There is a number that should alarm every enterprise leader making AI decisions this quarter.
97% of executives say their company deployed AI agents in the past year. Only 29% report significant organisational ROI.
That gap — between near-universal deployment and minority-level returns — is the defining challenge of enterprise AI in 2026. And two major surveys released this week converge on the same explanation: enterprises can deploy agents. They cannot yet govern them. And without governance, more agents create more chaos, not more value.
The Data That Defines the Problem
The OutSystems 2026 State of AI Development report surveyed 1,900 global IT leaders. The findings confirm that agentic AI has moved decisively from experimentation to execution. 49% describe their agentic AI capabilities as advanced or expert. Gartner projects 40% of enterprise applications will include task-specific AI agents by year-end.
But alongside this adoption surge, 94% of IT leaders raise concern about agent sprawl — the uncontrolled proliferation of AI agents across the enterprise without coordinated governance, oversight, or architectural control.
The Writer 2026 Enterprise AI Adoption survey adds the financial dimension. Surveying 1,200 C-suite executives and 1,200 non-technical employees, Writer found that 79% of organisations face challenges in adopting AI — a double-digit increase from 2025. More strikingly, 54% of C-suite executives admit that adopting AI is “tearing their company apart.”
These are not organisations that failed to adopt AI. They adopted enthusiastically. 97% deployed agents. 52% of employees already use them. 59% of companies invest over $1 million annually in AI technology. The investment is there. The deployment is there. The organisational returns are not.
The gap between individual productivity gains and organisational ROI is where the governance problem lives.
What Agent Sprawl Actually Looks Like
Agent sprawl is not an abstract concern. It manifests in specific, measurable ways that every enterprise with more than a handful of AI agents will recognise.
Different teams deploy different agents for overlapping tasks. Marketing has a content agent. Sales has a research agent. Customer service has a support agent. Each was built or purchased independently, with different models, different data access, different security controls, and different governance frameworks. They do not communicate. They do not share context. And they sometimes produce contradictory outputs from the same underlying data.
Agents proliferate without visibility. When every team can deploy its own AI agent — through no-code tools, vendor platforms, or shadow IT — the enterprise quickly accumulates dozens or hundreds of agents that no central function can inventory, monitor, or govern. IT cannot answer basic questions: how many agents are running, what data do they access, what actions can they take, and who is responsible for their outputs?
Security controls fragment. Each agent needs access to enterprise data — customer records, financial data, compliance information, operational metrics. Without centralised access management, each agent connection creates a new security surface. The 43% of MCP implementations found to have command injection vulnerabilities in Q1 illustrates the security risk of uncoordinated agent deployment.
Cost structures become opaque. AI agents consume compute resources — API calls, token processing, inference capacity. When agents proliferate without centralised cost tracking, the AI bill grows in ways that no single team anticipated and no single budget owns. Constellation Research's April 2026 analysis flagged this explicitly: “enterprises are funding AI through operational trade-offs rather than new investment, forcing stricter control over spend and outcomes.”
Compliance gaps emerge. In regulated industries — financial services, healthcare, government — every AI agent that processes regulated data must operate within specific compliance frameworks. An agent that accesses customer financial data must comply with the same regulatory requirements as a human employee accessing that data. When agents proliferate without compliance review, each unreviewed agent is a potential regulatory violation.
Why Individual Productivity Does Not Equal Organisational ROI
The Writer survey reveals a pattern that explains the 97%-to-29% gap.
At the individual level, AI agents deliver clear productivity gains. Employees using AI agents report being more effective, faster, and able to handle tasks they previously could not. The technology works for individuals.
But organisational ROI requires something different from individual productivity. It requires coordination — shared data, consistent outputs, aligned workflows, centralised governance, and measurable business outcomes that aggregate across teams and departments.
When 50 employees each use their own AI agent to become 20% more productive, the enterprise does not automatically become 20% more productive. It becomes an organisation with 50 independently operating AI agents producing outputs that may conflict, duplicate effort, access data inconsistently, and create compliance exposure that no single person oversees.
The Writer survey identifies five failure modes that separate organisations achieving transformation from those stuck at individual productivity. Each traces back to a governance gap.
Accountability is diffuse. When every team owns its own agent, nobody owns the organisational outcome. Individual teams report productivity gains. Nobody reports — or is accountable for — the enterprise-wide ROI.
Governance follows deployment instead of preceding it. Most organisations deploy agents first and establish governance frameworks second. By the time governance catches up, dozens of agents are already operating outside any framework — and bringing them into compliance is far more expensive than governing them from the start.
