AI agents are moving from experiments to operational infrastructure. Many organizations still lack visibility into where agents run, what they access, and who owns them.
In 2026, enterprises are moving beyond chatbots and deploying AI agents to handle work. Hiring teams are testing screening agents, legal teams are using agents to review contracts, and ops teams are connecting agents to internal tools and data. Governance and access control have not caught up with this shift, leaving many organizations without consistent oversight of how agents operate across systems.
This gap is real and is happening now. The World Economic Forum reports that 82% of organizations plan to integrate agents within the next one to three years, which means most enterprises are now preparing to scale agentic workflows beyond pilots.
Žilvinas Girėnas, head of product at nexos.ai, an all-in-one AI platform for enterprises, explains the situation from a management perspective:
“AI agents are becoming part of day-to-day operations. Leaders aren’t worried about the agents themselves, but about losing visibility once they invoke external functions, APIs, or services, actions that take, query databases, or shift data across systems. The question shifts from ‘Which AI tool are employees using?’ to ‘Which agents exist, what identity do they run under, and what can they access?’ With an inventory, clear ownership, and audit logs in place, companies can scale agents with control and confidence,” he says.
The governance gap behind unchecked agent costs
Many organizations are planning to use agents in various functions as part of their regular operations, not just as one-time tests. However, oversight of these agents is not keeping up.
An IBM study found that 63% of companies that experienced breaches either lack AI governance policies or are still developing them. Even when policies exist, fewer than half have strict approval processes. Only a small number audit for unauthorized AI use, and 61% do not use dedicated tools for AI governance.
Recent CISO research shows the same gap in practice. In a survey of 235 senior security leaders, 92% said they lack full visibility into AI identities, the non-human accounts for agents, copilots, and assistants that employees create or deploy, and 75% reported unsanctioned AI tools already running in their environments.
This lack of oversight leads to overlapping agents and hidden costs. When teams work independently, they often create agents that solve similar problems in different ways. For example, a finance team may build an agent to process invoices, while a procurement team creates another for the same task.
This results in two agents performing the same job, wasting valuable resources such as API calls and GPU hours. Similarly, marketing and sales teams might create duplicate customer data agents. No one notices these overlaps because there is no clear overview of existing agents and their resource use.
“When several teams build their own agent for the same job, you do not get more value,” says Girėnas. “You get duplicated workflows and fragmented spend. Seats, runs, and queries show up across different tools, and your API costs rise.”
Research indicates that 84% of companies believe AI costs are negatively impacting their gross margins by over six points. For a typical SaaS business operating at 80%, that translates into significant financial loss. Teams are struggling to track which agents are consuming resources.
Some teams already show what strong visibility and control can look like at scale. Oxylabs reports “unmatched visibility” into AI spend after adopting nexos.ai and says it reduced AI operational costs by 20% by identifying and removing inefficiencies. Oxylabs also reports that development increased three times and that AI-driven feature output doubled in the first quarter.
“The paradox is that the same tools that help teams work faster also risk breaking cost control,” says Girėnas. “Speed and visibility must go together, or it leads to chaos and unexpected expenses.”
Governance failures appear in four ways: No one knows which agents are active or who approved them; teams create overlapping workflows, leading to wasted spending; agents operate across systems without enough security checks; and finance teams cannot forecast or control costs due to a lack of insight into actual resource use. When this occurs, unexpected costs become a recurring problem that builds up over time.
“The goal isn’t to slow down your fast-moving teams,” says Girėnas. “It’s to let them build quickly while keeping track of what they’re building, who they’re giving access to, and what it costs. This is the difference between a scalable platform and infrastructure that might become a liability.”
What leaders should do now
Agent sprawl spirals out of control fast. Without visibility, costs pile up unnoticed each quarter. Girėnas recommends four guardrails to fix this:
- Create a comprehensive agent inventory. This serves as a centralized registry where every agent, owner, and access level is documented before they interact with any data. This step is crucial for establishing visibility and making duplicated workflows apparent. It also helps identify cost owners.
- Distinguish between the freedom to build and the control needed during runtime. Allow teams to design and iterate agents swiftly, enabling them to operate at speed. Utilize a shared control plane to manage identity, permissions, and logging. This way, teams can maintain their momentum while the organization retains oversight.
- Treat agents as employees rather than mere scripts. Clearly define roles, limit privileges, and require a probation period in sandbox environments before providing broader access to sensitive systems or data. This approach helps prevent unauthorized agents from silently accessing critical infrastructure.
- Connect agents to cost signals. Link each agent to fundamental usage and cost metrics, making it easy to see which agents provide value and which ones drain the budget. Gaining early visibility into overspending is far better than facing unexpected invoices.
ABOUT NEXOS.AI
nexos.ai is an all-in-one AI platform to drive secure, organization-wide AI adoption. Through a secure AI Workspace for employees and an AI Gateway for developers, nexos.ai enables companies to replace scattered AI tools with a unified interface that provides built-in guardrails, complete visibility, and flexible access controls across all leading AI models — allowing teams to move fast while maintaining security and compliance. Headquartered in Vilnius, Lithuania, nexos.ai is backed by Evantic Capital, Index Ventures, Creandum, Dig Ventures, and a number of notable angels, including Olivier Pomel (CEO of Datadog), Sebastian Siemiatkowski (CEO of Klarna), through Flat Capital, Ilkka Paananen (CEO of Supercell), and Avishai Abrahami (CEO of Wix.com).
