--- title: "The hidden cost of AI agent sprawl: what your CFO needs to know" date: 2026-03-30 updated: 2026-04-16 author: david excerpt: "Gartner predicts 40% of agentic AI projects will fail by 2027. Not because the technology doesn't work, but because the economics don't. Here's where the money goes and how to stop the bleeding." category: governance tags: [governance, agent-sprawl, finops, compliance, enterprise, cost-optimization, cfo] draft: false tldr: "Agent sprawl is the new shadow IT, except agents don't sit idle when nobody's using them. The hidden costs span five dimensions: unoptimized token spend (up to 12x waste), infrastructure bloat ($330B in annual cloud waste), silent error cascading, governance overhead from ad hoc supervision and regulatory exposure (EU AI Act fines up to 7% of global turnover). Organizations with 50-500 agents face $500K-$5M in hidden annual costs. The fix: a centralized agent registry with LLM request monitoring, [risk classification](/research/blog/ai-agent-risk-classification) and compliance certification." seo: title: "The hidden cost of AI agent sprawl: what your CFO needs to know | Roval" description: "Agent sprawl costs enterprises $500K-$5M annually in hidden costs across token waste, infrastructure bloat, error remediation, governance overhead and compliance exposure. A framework for quantifying and eliminating these costs." faqs: - question: "What is AI agent sprawl?" answer: "AI agent sprawl is the uncontrolled proliferation of AI agents across the enterprise, analogous to shadow IT but with higher risk because agents act autonomously. They access data, call APIs and make decisions without human oversight. Gravitee estimates 1.5 million corporate agents currently run without monitoring." - question: "How much does agent sprawl actually cost?" answer: "The cost varies by organization size and industry. Token and API costs alone can reach hundreds of thousands per month for ungoverned agent estates. IBM's 2025 data shows shadow AI breaches cost $670,000 more than standard incidents. Total hidden costs range from $500K to $5M annually for enterprises with 50-500 agents." - question: "What's the difference between agent sprawl and shadow IT?" answer: "Shadow IT involves employees using unauthorized SaaS tools. Agent sprawl involves deploying autonomous AI systems that access data, call APIs, execute code and make decisions without oversight. A rogue SaaS subscription leaks data; a rogue agent acts on it." - question: "How do I calculate the ROI of agent governance?" answer: "The ROI has four components: cost optimization (20-40% token spend reduction from visibility alone), compliance acceleration (weeks of audit prep reduced to minutes), incident prevention (avoided breach costs averaging $4.63M for shadow AI) and deployment acceleration (governed organizations deploy 12x more AI projects to production)." - question: "What should the CFO care about?" answer: "Three things: unattributed costs (LLM spend that can't be traced to agents or business value), compliance exposure (EU AI Act fines up to 7% of global turnover) and accelerated deployment (governance enables confident scaling, not slower adoption)." - question: "Won't governance slow down AI adoption?" answer: "The data says the opposite. Companies with governance frameworks push 12x more projects to production. Governance provides a defined path (register, classify, certify, deploy, monitor) instead of ad hoc risk debates for every deployment." - question: "What does Gartner say about agent sprawl?" answer: "Gartner predicts over 40% of agentic AI projects will fail by 2027 due to rising costs, unclear value and governance challenges. Separately, 40% of enterprise applications will feature AI agents by end of 2026. The governance gap between adoption and oversight determines who captures value. The emerging discipline of AgentOps (distinct from MLOps) addresses this gap." - question: "Where does Roval fit?" answer: "Roval is the enterprise system of record for AI agents. We provide the agent registry, risk classification, compliance certification, LLM request monitoring, drift detection and lifecycle management that eliminates the hidden costs of agent sprawl. The LLM proxy captures every request with under 1ms overhead. Compliance certifications