Here's a set of numbers that should stop you mid-scroll, from OutSystems' 2026 State of AI Development report, which surveyed nearly 1,900 IT leaders: 96% of enterprises are already running AI agents in some capacity, 94% are worried the sprawl is creating security and technical-debt risk, and only 12% have a centralized platform to actually govern any of it. Everyone deployed. But almost nobody built the plumbing to control what they deployed.
That gap is not a tooling problem. It's a staffing problem, and it's more specific than the usual "hire more AI talent" hand-waving.
The ownership question has three wrong answers, all given simultaneously
Separate research (a Cloud Security Alliance survey of 285 IT and security professionals, commissioned by the identity vendor Strata) found that when something goes wrong with an autonomous agent, responsibility splits across Security teams (39%), IT departments (32%), and emerging AI security functions (13%). Three teams, and no clear owner. Only 23% of organizations have a formal, enterprise-wide strategy for managing agent identity at all. Another 37% are relying on informal, ad hoc practices, which is a polite way of saying they're making it up as incidents happen.
Think about what that actually means operationally. An agent with write access to a CRM, a deployment pipeline, or a customer database misfires. Who gets paged? Under the current default, the answer is: whoever notices first, and then a scramble to figure out whose job it was supposed to be. Fewer than half of surveyed organizations feel even "somewhat confident" they could pass a compliance review focused on agent behavior. Read that as a live exposure, not a hypothetical one — sitting in production right now at a lot of the companies that shipped agents this year.
This is a different hire than "AI engineer"
Most CTOs have spent 2026 hiring for agent building: prompt engineers, agent orchestration specialists, people who can wire up tool calls and evaluation harnesses. That's real and it matters. But building the agent and owning the agent are different jobs, and almost nobody has a req open for the second one.
The role that's missing looks less like a builder and more like an auditor with teeth: someone who owns the access model for every non-human identity in the stack (every agent, every service account, every bot with credentials), who defines the notification chain when an agent crosses a threshold it shouldn't, and who can actually answer "which agent touched this record and under whose authority" during an incident review. Forty percent of organizations are already increasing identity and security budgets specifically to address agent risk — so the money is moving. The org chart hasn't caught up to where the money is going.
If you're a CTO or VP Eng and you've deployed agents into anything customer-facing or data-sensitive, ask yourself right now: if one of them did something wrong today, whose desk does that land on? If you can't answer in one sentence, you don't have an AI governance strategy — you've got three teams each assuming the other folks own it.
What "good" looks like
The pattern that separates companies that recover fast from the ones that don't isn't complicated: a named owner for every agent in production, and a documented incident workflow written before deployment, not improvised after. When that's in place, a misfiring agent is a contained incident. When it isn't, it's a scramble to figure out who's even supposed to be in the room.
That's a hiring decision, not a policy memo. You can write the governance framework in an afternoon. You cannot manufacture the person who owns it, understands both the security and the AI system architecture, and has the standing to pull an agent's access on their own authority — not without recruiting for that specific, still-rare combination.
The companies moving fastest on agents right now are, almost by definition, the ones accumulating this exposure fastest. If your agent fleet has grown in 2026 and your org chart hasn't added a name next to "owns agent identity and incident response," that's not a governance gap. It's an open req you haven't written the job description for yet. Write the req before you need it.
Sources: OutSystems 2026 State of AI Development report; Strata / Cloud Security Alliance — The AI Agent Identity Crisis: New Research Reveals a Governance Gap