The enterprise world has an AI agent problem -- and it is not that companies lack agents. It is that they have too many of them, deployed too quickly, with too little oversight.
That is the central finding of the OutSystems 2026 State of AI Development report, released in April, which surveyed nearly 1,900 global IT leaders across multiple regions with responses collected between December 2025 and January 2026. The headline number is stark: 94 percent of organizations report that AI agent sprawl is increasing complexity, technical debt, and security risk across their operations.
The report lands at a moment when agentic AI has moved decisively from experimentation to production. According to the survey, 96 percent of enterprises are already running AI agents in some capacity, and 97 percent are actively exploring system-wide agentic AI strategies. The gap between those adoption figures and the sprawl concern number tells the story: nearly everyone is deploying agents, nearly everyone is worried about what that deployment is doing to their infrastructure, and very few have figured out how to manage it.
The Governance Gap
The most troubling detail in the OutSystems data may be the governance deficit. Only 12 percent of enterprises surveyed have implemented a centralized platform to manage agent sprawl. The remaining 88 percent are navigating a patchwork of team-level and region-specific governance approaches -- or, in many cases, no formal governance at all.
Thirty-eight percent of organizations globally report mixing custom-built and pre-built agents, creating heterogeneous AI stacks that are difficult to standardize, audit, and secure. When every department is building or buying its own agents using different frameworks, models, and deployment patterns, the result is an architectural fragmentation problem that compounds with every new agent added to the environment.
Paulo Rosado, CEO and founder of OutSystems, framed the situation bluntly. "AI agents are no longer experimental -- they are operational," Rosado said. "But without a system-level approach to how these agents are built, governed, and evolved, enterprises risk turning their AI investments into the next wave of unmanageable technical debt."
Why Sprawl Is a Security Problem
The sprawl concern is not merely architectural. It is a security issue. When agents proliferate without centralized visibility, organizations lose track of what data each agent can access, what actions it can take, and what guardrails -- if any -- constrain its behavior. In a landscape where autonomous agents are making decisions and taking actions on behalf of the enterprise, ungoverned sprawl creates an expanding and poorly mapped attack surface.
This concern echoes findings from other recent industry analyses. A separate report from Symphona highlighted that only 12 percent of enterprises have any form of centralized agent governance, with telecom operators identified as particularly exposed due to the complexity of their legacy systems and the volume of customer-facing processes ripe for agent automation. The convergence of these findings from multiple sources suggests the governance gap is not an outlier data point but a systemic condition across industries.
OutSystems Responds With Agentic Systems Engineering
OutSystems is not merely diagnosing the problem -- the company is positioning itself as a solution provider. Alongside the research, OutSystems introduced what it calls Agentic Systems Engineering, an open approach to AI development designed to help organizations build, manage, and evolve governed agentic systems.
At the center of this framework is the OutSystems Enterprise Context Graph, which extends the company's platform architecture with dynamic tooling that agents need to operate across complex enterprise systems. The Context Graph provides what OutSystems describes as a high-fidelity, real-time understanding of enterprise architecture -- applications, agents, workflows, data, and their interconnected dependencies -- giving organizations the visibility layer that most currently lack.
The approach is deliberately open. Developers will be able to use any agentic tool to inspect, extend, and build on the OutSystems platform, including external coding tools such as Claude Code, OpenAI Codex, and Cursor. Regardless of the development environment, agents will operate within shared enterprise context and guardrails. OutSystems expects to open an early access program to customers in Q2 2026.
The Broader Pattern
The OutSystems findings fit into a larger pattern emerging across the enterprise technology landscape. Microsoft's recent launch of Agent 365, a dedicated control plane for governing AI agents at scale, reflects the same diagnosis: the next critical infrastructure layer is not agent capability but agent management. Salesforce, Google, and a growing number of startups are all converging on the same thesis -- that enterprises need governance-first tooling to prevent their AI agent investments from becoming liabilities.
The 94 percent figure from OutSystems should be read not as a warning about a future risk but as a description of a present condition. Enterprises have already deployed agents at scale. The sprawl is already here. The question now is whether governance tooling can catch up before the complexity becomes unmanageable -- and before the security incidents that ungoverned agent sprawl makes increasingly likely begin to materialize.
For IT leaders, the immediate takeaway is clear: any agentic AI strategy that does not include a parallel governance strategy is incomplete. The data suggests that most organizations know this. The challenge is moving from awareness to action before technical debt and security exposure reach a tipping point.
"Without a system-level approach to how these agents are built, governed, and evolved, enterprises risk turning their AI investments into the next wave of unmanageable technical debt."-- Paulo Rosado, CEO, OutSystems