auto-expire by risk tier." --- ## The bill nobody budgeted for Here's a number that should concern every enterprise leader: [Gartner predicts that more than 40% of agentic AI projects will be canceled by 2027](https://www.rcrwireless.com/20250627/business/agentic-ai-gartner). The primary reasons are rising costs, unclear business value and inadequate risk controls. This isn't a prediction about AI failing. It's a prediction about AI succeeding in ways nobody planned for. Agents get deployed. They multiply. They start calling APIs, consuming tokens and accessing data at a pace that outstrips every budget projection and governance process the organization has. Because nobody is tracking what agents exist, what they cost or what they're doing, the costs compound invisibly until someone finally notices the invoice. [S&P Global reports that 42% of companies already scrapped most of their AI initiatives in 2025](https://ai-prediction.malacka.cz/forecast/agent-failures). Not because the technology didn't work. Because the economics didn't. The agents delivered outputs, but the cost of operating them exceeded the value they created. Nobody had the visibility to know until it was too late. This is agent sprawl. And it's the new shadow IT, except faster, harder to detect and significantly more expensive. :::fact{title="The agent sprawl crisis in numbers"} More than 3 million AI agents operate within corporations, but only 47.1% are actively monitored. 29% of employees have used unsanctioned AI agents at work. Only 6% of enterprises have advanced AI security strategies. 42% of companies scrapped most AI initiatives in 2025 due to economics, not technology failure. Gartner predicts over 40% of agentic AI projects will be canceled by 2027. ::: ----- ## Defining agent sprawl: shadow IT with execution authority Shadow IT was the governance crisis of the 2010s. Employees adopted SaaS tools without IT approval, creating fragmented data, security gaps and compliance headaches. But shadow IT had a natural ceiling: a rogue SaaS subscription costs $20/seat/month. It doesn't execute transactions, modify databases or send communications to customers. AI agent sprawl has no such ceiling. An unsanctioned agent can: - Call an LLM API thousands of times per day - Access customer data across multiple systems - Trigger downstream workflows that touch production - Accumulate costs that dwarf any SaaS subscription Unlike a SaaS tool that sits idle when nobody uses it, agents run autonomously. They don't stop working when the person who deployed them goes home for the evening.
Gartner press release predicting over 40% of agentic AI projects will be canceled by end of 2027 due to escalating costs, unclear business value and inadequate risk controls
Gartner predicts over 40% of agentic AI projects will be canceled by 2027: costs, unclear value and governance gaps are the primary drivers. Gartner
The scale is staggering. According to [Gravitee's State of AI Agent Security 2026 report](https://www.gravitee.io/blog/state-of-ai-agent-security-2026-report-when-adoption-outpaces-control), more than 3 million AI agents operate within corporations, but only 47.1% are actively monitored or secured. That leaves an estimated 1.5 million agents running without oversight. [Microsoft's Cyber Pulse report](https://www.microsoft.com/en-us/security/blog/2026/02/10/80-of-fortune-500-use-active-ai-agents-observability-governance-and-security-shape-the-new-frontier/) confirmed that 29% of employees have used unsanctioned AI agents at work. Only 6% of enterprises have what Microsoft classifies as "advanced" AI security strategies. [Salesforce's 2026 Connectivity Benchmark Report](https://www.salesforce.com/news/stories/connectivity-report-announcement-2026/), based on a survey of 1,050 enterprise IT leaders, found that organizations currently use an average of 12 agents, with the number projected to climb 67% within two years. But here's the governance gap: 50% of those agents operate in isolated silos, disconnected from any centralized management or orchestration system. As one [CIO article on agent sprawl](https://www.cio.com/article/4132287/taming-agent-sprawl-3-pillars-of-ai-orchestration.html) put it: uncoordinated agents don't create an automated workforce. They create a digital riot.
