Table of Contents
Corporate networks are rapidly filling with AI agents—and for many enterprises, that growth is happening faster than governance models can keep up. As organisations embrace multi-cloud environments and generative AI at scale, leaders are discovering a growing blind spot: no one has a complete view of where these agents live, what they do, or what data they can touch.
This challenge sits at the heart of Managing AI Agent Sprawl: A Practical Governance Guide for CIOs, as IT leaders grapple with ecosystems packed with autonomous, often untracked digital workers.
From Shadow IT to Shadow Agents
As individual business units rush to deploy AI for speed and experimentation, CIOs are inheriting fragmented landscapes filled with disconnected agents. The situation closely resembles the shadow IT era of early cloud adoption—except now the assets involved are autonomous systems capable of executing logic, triggering workflows, and accessing sensitive enterprise data.
According to IDC, the number of active AI agents is expected to cross one billion by 2029, representing a forty-fold jump from today. Even more striking, the first half of 2025 alone saw agent creation spike by 119%. For enterprise leadership, the challenge has shifted: it’s no longer about building agents, but about finding, auditing, and governing them across platforms.
Salesforce’s Response to AI Fragmentation
To address this growing complexity, Salesforce has expanded its MuleSoft Agent Fabric with new automated discovery capabilities. The goal is simple but critical—centralise the management of AI agents, no matter where or how they were created.
Instead of relying on teams to manually document deployments, MuleSoft now enables continuous discovery across major AI ecosystems, helping IT regain visibility over an increasingly distributed digital workforce.
Automating Discovery Across Platforms
For security and operations teams, visibility remains the biggest hurdle. When marketing launches agents on one platform while logistics builds on another, central IT quickly loses the ability to govern effectively.
MuleSoft’s updated architecture introduces “Agent Scanners” that continuously monitor environments such as Salesforce Agentforce, Amazon Bedrock, and Google Vertex AI. These scanners automatically detect running agents, eliminating the need for manual registration.
Discovery, however, is only the beginning. The scanners also extract metadata that explains what each agent does—its capabilities, the LLMs powering it, and the data endpoints it can access. This information is standardised into Agent-to-Agent (A2A) specifications, creating consistent profiles regardless of vendor or cloud.
Andrew Comstock, SVP and GM of MuleSoft, summed it up clearly: organisations that succeed long term will be those that embrace multi-cloud AI innovation while maintaining unified visibility and control.
Governance, Risk, and Cost Control
Unmanaged AI agents don’t just introduce security risks—they also drive unnecessary costs. In highly regulated sectors like banking, verifying a new AI agent often means manually collecting documentation to confirm what systems it can access. Automated cataloguing changes that equation, giving security teams real-time insight into authorisation levels without chasing developers.
Financial oversight improves as well. Many large enterprises unknowingly pay for duplicate functionality because teams operate in silos. A global manufacturer, for example, may have multiple departments paying for similar summarisation agents on different platforms.
Using tools like the MuleSoft Agent Visualizer, operations leaders can filter agents by function, quickly spot redundancies, and consolidate them into fewer, higher-performing assets—reducing licensing waste and freeing budget for innovation.
Enabling the “Agentic Enterprise”
Innovation often starts at the edges of the organisation, where teams build custom tools outside formal procurement processes. MuleSoft’s expanded Agent Fabric acknowledges this reality by allowing internally built agents and Model Context Protocol (MCP) servers to be registered via URL.
This is especially valuable in industries like logistics, where bespoke optimisation tools are common. Instead of remaining invisible, these homegrown assets become discoverable, reusable, and governable across the enterprise.
Jonathan Harvey, Head of AI Operations at Capita, noted that automated discovery shifts the focus from inventory tracking to innovation, enabling teams to collaborate and build smarter multi-agent systems. AT&T is taking a similar approach, using the framework to orchestrate agents across customer support, chat, and voice channels—treating governance as an enabler rather than a constraint.
Building a Sustainable Governance Model
Moving toward an “Agentic Enterprise” requires a fundamental rethink of how IT assets are tracked. Static spreadsheets and manual audits simply can’t keep pace with the speed of AI deployment.
CIOs should assume their AI agent inventory is incomplete and start by deploying automated scanning tools to establish a reliable baseline. From there, governance policies must require all agents—whether purchased or built internally—to expose their capabilities and data access in a standardised format such as A2A.
With visibility in place, executives can finally audit AI spend, eliminate duplicate functionality, and bring total cost of ownership under control.
As enterprises move from pilots to full-scale deployment, success won’t be defined by how smart individual agents are—but by how coherently the entire network is governed, connected, and controlled.
