A new IBM study has put numbers on a problem that many business leaders are feeling but struggling to articulate: AI agents are being deployed faster than organisations can govern them.
The research, published in early June 2026 and presented at IBM Think, found that large enterprises are on track to operate an average of more than 1,600 AI agents by the end of this year. That’s not a future projection — that’s a 2026 reality for early-adopting organisations. And the kicker: seven in ten executives say the AI governance they have in place today is not fit for purpose.
The Numbers That Should Concern Every Business Leader
IBM surveyed enterprise technology leaders — CIOs, CTOs, and their teams — to understand how AI agent deployment is scaling and whether governance is keeping pace. The findings are striking:
- Over 1,600 AI agents per large enterprise expected by end of 2026
- 70% of executives say current AI governance is not fit for purpose
- Only 18% of organisations maintain a current, complete inventory of the agents running inside their walls
- Just 12% have a centralised platform to manage agent sprawl
- 77% say AI adoption is outpacing their governance capabilities
- 54 AI agent incidents per organisation on average in the past year
- 17% of those incidents were high severity, requiring more than four hours to contain
- 80% operate under a CEO-driven AI transformation mandate
- Only 11% believe they are fully ready for the scale of AI deployment expected in the next year
Read those last two figures together. Most businesses are under pressure from the top to move fast with AI. But almost none of them feel ready for what’s coming.
What a “Governance Gap” Actually Looks Like
The term “AI governance” can sound abstract. Here’s what the gap looks like in practice.
An operations team spins up an AI agent to handle supplier invoice approvals. The IT team builds a separate agent for IT helpdesk tickets. Marketing deploys one for campaign reporting. Each was approved in isolation, by different teams, using different tools, with different access permissions and oversight practices.
Six months later, nobody has a full picture of which agents are running, what data they’re touching, or how they behave when inputs fall outside normal parameters. The IBM study found that the average enterprise experienced 54 such incidents last year — moments when an agent did something unintended that required human correction. Nearly one in five of those incidents was serious enough to take four or more hours to fix.
This is the governance gap. Not a theoretical risk — an operational one happening inside businesses right now.
Why This Is Happening
Three forces are creating the gap simultaneously.
Speed of deployment: AI agents have become fast and cheap to spin up. A developer with access to the right APIs can have a working agent running in hours. That’s genuinely useful. But it means AI capabilities are spreading across an organisation much faster than any centralised governance function can track.
CEO pressure: Eighty percent of organisations in the IBM study are operating under explicit mandates from the top to push AI forward. When the directive comes from above and the timeline is tight, middle management deprioritises governance in favour of delivery.
Immaturity of oversight tooling: Only 12% of organisations have a centralised platform for managing agents. Most are doing it manually or not at all. You can’t govern what you can’t see.
IBM’s Response: Governance at the Infrastructure Layer
IBM’s announcement at Think 2026 was IBM Sovereign Core, a platform that attempts to embed governance, compliance, and AI execution controls directly at the infrastructure level rather than as an add-on layer above the models.
The idea is that governance should be structural — baked into how agents are deployed and how they operate — rather than a policy document that gets ignored when teams are moving fast.
It’s a reasonable approach. The problem with governance as a process is that it slows things down and becomes the first thing cut when under pressure. Governance as infrastructure — where agents simply can’t operate outside defined parameters — is harder to bypass.
What This Means for Your Business
If you’re a business owner or technology leader reading this, the IBM findings probably resonate. You’re likely already running more AI than you formally track. Your teams are experimenting with tools that connect to business data in ways that aren’t fully documented. And you probably don’t have a centralised view of any of it.
A few things worth thinking about:
Start with an inventory. Before you can govern AI, you need to know what’s running. This sounds obvious, but only 18% of enterprises have done it. Make that the first project, even if it’s manual.
Define what “acceptable behaviour” looks like before deploying an agent. The incidents in the IBM study — 54 per organisation per year — largely happened because agents encountered situations they weren’t designed for and nobody had defined what they should do. Build guardrails before you go live, not after.
Centralise oversight without centralising deployment. You don’t need to force all AI through a single team. You need a common visibility layer so that someone in your organisation knows what’s running, who approved it, and what it has access to.
Plan for scale. If you have 5 AI agents today and 1,600 is the trajectory, manual governance isn’t going to work. Whatever approach you take needs to scale with deployment.
Enterprise DNA’s Take
The IBM research makes visible something that the AI industry has been quietly watching build for months. The push to deploy AI agents is outrunning the maturity of how businesses manage them.
This isn’t an argument against deploying AI. It’s an argument for deploying it with structure. The organisations that build the right foundations now — visibility, access controls, defined parameters, escalation paths — are the ones that will be able to move fast without breaking things.
The organisations that don’t are accumulating operational risk with every new agent they spin up.
If your business is building out AI capability and you want to do it in a way that’s actually sustainable, the governance conversation needs to happen before the deployment conversation, not after.
Source
IBM Newsroom
Free Resource
Going deeper with Claude?
Get the free 32-page implementation guide for ANZ teams.
Your guide is ready
Check your downloads folder. If it did not open automatically, use the button below.
Download the Guide