without needing developer experience • Business users frustrated with IT bottlenecks | • App/flow proliferation • Duplicate apps solving the same problem • Hard-to-maintain spaghetti automations • Anything that grows in business value likely gets chucked over to IT when things go wrong |
Generative AI Tools | 2023 - 2024 | • ChatGPT and other free LLMs • Plug-and-play AI in every product | • Redundant AI subscriptions • Unvetted models + security risks • AI giving conflicting outputs |
Agentic AI | 2024 - 2025 (Now) | AI developing exponentially quicker, Similar conditions to the Low-Code / No-Code era | • Agents acting without oversight • “Which agent did this?” audit issues |
… |
Software sprawl, whether it's SaaS, low-code platforms, or AI agents, always carries consequences. These impacts are real, and the true cost isn’t immediately visible.
Agent sprawl is simply the next evolution of this, but now software can make decisions, take actions, and affect real-world operations without a human in the loop.
Why Does This Matter?
When agent sprawl sets in, orgs tend to lose control in four key areas:
Visibility - You can’t manage what you can’t see. Without a clear view of your agent ecosystem, it’s all guesswork.
Security - Agents may access sensitive systems with inconsistent controls, creating real compliance risks.
Efficiency - Redundant, misconfigured, or unnecessary agents drain time, budget, and compute.
Strategy - Teams chase local gains instead of aligning on a broader AI vision. The team in your org that is supposed to be leading AI strategy is stuck moderating existing agents.
If left unchecked, agent sprawl doesn’t just slow progress, it actively works against your org's AI ambitions.
Why Agent Sprawl Happens So Fast (& Quicker Than Other Sprawls)
When software shifted from tightly controlled, on-prem installs to SaaS, buying became easier, deployment got faster, and governance started slipping. Now, with the rapid rise of AI and a flood of accessible tools, the challenge has evolved again: teams aren’t just buying software, they’re building it.
That’s the shift - from installing software to creating software - and it’s accelerating across every industry.
Today, agents are being built with
Platforms such as AWS Bedrock and GCP Vertex AI
Frameworks like Langchain, Crew AI, and Autogen
But if you want to know where agent sprawl is most critical to watch right now...
Microsoft: Ground Zero for Agent Sprawl
If your org runs on Microsoft, you're already on fertile ground for agent sprawl.
Most people assume agents in M365 only come from Copilot Studio. Not true. Microsoft offers multiple ways to create agents - from Agent Builder and SharePoint to SDK and Azure.
These products and services have their own:
Barrier to entry: From no-code tools anyone can use to pro-code environments for engineers
Control levers: Unique settings or policies that define what builders can and can’t do
Governance model: Different roles, permissions, and oversight mechanisms
That’s what makes agent sprawl in M365 so tricky: you are not managing one entry point, but a possible funnel of agent sprawl.
Tools like Agent Builder and SharePoint are so accessible that they often become the quiet starting point for sprawl. The easier it is to create agents (thanks to broad access, low skill requirements, or familiar interfaces) the faster they tend to proliferate. In contrast, fewer agents emerge in areas that demand developer expertise or involve niche platforms, such as Azure and Fabric.
To get ahead of it, start governing the most accessible entry points (top of the funnel), as these tend to contain the highest agent volume and the fewest guardrails. That’s where smart governance begins.
Is There a Solution?
The solution to agent sprawl is to implement strategic agent governance. Like all good governance, it starts with one foundational step: visibility. You need a clear, 10,000-foot view of your entire agent landscape - what exists, where it lives, and what it’s doing. (More on this in Part 2.)
Naturally, the common question becomes:
“How many agents should we allow? How many agents is too many?”
But that’s the wrong question. The better question is:
“What should each agent be allowed to do?”
By shifting the focus from quantity to control, you’re no longer trying to boil the ocean, you’re just moving the temperature of a lake by a single degree. Still a challenge, yes, but it’s focused and achievable.
Then it no longer matters whether you have 10, 100, or 1000 agents - as long as you’re confident that:
Sensitive data can’t be accessed without the right privileges
High-risk actions and connectors are blocked or tightly governed
Every agent operates within clearly defined limits
Strong agent governance - from ecosystem visibility to policy enforcement - is how leading orgs avoid repeating the mistakes of the SaaS era.
Conclusion
As agent creation accelerates, managing them becomes harder. The smartest move? Put the right structure in place now, before agent sprawl takes hold and scales beyond what you can govern.
Having too few agents may indicate that existing policies are overly restrictive (or simply that people aren’t yet aware of the possibilities agents offer). On the other hand, too many agents can be a clear sign that agent sprawl is taking hold. Good agent governance doesn’t imply either extreme; instead, it reflects intentional growth, guided by strategy, visibility, and control.
In Part 2 of this series, we’ll dive into practical, Microsoft-specific steps to take control of agent sprawl within your org.
Finally, below is a signposting of some resources that may be of interest.
If you're looking for...
Goal | Where to go |
Step-by-step actions to gain control. | Part 2 (Coming soon). |
How to quickly discover agents in your org. | Microsoft Entra Blog - Agent ID (Preview) breakdown on how to discover and list all your agent identities in Microsoft Entra Admin Center. |
Example of an org doing AI governance right. | AstraZeneca AI Governance Case Study (Springer) - Formal AI audit, governance playbook, and internal resolution board. |
Example of an org impacted by a lack of AI governance. | Robodebt - AI automation without oversight caused wrongful welfare debts and public crisis. |
Comments