Corporate IT environments are rapidly filling with AI agents, and for many technology leaders, that growth is happening faster than their ability to manage it. As business units independently deploy generative AI tools across multiple cloud platforms, CIOs are facing a new governance challenge: keeping track of an expanding digital workforce that often operates beyond central oversight.
The situation echoes the rise of shadow IT during the early days of cloud adoption, but with a critical difference. Today’s AI agents are not passive tools. They can execute business logic, trigger workflows, and access sensitive data. