Do you know what
your agents are doing?

The case for enterprise control planes


insight
June 30, 2026
9 min read

Author

Thomas Steirer

 

Thomas Steirer is Chief Technology Officer (CTO) at Nagarro. His focus is on developing scalable and sustainable solutions that are primarily designed to deliver valuable information.

 

Your organization already has AI agents in production, and you probably don't fully know what they're doing. As agent networks scale from dozens to thousands, the challenge shifts from building better agents to governing an army of diverse agents helping to run core processes of your business.

AI, and Agentic AI in particular, multiply and magnify. That goes for productivity, but also (and maybe more) for risks.

The Enterprise Agent Control Plane is emerging as the foundational governance layer for enterprise AI, providing the runtime security, observability, and compliance needed to manage AI agents at scale. Organizations that establish strong AI agent governance early will be better positioned to control risk, contain costs, maintain compliance, and unlock value from increasingly autonomous systems.

This article explores why AI agent governance is becoming a strategic imperative, how Enterprise Agent Control Planes help organizations govern complex agent ecosystems, and how Nagarro's Fluidic Intelligence framework provides a practical approach to building governance for the agent era.

Most organizations are focused on deploying AI agents. Far fewer are prepared to govern them. As agent ecosystems scale from dozens to thousands, the Enterprise Agent Control Plane is emerging as the critical infrastructure for security, observability, compliance, and control.

- Thomas Steirer 

Here's something nobody warned us about.

1

We spent a decade building cloud infrastructure: Kubernetes clusters, microservices, and sprawling container environments. We felt pretty good about it; now we're facing a governance challenge that makes all of that seem relatively simple.

2

The numbers are striking: Prosus, one of the world's largest technology investors, now runs more than 60,000 AI agents across its portfolio companies. That figure doubled from 30,000 in roughly a year.

3

Gartner predicts that by 2028, the average global Fortune 500 enterprise will have more than 150,000 AI agents in use, up from fewer than 15 in 2025. That equates to roughly a 10,000-fold increase over three years. 

4

Let that sink in. Many organizations will soon have as many agents as employees, perhaps even more.  Unsettling truth is that most enterprises already have agents in production. Yet very few fully understand what those agents are doing.

The mess we're already in

Cyera's 2026 research documented 344 verified incidents of agent-inflicted damage between September 2023 and May 2026. These were not adversarial attacks or sophisticated hacks. In most cases, agents were doing exactly what they had been designed to do, just without adequate guardrails or governance.

The incidents read like entries from a CTO's nightmare diary. A coding agent at PocketOS deleted a production database along with its backups. An API enrichment loop accumulated $47,000 in charges before anyone noticed. An AWS-connected agent attempted to "recreate" a production environment and triggered a 13-hour outage. Other agents fabricated progress reports to conceal their own workflow failures, optimizing, as they often do, for the task completion metrics they were given.

Of those 344 incidents, 188 involved no external attacker at all. The agents simply did what agents do: pursue their objectives with relentless efficiency and no understanding of organizational context. Meanwhile, 88% of companies report having already experienced agent-related security failures, yet only about 21% have anything resembling a mature governance framework in place.

The reality is that most organizations probably already have dozens, perhaps hundreds, of agents operating across the enterprise. Some emerge through shadow IT initiatives. Others arrive through departmental experiments or are embedded within SaaS platforms already in use. The governance challenge is no longer about preventing future adoption. Rather, companies need to focus on gaining visibility and control over what already exists before it grows into an unmanageable risk.

Those numbers should keep leaders awake at night. And, for me, they do.

lezonline_minimal_AI_agent_at_work_smiling_--ar_54_--profile__3b1774f2-02fe-4f4b-9f54-056e4466546e_1

This isn't about better agents

It is not about build smarter agents. That ship sailed and left the harbor a long time ago. The real question, the one that will determine whether agents become a strategic asset or an unmanaged liability, is far more important:

How do you govern 10,000 agents built by different teams, running on different LLMs and providers, accessing different data sources, and serving different business domains, while ensuring they all operate within the rules you've established?

The industry is beginning to call an
Enterprise Agent Control Plane.

lezonline_Ai_agent_at_work_--ar_54_--profile_trmhixi_--v_8.1_c8d3cdc4-7037-4ecd-a48f-310205dc9640_0

Think about it the same way you think about Kubernetes for containers. No organization manages containers one by one. Instead, they rely on a control plane that abstracts complexity and enables thousands of workloads to run reliably at scale. Or, even before that, ESBs have helped control and make sense of the countless interfaces and APIs across enterprises. The principle is the same. The stakes, however, are significantly higher.

What makes an agent control plane different from every infrastructure layer that came before it is its deliberate technology neutrality. It does not matter whether agents run on OpenAI, Anthropic, Gemini, or open-source models. It does not matter whether they are built with LangChain, AutoGPT, proprietary frameworks, or tools that have yet to emerge.

Nor does it matter what specific tasks those agents perform or how they are designed internally. The control plane focuses on a single question: Are they operating within the boundaries and policies your organization has defined?

Without a control plane, managing agents resembles managing servers in 2005: individually, manually, and with limited visibility across the environment. As the number of agents grows, that approach quickly becomes unsustainable. A control plane changes the equation. It provides a unified view of agent activity, a consistent layer for policy enforcement, and a centralized mechanism for auditing compliance, regardless of how diverse the underlying agent ecosystem becomes.

In short, it gives organizations a single system for governing an increasingly complex agent workforce.

Three pillars, one governing layer

The control plane isn't a single product. It's an architectural layer with three distinct responsibilities. In Nagarro's Fluidic Intelligence framework, these form the foundational pillars of agent governance at scale.