Reality Check: Why 40% of AI Agent Projects Will Fail by 2027. Gartner Report Analysis
Agent sprawl happens the same way shadow IT did. A developer builds a proof-of-concept agent on a Friday afternoon. It works. A colleague asks for one too. Within a month, a team has five agents running against production APIs. Nobody told IT. Nobody told finance. Nobody told compliance. And nobody turned them off after the pilot ended. ----- ## The five hidden costs of agent sprawl The costs of agent sprawl are "hidden" in a specific sense: they're real, they're growing and they're distributed across budget lines where they're invisible to anyone without a centralized view. Here are the five cost dimensions that enterprise finance leaders need to understand. ### 1. Token and API spend: the meter that never stops running LLM APIs charge per token. Every prompt sent, every response received. For a single agent handling a well-defined task, the costs are manageable. For an estate of dozens or hundreds of agents, many deployed as experiments and never decommissioned, the costs compound silently. The economics are more treacherous than they appear. [Research from Chanl.ai](https://www.chanl.ai/blog/token-cost-optimization-production-ai-agents) found that an unoptimized AI agent handling 500 conversations per day with tool access can cost $13,247 per month in API fees alone. The same workload, with proper routing, caching and prompt optimization, runs for $1,100 per month. That's a 12x cost differential. Multiply it by an agent estate where nobody is optimizing because nobody knows which agents exist. [RWS research](https://www.rws.com/blog/scaling-enterprise-ai/) documented a case where token consumption varied by up to 450% between model providers for the same workload. A single incorrect model selection can inflate costs by 3-10x. When agents are deployed by individual teams without centralized model governance, every team makes this decision independently. The most expensive choice often wins by default. The agent that costs $40,000 per month is rarely the one doing the most valuable work. It's usually one of these: - A testing agent that was never shut down - A monitoring agent retrying failed calls in an infinite loop - A demo agent a sales engineer deployed to a customer environment and forgot about Without an [agent registry](/platform/agent-registry) that tracks which agents are running, what models they use and how many tokens they consume, these costs are invisible until the quarterly cloud bill arrives. :::fact{title="Token economics: the 12x cost gap"} An unoptimized agent handling 500 daily conversations costs $13,247/month. The same workload optimized: $1,100/month. Token consumption varies up to 450% between model providers for identical workloads. A single incorrect model selection inflates costs 3-10x. Without centralized model governance, every team makes this decision independently. ::: ### 2. Infrastructure and compute: the AI tax on your cloud bill Token costs are only the visible tip. Beneath them sits the infrastructure layer: the compute, storage and networking resources that support agent operations. [Public cloud spending hit $1.03 trillion in 2026](https://byteiota.com/finops-2026-330b-cloud-waste-despite-1t-spending/), yet enterprises waste an estimated 32% of it: roughly $330 billion annually on underutilized resources. The State of FinOps 2026 Report reveals that 98% of companies now actively manage AI costs, up from 31% two years ago, but only 34% have mature capabilities to do so effectively. AI workloads are a primary driver of this waste. The pattern is consistent: - Teams overprovision GPU instances for inference because they fear latency spikes - ETL pipelines run hourly when daily would suffice - Vector databases maintain embeddings for agents that were decommissioned months ago - Logging and monitoring infrastructure, designed to capture agent activity, sometimes costs more than the agents themselves
State of FinOps 2026 Report, 6th annual survey with 1,192 respondents representing $83 billion+ in annual cloud spend
The State of FinOps 2026 Report: 98% of companies now actively manage AI costs, up from 31% two years ago (only 34% have mature capabilities). FinOps Foundation
The FinOps discipline that enterprises developed for traditional cloud spend doesn't translate directly to AI workloads. Agent costs are bursty, unpredictable and tied to usage patterns that change as the underlying models update. Without agent-level cost attribution (knowing which agent consumed which resources, when and at whose request) finance teams are flying blind. ### 3. Error, retry and remediation: when agents fail silently Agents fail. They hallucinate. They misinterpret instructions. They call APIs with malformed requests and retry automatically, sometimes hundreds of times. When a human makes an error, the error is visible immediately and correctable. When an agent makes an error, it can propagate through systems for days before anyone notices. Agents don't raise their hands and say "I'm confused." The cost of agent errors has three layers: - **Direct cost** of the incorrect action: a wrong data entry, a miscalculated figure, a misdirected communication - **Detection cost**: the human time spent discovering that something went wrong, often through downstream symptoms rather than direct observation - **Remediation cost**: correcting the error, tracing its impact through dependent systems and verifying that the correction is complete In [financial services](/industries/financial-services), these costs are particularly severe. A settlement agent that processes exceptions incorrectly might not produce a visible error. It produces a plausible but wrong resolution that passes automated checks and is only caught during a manual reconciliation cycle days later. The cost of unwinding incorrect settlements, notifying counterparties and documenting the incident for regulators far exceeds the cost of the agent itself. [Multi-agent systems](/research/blog/multi-agent-governance) amplify this risk. When one agent's output is another agent's input, errors cascade. [Microsoft Research found that the average enterprise agent completes 7.3 decision points per invocation](https://thinking.inc/en/blue-ocean/agentic/enterprise-agent-governance/), of which 2.1 would traditionally require human approval. In a multi-agent workflow, a single bad decision at step 3 can produce plausible-looking but incorrect outputs at step 14. The human who reviews the final output has no visibility into the decision chain that produced it.
Salesforce 2026 Connectivity Benchmark Report showing multi-agent adoption surging 67% by 2027, with unified architecture as key to success
Salesforce reports enterprises average 12 agents today, projected to climb 67% within two years. 50% operate in isolated silos. Salesforce
### 4. Human escalation and supervision overhead: the governance tax One of the largest costs of ungoverned agent sprawl is human time. Without centralized governance, every team that deploys agents must independently solve the same problems: how to monitor them, how to handle failures, how to prove compliance, how to manage access and how to respond to incidents. [Forrester's 2026 survey of 500 enterprises deploying AI agents](https://thinking.inc/en/blue-ocean/agentic/enterprise-agent-governance/) found that 71% lack a formal governance framework for autonomous agents. Without a framework, governance happens ad hoc. Which means it happens expensively. Every team reinvents the wheel: - Engineers build bespoke monitoring dashboards for their team's agents - Compliance officers spend days manually assembling audit evidence from scattered sources - Security teams investigate incidents without a centralized log of agent activity The cost multiplies with every new team that adopts agents.
The State of FinOps, AI, Shifting Up, Left and Out Across Technologies. FinOps Summit 2026
The human supervision overhead is especially punishing in regulated industries. Financial institutions, [healthcare](/industries/healthcare) organizations and government agencies must demonstrate oversight over automated decision-making. Without a centralized agent registry, compliance certification and audit trail, the cost of producing compliance evidence for a single audit can consume weeks of staff time. The evidence is still incomplete because nobody has a full inventory. ### 5. Compliance exposure and regulatory risk: the penalty you haven't received yet This is the cost dimension that doesn't show up in any budget line until it arrives all at once. The [EU AI Act Article 99](https://artificialintelligenceact.eu/article/99/) establishes penalties of up to EUR 35 million or 7% of global annual turnover for the most severe violations. Even for less serious infractions, fines reach EUR 15 million or 3% of turnover. The Act requires risk classification, technical documentation, automatic event logging, human oversight mechanisms and accuracy testing for high-risk AI systems. These requirements are impossible to meet without a centralized inventory of which agents exist, what risk they carry and how they're monitored. [Gartner predicts that fragmented AI regulation will cover half the world's economies by 2027](https://www.ibm.com/think/insights/gartner-2026-tech-predictions-implications), driving $5 billion in compliance costs. Separately, Gartner forecasts that over 1,000 legal claims for AI-related harm will be filed by end of 2026 due to insufficient guardrails. The compliance cost of agent sprawl isn't just the potential fine. It's the cost of remediation after the regulator asks a question you can't answer: - "How many AI agents are operating in your organization?" - "Which agents process customer personal data?" - "Can you produce a decision audit trail for this agent's actions on this date?" If your agent estate is ungoverned, the honest answer to each is "we don't know." The cost of getting to "we know" under regulatory pressure is orders of magnitude higher than the cost of building the system proactively.
IBM Cost of a Data Breach Report 2025 landing page showing the report and webinar access
IBM's 2025 Cost of a Data Breach Report found shadow AI breaches cost $670,000 more than standard incidents. IBM
[IBM's 2025 Cost of a Data Breach Report](https://www.ibm.com/reports/data-breach) quantified this directly: breaches involving shadow AI cost organizations $4.63 million on average, $670,000 more than standard incidents. Organizations that had deployed AI governance technology reduced breach costs by $191,893 on average. The data is unambiguous: governance pays for itself in risk reduction alone, before accounting for any operational efficiency gains. ----- ## The compound effect: how these costs multiply The five cost dimensions don't operate independently. They compound. An ungoverned agent (cost dimension 1: token waste) makes an error that goes undetected for a week (cost dimension 3: remediation) because there's no centralized monitoring (cost dimension 4: supervision overhead). The error involves customer data, triggering a compliance investigation (cost dimension 5: regulatory exposure) that requires spinning up infrastructure to reconstruct the agent's activity from scattered logs (cost dimension 2: infrastructure costs). :::fact{title="The regulatory price