The AI Agent Register: How to Count, Own, and Kill Every Agent in Production

A single open binder on a long boardroom table by a window, printed pages showing a tidy agent register list, soft natural light, no people in the room.

Most companies cannot name every AI agent running in production, what it can access, or who turns it off. One enterprise expected 500 and found 2,000. The fix is not a vendor console. It is a one-page agent register, a named owner, and a tested kill protocol.

TLDR

Most companies cannot name every AI agent running in production, what it can access, or who turns it off. Surveys keep putting the same number on it: nearly every enterprise reports AI to its board, but only about a quarter can monitor every agent their teams have shipped. One enterprise expected employees to spin up about 500 agents a week and found 2,000. The fix is not a vendor RFP or a new console. It is a one-page agent register, a named owner, and a tested kill protocol.

The break here is not technical. Models work. Vendor platforms work. The break is that the org chart never caught up with the number of agents, and the number is now several times what the executives running the company believe it is.

The gap between reporting AI and seeing it

In a global survey of 600 CIOs, 95 percent said they already report AI performance to their boards, while only 25 percent could actually monitor every agent their teams had created. The most useful figure was buried three paragraphs in: one enterprise assumed employees were spinning up about 500 agents a week, then ran a management review against its production environment and counted 2,000. Four times what its executives thought. If a board asks for an AI scorecard, most companies can produce a deck. Very few can produce a real count.

4x
more AI agents in production than executives expected, in one enterprise reviewed against its live environment

What shadow AI actually looks like now

Identity surveys land in the same place from a different angle. One study of 1,100 organizations found that 6 percent do not track AI identities at all and another 35 percent do not fully register them. So somewhere between a third and 40 percent of companies running real agents through real systems cannot tell you, on a Tuesday afternoon, what is running, what it can access, or who provisioned it. That is what shadow AI looks like now. It is not an intern with a chatbot tab. It is an agent in production with credentials nobody can find on a Friday.

The cost is already on the books

The reason this belongs in front of a board is that most companies have already paid for it without seeing the line item. Security research on enterprises running agents puts average detection of a compromised agent at 14 hours and average containment at close to a week. A majority suspect agents have already touched data they were not authorized to touch, a majority have already revoked or rotated agent credentials after a suspected exposure, and average spend on agent-identity incidents runs into seven figures a year. Those last two together are the line a CFO underlines: the cost is real, most companies have already incurred it, and most boards have not seen it in a pack yet.

14 hours
average time to detect a compromised AI agent, with close to a week to contain

Why the vendor console is the second step, not the first

The largest enterprise vendors now sell an agent control plane, a single console that promises to discover, govern, and kill any agent. These are real and they will help. But every one of them assumes an inventory already exists. None of them magically discovers a Python script an engineer wrote last quarter that calls a model on a cron job. The human walk-around, asking each team lead to write down every agent and credential they have provisioned, is the part no platform replaces.

Key Insight

The consoles help only after you know what agents you have. The register is the first step and the console is the second. Most teams will spend a quarter shopping for the second step before they have done the first, which is exactly backwards.

The three questions, and the one owner

A board does not need a number that beats the industry baseline. It needs the company's own number, in writing, and a plan for what changes next quarter. Three questions surface all of it. Who owns the agent register, and can that person say in one breath where every production agent lives. If we suspected a compromised agent right now, how fast could we kill it, tested in a tabletop with the on-call engineer and head of security. And are we buying the console or building the register, understanding that only the second is under your control.

The answer to all three is one role, not a new department. Pull one person off the FinOps or developer-productivity team and give them a title: agent owner. They keep a real-time register of every agent in production, they own the kill protocol, and they sit in the room when the board asks about AI risk. That is one person with a one-page document, a channel with the authority to switch things off, and a standing slot on the board pack. The cost is roughly one engineer-month. The cost of skipping it is the seven-figure average companies already spend reacting to incidents nobody planned for.

The one move this week

Ask for the actual number of agents in production this quarter, not the number on the deck. If the honest answer is "I would have to check," that is the project for next week, and it is a far more figure-out-able problem than most founders fear. For how this and the rest of the week's governance news reach the board, see which AI signals belong on your board agenda.

Sources

  1. Dataiku Executive: AI Governance Emerges as Top Corporate Challenge (600-CIO survey) - Seoul Economic Daily, 2026-05-23
  2. New Semperis Study Reveals AI's Effects on the Identity Attack Surface - PRNewswire / Semperis, 2026-05-13
  3. Two-Thirds of Enterprises Suspect AI Agents Have Already Accessed Unauthorized Data - Akeyless, 2026-05-12

Back to all insights