 

 

This is where the hard policies live.

Policies, permissions, approval workflows, kill switches, and escalation paths all belong here. So does agent identity and authorization because applying human-centric IAM models to non-human actors is precisely how many agent-related failures occur. Agents need permissions that are scoped to what they actually require, not broad access inherited from whoever deployed them.

Prompt injection defenses sit here too.

Your CISO cares about this pillar, and they should.

As agent networks grow, agent-to-agent communication becomes both critical and risky. When thousands of agents need to coordinate work, share context, or trigger each other's workflows, that communication cannot rely on ad hoc integrations.

The control plane provides approved coordination protocols so agents can collaborate safely without creating unmanaged dependencies, privilege escalation risks, or cascading failures across the broader ecosystem.

Run time security

 

This gives you the glass box. Track agent behavior, tool calls, costs, failures, drift, and, critically, business outcomes. Every reasoning chain should be traceable. Every token expenditure should be attributable. Every policy violation should be visible in real time.

This is where you catch the $47,000 runaway loop in hour one instead of day four. Your platform team, your CFO, and your FinOps practice all have a stake here. Without this pillar, you're flying blind, with engines you can't see and a fuel bill you can't predict.

The Fluidic Intelligence approach treats observability not as infrastructure monitoring, but as continuous governance validation, proving that agents are operating within bounds, delivering value, and adapting as your business context shifts.

Auditability & governance

 

This is the pillar that future-proofs you. Audit trails, explainability, accountability, and policy evidence all belong here. The EU AI Act's major obligations are taking effect now. NIST is developing agent-specific standards. ISO 42001 provides a certifiable management system.

But compliance is only half of the equation. The other half is avoiding lock-in. If your entire agent fleet runs on a single model, a single hyperscaler, or a single framework, you've traded one kind of risk for another.

The control plane layer ensures that your governance infrastructure remains constant even as the agent technologies beneath it evolve. Your risk, legal, and architecture teams need this.

Vendor compliance

From diagnosis to architecture

So where do you start? Because "build a control plane" is easy advice to give and brutally hard advice to follow. Every organization's agent landscape is different: different maturity levels, different LLM dependencies, different regulatory environments, and different risk profiles.

This is where diagnostic rigor matters. The Fluidic Intelligence framework begins with understanding where you actually are not where you think you are, or where your vendor roadmaps promise you'll be.

It starts by mapping your current agent landscape. Not just the sanctioned agents your platform team deployed, but the shadow agents already running in departments. The vendor-embedded agents in your SaaS stack. The experiments that became production services without anyone noticing. You can't govern what you can't see.

Then it assesses governance maturity across the three pillars. Do you have agent identity management? Can you trace reasoning chains? Can you enforce budget caps per agent? Do you have circuit breakers for runaway behavior? Most organizations discover they're strong in one pillar and dangerously exposed in the other two.

The framework identifies the gaps between what your agents can do and what your organization can control, and treats closing those gaps as an enterprise architecture problem, not a point-solution deployment.

Here's what Prosus learned at 60,000 agents that matters: governance can't be imposed top-down on teams that have already built and deployed agents autonomously. At that scale, centralized management is impractical. Rigid policies break. Instead, you need adaptive, context-aware guardrails that evolve as new risks emerge, guardrails that scale with your agent fleet, not against it.

The Fluidic Intelligence approach emphasizes this: the barriers are as much cultural and organizational as they are technical. The control plane has to be designed around your specific operating model, compliance posture, and strategic objectives, not bolted on as an afterthought. It has to work with how teams actually build and deploy agents, adapting fluidly to how work happens.

This is why the framework treats the control plane as a living system, not a fixed implementation. Your agent landscape will change. Your risk surface will expand. Your compliance requirements will tighten. The governance layer needs to evolve with you.

Where this is heading

Gartner estimates that over 40% of agentic AI projects will be canceled by the end of 2027, not because the technology fails, but because governance gaps, unclear ROI, and spiraling costs make them untenable.

The organizations that avoid that fate won't be the ones with the most sophisticated agents. They'll be the ones that treated governance as a first-class engineering discipline from the start, that built registries before they had agent sprawl, implemented budget caps before they had runaway costs, and established audit trails before regulators came asking.

lezonline_minimal_AI_agent_at_work_smiling

 

AgentOps, the emerging operational discipline for autonomous agents, is following the same trajectory DevOps and MLOps followed before it. Niche concern for platform teams today, strategic capability that separates leaders from laggards tomorrow. The companies that invest early in reasoning-chain observability, circuit breakers, and cost attribution will have a structural advantage when they're managing 50,000 agents instead of 50.
The defensible value isn't in any particular LLM or agent framework. Those are commoditizing fast. The value is in the orchestration and governance layer, the context management, the verification loops, the sub-agent coordination, and the control infrastructure that makes agents reliable at scale.

The bottom line

We've been through this pattern before. Every time a new layer of abstraction enters the enterprise, whether it's VMs, containers, microservices, or cloud services, there's an initial gold rush of adoption, followed by a painful reckoning with governance. The organizations that built control planes early in each cycle gained compounding advantages. The ones that didn't spend years cleaning up the mess.

AI agents are the next layer. The gold rush is already underway. The question isn't whether your enterprise will run thousands of agents, it will. The question is whether you'll have the governing infrastructure in place when it does, or whether you'll be among the 88% scrambling to contain what they've already deployed.

That's not a technology question. It's a leadership question.

And the window for answering it proactively is closing faster than most realize.

Enterprise Agent Control Plane—FAQs

Get in touch

Do you know what your agents are doing?