tag"} EU AI Act penalties reach EUR 35 million or 7% of global turnover. Fragmented AI regulation will cover half the world's economies by 2027, driving $5 billion in compliance costs. Over 1,000 legal claims for AI-related harm expected by end of 2026. Shadow AI breaches cost $4.63 million on average, $670,000 more than standard incidents. ::: A single incident like this can cost $500,000 or more in a regulated industry. It starts with a $200/month agent that nobody was tracking. The compound effect also operates at the portfolio level. When 30% of your agent estate is unoptimized, 20% is orphaned and 10% has never been certified against any compliance framework, the aggregate cost is not the sum of individual agent costs. It's the sum plus the organizational overhead of managing the chaos: the incident response, the fire drills, the manual audits, the executive time spent explaining to the board why agent costs tripled and nobody saw it coming. ## The ROI of agent governance: turning cost into investment The CFO's question isn't "should we govern agents?" It's "what's the return?" The return comes from four sources. **Cost visibility and optimization.** An agent registry with [LLM request monitoring](/solutions/llm-monitoring) gives finance teams something they've never had: agent-level cost attribution. Which agents are consuming the most tokens? Which are using expensive models for tasks that could run on cheaper ones? Which are retrying failed calls in loops? Which haven't produced any useful output in 30 days? Visibility alone, without changing a single agent, typically identifies 20-40% cost reduction opportunities in the first month. At Roval, the LLM request monitor captures every prompt sent to every LLM API through a transparent proxy with under 1ms of overhead. Filter by agent, user, team, model or date. See token consumption per agent per day. Find the agent that's burning $40,000/month in API calls. The proxy pays for itself the first time it identifies a runaway agent. **Compliance acceleration.** The cost of producing compliance evidence drops dramatically when agent inventory, risk classification, certification status and audit trails live in a single system. What takes weeks of manual assembly across Google Drive, Confluence and email threads takes minutes when the system generates it automatically. Roval's [compliance certification](/platform/compliance) workflow tracks evidence per requirement, auto-expires certifications by risk tier (90 days for Critical, 180 for High, 365 for Low) and exports the complete audit log as CSV or JSON for your auditor. **Incident prevention and containment.** [Organizations with evidence-quality audit trails are 20-32 points ahead on every AI maturity metric](https://www.mintmcp.com/blog/ai-agent-security) compared to those without. Governance doesn't just reduce the cost of incidents that happen. It prevents them. - Production gates block uncertified high-risk agents from going live - Drift detection catches configuration changes within 15 minutes - Circuit breakers auto-stop agents exceeding violation thresholds Each prevented incident is a cost that never appears in any report. That's the point. **Accelerated deployment with confidence.** This is the counterintuitive finding: governance doesn't slow agent deployment. It accelerates it. Companies with AI governance frameworks [push 12x more projects to production](https://www.knostic.ai/blog/ai-governance-statistics) than those without. The reason is straightforward. Without governance, every new agent deployment triggers a fresh debate about risk, compliance and oversight. With governance, there's a defined path: register the agent, classify the risk, certify against the applicable framework, deploy, monitor. The path from idea to production is faster because it's defined, not because there are fewer checks. :::cta{title="See what your agents are costing you" description="Roval's LLM request monitor captures every API call with token counts, model and cost. Under 1ms overhead. Find the runaway agents in your estate." cta="Book a demo" href="/demo"} ::: ## A framework for quantifying your agent sprawl costs Every enterprise's agent estate is different, but the cost calculation follows a consistent structure. Here's a framework for estimating the hidden costs in your organization. **Step 1: Estimate your total agent count.** Take the number of agents your IT team knows about. Multiply by 1.5 to 2.5x to account for unsanctioned deployments. (If 29% of employees use unsanctioned AI agents and only 14.4% of organizations have full IT approval for their entire agent fleet, the multiplier is conservative.) **Step 2: Calculate your unoptimized token spend.