An AI agent encountered a credential mismatch during a routine task, went looking for a fix on its own, found an API token granting far more access than it should have, and used it to delete its company’s entire production database. That took nine seconds from start to finish.
It's the kind of story that sounds hypothetical, but it actually happened. Many businesses are one over-permissioned token away from the same fate.
For three years, organizations have rushed to deploy AI as fast as they can, and plenty have succeeded. Fifty-nine percent of organizations are now using agentic AI to help run their businesses, according to the ServiceNow Enterprise AI Maturity Index 2026.
What most of those businesses haven't built are the guardrails to govern that new fleet of AI agents. Only 20% have put basic AI testing, auditing, and risk assessment in place. That means the majority of enterprises are running AI agents they can't govern, let alone see. Ask a roomful of executives whether they could shut off an agent that went rogue tomorrow and watch how many remain quiet.
Cloud computing arrived with the same gold-rush energy. A few years later, everyone was untangling shadow IT—the servers, subscriptions, and data stores nobody had approved. The organizations that invested early in cloud and API governance paid a one-time architectural cost; the ones that didn't paid many times over, at increasing scale, and always at the worst possible moment.
Shadow IT has given way to something more dangerous: shadow AI. While an unmonitored server just sits, an unmonitored AI agent keeps working. It makes decisions, grants permissions, and talks to other AI agents.
Connected AI agents amplify each other's errors as readily as they amplify each other's value. By the time anyone notices, the cost to fix the problem has compounded.
The scope of this mess is only increasing. The share of organizations with workflows integrated across business functions fell from 30% in 2025 to 16% in 2026, according to the Enterprise AI Maturity Index. That's because of a wave of AI agent sprawl piling onto point solutions that were already fragmented. More agents and less coordination have created a perfect storm for the enterprise.
This is starting to show up in the business ledger. Gartner predicts that “over 40% of agentic AI projects will be canceled by the end of 2027, due to escalating costs, unclear business value, or inadequate risk controls.”
The technology mostly works. What fails is everything around it: the part nobody bought, because it wasn't as exciting as the tech itself.
“Most enterprises today have more AI running than they can account for,” says Jon Sigler, executive vice president and general manager of AI platform at ServiceNow. “In order to move with confidence, organizations need visibility into what AI is running, control over what it can access, and the ability to correct when something goes wrong.”
Most AI governance efforts trip on the same buried assumption: that there's already an inventory to govern. There usually isn't, which is why organizations that buy a platform to wrangle their AI agents often confront the exact problem that sent them looking for a solution in the first place.
The fix has to start a step earlier, with discovery. ServiceNow AI Control Tower goes looking for the AI agents nobody remembers deploying, working across more than 30 integrations spanning AWS, Google Cloud, Microsoft Azure, and apps such as Salesforce, Oracle, and Databricks. What comes back is an inventory of every first- and third-party AI agent, model, and tool.
“Discovery can’t just be a one-time audit. It needs to be continuous,” Sigler says. “ServiceNow AI Control Tower surfaces your complete AI footprint, then feeds that visibility into real-time governance. This is how enterprises can move from managing risk reactively to scaling AI intentionally.”
Drawing on Traceloop from ServiceNow—an observability solution that tracks every AI model call running in the organization’s ecosystem—AI Control Tower watches AI agent behavior as it happens. Crucially, it drills down on the specific logic an AI agent used to reach a decision.
When an agent is compromised, the response is fast and surgical. AI Control Tower leans on the Veza from ServiceNow Access Graph, which maps permissions across human, machine, and AI identities to calculate an agent's blast radius—every system that one infected agent can reach.
From there, AI Control Tower can remediate the problem on its own. ServiceNow AI Gateway gives security teams visibility into the transactions passing between Model Context Protocol (MCP) servers and their clients, along with guardrails that detect and lock down prompt injections, anonymize sensitive data, and block toxic content.
AI Control Tower ties each agent back to the workflows and the Configuration Management Database (CMDB) that underpin it. That means users will know exactly which business service leans on that AI agent and what might break before they intervene.
None of this eliminates unauthorized AI agents. They're already running, their permissions are already live, and the money's already going out the door. The organizations that figure this out early will spend a little now; the rest will spend a lot later.
Visibility buys you access to what’s running across the business and what it’s allowed to touch. Many organizations are still unaware. For one company, it took just nine seconds for that to matter.
Find out how ServiceNow can help you control and govern AI agents, models, and identities.