Shadow IT was an inconvenience. Someone signed up for a project management tool without telling IT. The data stayed in one place, the blast radius was small, and the fix was a conversation.
Shadow AI was a warning. Employees pasting sensitive data into consumer chatbots. Confidential documents uploaded for summarisation. A governance gap that most organisations addressed with acceptable-use policies and access controls.
Shadow agents are something else entirely.
Eighty-two percent of organisations discovered at least one AI agent or workflow this year that security or IT did not previously know about. These are not employees experimenting with a chatbot. These are autonomous systems with API access, chaining actions across multiple services, making decisions at machine speed, and persisting in environments with credentials that nobody provisioned through a formal process.
The problem has changed shape. It is no longer about information leaking out. It is about decisions being made — at scale, without oversight, by systems nobody designed to govern.
The numbers describe a gap that is widening, not closing.
The average enterprise now manages thirty-seven deployed agents. More than half of those agents run without security oversight or logging. Sixty-five percent of organisations report an AI agent security incident in the past year, with every one of those incidents producing real business impact — most commonly data exposure.
Twenty-nine percent of employees use unsanctioned agents for work tasks. Not as rebellion. As problem-solving. The sanctioned tools are slow, limited, or absent. The unsanctioned ones work. When the informal path outperforms the formal one, governance loses by default.
This is the pattern that made shadow IT inevitable in the 2010s, replaying at a speed and stakes that make the original version look quaint.
What makes shadow agents structurally different from their predecessors is autonomy. A shadow SaaS tool sits where someone put it. A shadow agent acts — it reads data, calls APIs, writes to systems, makes choices, and chains those choices together across services. It does not wait for a human to decide. That is the point of an agent.
Fewer than one in four organisations have full visibility into which agents are communicating with each other. The rest are operating with an infrastructure that makes decisions they cannot trace, through paths they did not design, with permissions they did not deliberately grant.
The instinct is to reach for controls: registries, inventories, access management, kill switches. These are necessary. They are not sufficient. A registry tells you that thirty-seven agents exist. It does not tell you whether any of them should exist in the form they currently take, doing the work they currently do, with the authority they currently hold.
The difference between managing shadow agents and governing them is the same difference between monitoring a system and designing it.
Monitoring asks: what is happening? Governance design asks: what should be happening, and does the system make the right thing the easy thing?
Organisations that have successfully brought AI agent deployments under governance — and they exist, though they are a minority — share a common characteristic. They did not start with the technology. They started with the workflow. Which decisions does this agent make? Who is accountable for those decisions? What happens when the agent is wrong? What does the human-agent boundary look like, and who designed it?
These are not technology questions. They are design questions. And until an organisation answers them, every registry, every audit trail, and every access control is a patch on a system that was never designed in the first place.
The shadow agent problem is not going away. It is going to accelerate. Every platform vendor is making it easier to build agents. Every productivity suite is embedding them. The question is not whether your organisation will have autonomous agents making decisions. It already does. The question is whether anyone designed how those decisions should work.
One workflow at a time. That is where governance starts — not with a policy, not with a platform, but with a design decision about how work should happen when some of the workers are not human.
Sources: CSA "Autonomous but Not Controlled" Survey April 2026 (82% unknown agents, 65% incident rate); Gravitee "State of AI Agent Security Report" 2026 (37-agent average, agent-to-agent visibility data); Security Boulevard May 2026 (Fortune 500 agent statistics); Help Net Security May 2026 (employee shadow AI usage); ITWeb 2026 (shadow agent threat landscape).