** For each agent category, estimate the monthly token consumption and the cost per token at your current model provider. Assume that 30-50% of agents run suboptimal configurations (wrong model tier, no prompt caching, no batching). Apply a 3-5x cost reduction potential for optimized configurations, based on the benchmarks cited above. **Step 3: Estimate your orphaned agent cost.** Of your total agent count, how many have been running for more than 90 days with no configuration change, no owner review and no evidence of business value delivery? Multiply the count by the average monthly cost per agent. This is your "zombie agent" tax. **Step 4: Calculate your governance overhead.** How many FTEs across engineering, security, compliance and operations spend time on agent-related governance activities (monitoring, auditing, incident response, compliance evidence assembly) without a centralized platform? Multiply by loaded cost per FTE. This is the "governance tax" you're paying in human capital. **Step 5: Estimate your compliance exposure.** Identify every agent that processes personal data, makes decisions about individuals or operates in a regulated domain. For each, assess whether you can currently produce the documentation, audit trail and risk classification required by the EU AI Act, GDPR or your sector-specific regulator. For each gap, estimate the cost of remediation under pressure (2-5x the cost of proactive implementation) and the probability-weighted cost of a regulatory fine. **Sum these five dimensions.** The total is your hidden cost of agent sprawl. In our experience working with enterprise teams, the number ranges from $500,000 to $5 million annually for organizations with 50-500 agents. It grows superlinearly as the agent estate expands, because the governance overhead and compliance exposure increase faster than the agent count. :::cta{title="Calculate your agent sprawl cost" description="Map the five cost dimensions to your agent estate. See where the money goes and where governance pays for itself." cta="Request early access" href="/contact"} ::: ----- ## The three-phase plan to stop the bleeding ### Phase 1: Get visibility (week 1-2) You can't reduce costs you can't see. The first priority is a complete agent inventory. Deploy an agent registry. Register every known agent, manually if necessary, via automated discovery if your tooling supports it. For each agent, capture: - Owner and team - Framework and model provider - Data access and decision authority - Deployment environment - Estimated monthly cost Deploy LLM request monitoring. A transparent proxy between your agents and LLM APIs captures every request with token counts, model, user and cost. Roval's Go-based proxy adds under 1ms of overhead and requires one environment variable to install. Within 48 hours, you'll see exactly where your token budget is going. **Deliverable:** Complete agent inventory with cost attribution. ### Phase 2: Classify and prioritize (week 3-4) Not all agents carry the same cost or risk. Classify every agent across data sensitivity, decision authority and blast radius. Assign risk tiers. Focus governance effort on the agents that matter most: high-cost agents (top 20% of token spend), high-risk agents (accessing sensitive data or executing autonomous actions) and orphaned agents (no active owner, no recent configuration change). Identify quick wins: - **Decommission immediately:** zombie agents from completed pilots - **Downgrade model tier:** agents using GPT-4-class models for tasks that run fine on smaller models - **Optimize configuration:** add prompt caching or batching where neither exists **Deliverable:** Risk-classified agent estate with prioritized optimization list. ### Phase 3: Govern and optimize continuously (ongoing) Establish the governance cadence. Certify high-risk agents against applicable compliance frameworks. Set certification expiry dates by risk tier. Deploy drift detection that runs every 15 minutes and flags expired certifications, configuration changes and orphaned agents. Build agent cost into your FinOps practice. Review agent-level cost attribution monthly. Set per-agent and per-team cost budgets. Alert when agents exceed thresholds. Decommission agents that haven't delivered measurable value in 90 days. Report to leadership quarterly. The "State of the Agent Estate" report should include: - Total agent count (sanctioned and discovered) - Compliance posture (certified vs. uncertified) - Cost by agent, team and use case - Incidents prevented by governance controls - Cost savings from optimization **Deliverable:** Continuous governance program with quarterly reporting. ----- ## The bottom line Agent sprawl isn't a technology problem. It's a finance problem, a compliance problem and an operations problem that happens to involve technology. The agents are delivering value: [74% of executives report achieving ROI within the first year](https://cloud.google.com/transf%6Frm/roi-of-ai-how-agents-help-business), according to Google Cloud research. But the value is being eroded by invisible costs that accumulate when nobody knows what agents exist, what they cost or what they're doing. [McKinsey estimates](https://www.mckinsey.com/mgi/media-center/ai-could-increase-corporate-profits-by-4-trillion-a-year-according-to-new-research) that AI agents could add $2.6 to $4.4 trillion in value to the global economy annually. That value will flow to the enterprises that deploy agents with visibility, governance and cost control. Not to the enterprises that deployed the most agents and hoped for the best. The difference between an agent estate and agent sprawl is a system of record. Build one. Or the cost will build itself. :::cta{title="Stop the sprawl" description="Roval gives your CFO the numbers, your CISO the audit trail and your CTO the deployment confidence. One platform for agent governance." cta="Book a demo" href="/demo"} ::: ----- ## Sources and further reading | Source | Link | |---|---| | Gravitee, State of AI Agent Security 2026 Report | [gravitee.io](https://www.gravitee.io/blog/state-of-ai-agent-security-2026-report-when-adoption-outpaces-control) | | Microsoft Cyber Pulse Report | [microsoft.com](https://www.microsoft.com/en-us/security/blog/2026/02/10/80-of-fortune-500-use-active-ai-agents-observability-governance-and-security-shape-the-new-frontier/) | | Gartner, 40% of Agentic AI Projects Will Fail by 2027 | [rcrwireless.com](https://www.rcrwireless.com/20250627/business/agentic-ai-gartner) | | Gartner, 40% of Enterprise Apps Will Feature AI Agents by 2026 | [gartner.com](https://www.gartner.com/en/newsroom/press-releases/2025-08-26-gartner-predicts-40-percent-of-enterprise-apps-will-feature-task-specific-ai-agents-by-2026-up-from-less-than-5-percent-in-2025) | | IBM, Gartner 2026 Tech Predictions and Implications | [ibm.com](https://www.ibm.com/think/insights/gartner-2026-tech-predictions-implications) | | IBM, Cost of a Data Breach Report 2025 | [ibm.com](https://www.ibm.com/reports/data-breach) | | Kiteworks, IBM 2025 Breach Report: Shadow AI Costs Analysis | [kiteworks.com](https://www.kiteworks.com/cybersecurity-risk-management/ibm-2025-data-breach-report-ai-risks/) | | Salesforce, 2026 Connectivity Benchmark Report | [salesforce.com](https://www.salesforce.com/news/stories/connectivity-report-announcement-2026/) | | CIO, Taming Agent Sprawl: 3 Pillars of AI Orchestration | [cio.com](https://www.cio.com/article/4132287/taming-agent-sprawl-3-pillars-of-ai-orchestration.html) | | Chanl.ai, AI Agent Token Cost Optimization | [chanl.ai](https://www.chanl.ai/blog/token-cost-optimization-production-ai-agents) | | RWS, How Scaling Enterprise AI With the Wrong LLM Could Cost You | [rws.com](https://www.rws.com/blog/scaling-enterprise-ai/) | | FinOps 2026: $330B Cloud Waste Despite $1T Spending | [byteiota.com](https://byteiota.com/finops-2026-330b-cloud-waste-despite-1t-spending/) | | Google Cloud, The ROI of AI: Agents Are Delivering | [cloud.google.com](https://cloud.google.com/transf%6Frm/roi-of-ai-how-agents-help-business) | | McKinsey, AI Could Increase Corporate Profits by $4.4 Trillion a Year | [mckinsey.com](https://www.mckinsey.com/mgi/media-center/ai-could-increase-corporate-profits-by-4-trillion-a-year-according-to-new-research) | | Forrester, AI Agent Governance Gap 2026 | [thinking.inc](https://thinking.inc/en/blue-ocean/agentic/enterprise-agent-governance/) | | MintMCP, AI Agent Security Enterprise Guide 2026 | [mintmcp.com](https://www.mintmcp.com/blog/ai-agent-security) | | EU AI Act, Article 99 (Penalties) | [artificialintelligenceact.eu](https://artificialintelligenceact.eu/article/99/) | | Knostic, AI Governance Statistics 2025 | [knostic.ai](https://www.knostic.ai/blog/ai-governance-statistics) | | S&P Global / AI Prediction Market, Agent Failure Forecast | [ai-prediction.malacka.cz](https://ai-prediction.malacka.cz/forecast/agent-failures) | | Trullion, Why Over 40% of Agentic AI Projects Will Fail | [trullion.com](https://trullion.com/blog/why-over-40-of-agentic-ai-projects-will-fail/) | | YouTube, Reality Check: Why 40% of AI Agent Projects Will FAIL by 2027 | [youtube.com](https://www.youtube.com/watch?v=tOfA2KpkBjE) | | YouTube, February 2026 FinOps Summit: State of FinOps, AI | [youtube.com](https://www.youtube.com/watch?v=Y7tHWwDicdM) | | Roval, The AI Agent Governance Framework (8 Pillars) | [roval.ai](/research/blog/ai-agent-governance-framework-8-pillars) | | Roval, Why AI Agents Need a CMDB | [roval.ai](/research/blog/why-ai-agents-need-a-cmdb) | | Roval, 10 Questions Every CTO Should Ask About AI Agents | [roval.ai](/research/blog/10-questions-cto-ai-agents) |