A survey of 750 US and UK tech leaders shows nearly half of deployed AI agents lack monitoring, prompting open-source platform provider Gravitee to push unified governance as the only scalable fix.
Nearly half of the 3 million AI agents now operating inside large US and UK enterprises are running without oversight, exposing organisations to mounting security and data risks, according to new research from Gravitee, which positions open-source governance as the practical remedy.
The findings show 47% of agents are neither actively monitored nor secured, leaving roughly 1.5 million systems vulnerable to going rogue. At the same time, 88% of firms report already experiencing or suspecting an AI agent-related security or privacy incident in the past year.
As enterprises accelerate deployment, governance is failing to keep pace. Reported risks include data exposure, incorrect decisions, unauthorised deletions and broader security breaches, underscoring the operational dangers of autonomous systems without controls.
Gravitee, described as an open source leader in Agentic API and event management, argues that AI agents must be governed with the same discipline applied to APIs. Its platform provides unified oversight across APIs, events and agents, enforcing identity, access, policies and trust within a single framework.
“There are now over 3 million AI agents operating within corporations, a workforce larger than the entire global employee count of Walmart. But far too often, these autonomous agents are left ungoverned and unchecked. Every day, I hear stories of catastrophic data leaks and unauthorized deletions. Without governance, these agents will stop being productivity gains and start becoming liabilities: a danger to consumers and businesses alike,” said Rory Blundell, CEO, Gravitee.
The study surveyed 750 CIOs, CTOs and platform leaders across the US and UK in December 2025. Recent launches include Gravitee 4.10, an agent-ready control layer, an Agent Mesh architecture, and industry recognition from Gartner in its 2025 Magic Quadrant for API Management.