Business teams and IT operate in parallel rather than together. Business teams deploy agents to solve immediate operational problems. IT manages the infrastructure, security, and compliance. Without a shared governance model, business agility and IT control work against each other rather than together.
What Governance Actually Requires
Agent governance is not a bureaucratic exercise. It is the operational framework that turns individual agent deployments into organisational value. It requires five specific capabilities.
Agent inventory and visibility. The enterprise must know how many AI agents are running, what each agent does, what data it accesses, what actions it can take, and who is responsible for its outputs. This inventory must update in real time as new agents are deployed and existing ones are modified.
Centralised access management. Agent access to enterprise data must be managed through a centralised identity and access management system — the same way employee access is managed. Each agent should have a defined access scope, with permissions that match its function and comply with the regulatory requirements applicable to the data it processes.
Audit trails. Every agent action — every data query, every decision, every output, every external system interaction — must be logged in an audit trail that compliance teams can review. When an agent produces an incorrect output or makes a decision that triggers a regulatory question, the enterprise must be able to trace exactly what data the agent accessed, what logic it applied, and what action it took.
Cost allocation. Agent compute costs must be tracked per agent, per team, and per use case. Without this granularity, AI spending grows opaquely and cannot be tied to the business outcomes it was intended to deliver. The enterprise should be able to answer: what does each agent cost, and what value does it generate?
Performance monitoring and retraining. Agent performance must be monitored continuously against business outcome metrics — not just technical metrics. When an agent's outputs degrade, the governance framework must trigger retraining, recalibration, or decommissioning. Agents that no longer deliver value should be retired rather than left running at cost.
The Constellation Research Signal
Constellation Research's April 2026 Enterprise Intelligence report reinforces this governance imperative with a specific framing that enterprise leaders should internalise: “AI is moving from promise to execution and exposing gaps in cost structures, governance, and architecture.”
The report's conclusion is direct: “AI value won't come from access to models, but from the ability to govern, integrate, and operationalise systems at scale.”
This is the most important single sentence in enterprise AI strategy for Q2 2026. The model capability race that dominated 2024 and 2025 is over — not because models stopped improving, but because the differentiator shifted. Every enterprise has access to frontier models. The competitive advantage now goes to the enterprises that can govern those models in production, integrate them into operational workflows, and measure the organisational value they deliver.
What to Do This Quarter
The governance gap does not close itself. Every week of uncoordinated agent deployment widens it. Here is the minimum viable governance framework for Q2 2026.
Conduct an agent inventory. This week. Identify every AI agent running in your enterprise — official and shadow. Document what each does, what data it accesses, what model it uses, who deployed it, and who is responsible for its outputs. You cannot govern what you cannot see.
Establish agent deployment standards. Before any new agent is deployed, it must pass through a lightweight governance review: defined use case, approved data access, compliance assessment, cost estimate, and assigned ownership. This does not need to be a six-week review cycle. It needs to be a one-page checklist that takes 30 minutes.
Centralise access management. Route all agent data access through your existing identity and access management infrastructure. Agents get the same access controls as human employees — no more, no less. If a human in that role would not have access to that data, the agent should not either.
Implement cost tracking. Track AI compute costs per agent and per team. Report these costs alongside the business outcomes each agent delivers. This creates the accountability loop that transforms AI spending from an opaque cost centre into a measurable investment.
Assign organisational AI accountability. Someone — a person, not a committee — must be accountable for organisational AI ROI. This person oversees the agent inventory, monitors aggregate performance, manages the governance framework, and reports to leadership on whether AI deployment is delivering organisational value or just individual productivity.
The enterprises that establish governance now will scale agents confidently into Q3 and Q4, with each new agent adding to a coordinated, measurable system. The enterprises that delay governance will continue accumulating agents, accumulating costs, and accumulating risk — without accumulating the organisational returns that justify the investment.
94% are worried about agent sprawl. 54% say AI is tearing their company apart. 97% deployed agents but only 29% see organisational ROI. The data is unambiguous. The governance gap is the bottleneck. Close it now, or keep deploying agents into chaos.
“97% deployed AI agents. Only 29% see significant organisational ROI. 94% worry about agent sprawl. 54% of C-suite say AI is tearing their company apart. The problem is not deployment — it is governance. Agents proliferate without inventory, without centralised access controls, without audit trails, without cost tracking, and without anyone accountable for organisational outcomes. Individual productivity gains do not automatically translate into organisational returns. Governance is the bridge. Build it now — before agent sprawl makes it ten times harder to build later.”