Here is an uncomfortable exercise. Ask your IT or security team for a complete list of the AI agents currently operating across your organisation - everyone, with what each can access and who owns it. In most organisations, that list does not exist. Not because anyone was negligent, but because agents have arrived faster than anyone has been able to track them.

That gap has a name: shadow AI. And unlike most governance problems, it is already here, quietly, whether or not it is on your roadmap.

Where shadow agents come from?

Shadow AI is not usually the result of someone going rogue. It is the result of agents becoming easy to create and easy to switch on - so they appear from many directions at once:

• Inside the SaaS you already use. Tools your teams rely on keep adding agentic features. Switch one on and you have a new agent acting on your data, often without a procurement conversation.

• Browser extensions and personal tools. An employee adds an AI assistant to their browser or workflow to be more productive. Helpful, well-intentioned - and completely outside your governance.

• Developer and team builds. With platforms making agents straightforward to assemble, individual teams build their own to solve local problems, never registering them centrally.

• Copies and forks. An approved agent gets duplicated and modified for a slightly different task. Now there are two, and only one of them is governed.

Each of these is individually reasonable. Collectively, they produce an estate of agents that no single person can see - the phenomenon we describe elsewhere as agent sprawl.

Why this is worse than classic shadow IT

Organisations have dealt with "shadow IT" for years - unsanctioned apps and services adopted without approval. It is tempting to file shadow AI in the same drawer. That would be a mistake, because agents differ in two ways that matter.

Agents act. A shadow spreadsheet holds data. A shadow agent takes actions - it can read records, write to systems, send communications and trigger processes. The risk is not just data sitting somewhere it shouldn't; it is decisions and actions taken on your behalf by something you are not governing.

Agents hold access. To be useful, an agent is given access to data and systems. An ungoverned agent is therefore an ungoverned access path - and often a broadly-scoped one, because access is frequently granted generously "to make it work." A shadow agent can quietly become one of the widest doors into your data estate.

Put those together and shadow AI is less like an unauthorised app and more like an unmanaged member of staff who never sleeps, has system access, and whom nobody is supervising.

What's actually at risk

Three exposures matter most:

1. Data leaving where it should stay. An ungoverned agent may move sensitive data into places - or models - your policies would never permit, with no one watching.

2. Actions you can't account for. When an agent acts and something goes wrong, you need to know which agent, on whose behalf, and why. With shadow agents, that record usually does not exist.

3. Compliance you can't evidence. In regulated sectors, "we didn't know that agent was running" is not a defence. The inability to inventory and audit your agents is itself a finding waiting to happen.

The first move is not a ban - it's discovery

The instinct, on realising shadow AI exists, is to clamp down. Resist it. A blanket ban does two unhelpful things: it pushes useful experimentation further underground, and it tells you nothing about what is already running. You cannot govern what you cannot see, so the genuinely useful first move is discovery - building a current, honest inventory of the agents operating across your environment, what each can access, and who is responsible for it.

Discovery is also clarifying in a way that tends to change the conversation. Leaders who run the exercise are usually surprised by both the number of agents already in use and the breadth of access some of them hold. That surprise is the point: it turns an abstract worry into a concrete, prioritised list.

From "find them" to "govern them"

Discovery is step one, not the destination. Once you can see your agents, the work is to bring them under management:

• Give each agent an identity, so it is a named, governed actor rather than an anonymous process.

• Right-size access to least privilege - most shadow agents are over-permissioned.

• Bring them onto a control plane so they are monitored and auditable alongside everything else. This is precisely the job of a tool like Agent 365, which is designed to discover, register and govern agents - including ones built outside Microsoft's own platforms.

• Decide ownership and oversight for each - who is accountable, and which actions need a human in the loop.

This is the bridge from shadow AI to governed AI, and it is the heart of a proper agent governance model. The tooling helps enormously; the decisions about access, ownership and oversight remain yours to make.

The takeaway

Shadow AI is not a future risk to plan for; it is a present reality to surface. The organisations that handle it well will not be the ones that banned agents, nor the ones that ignored them - they will be the ones that found them, brought them under governance, and turned an invisible liability into a managed, productive part of how they work.

Start by finding out what is already running. A short discovery exercise is a low-effort way to begin, and when you are ready to turn the findings into a plan, book a governance readiness conversation.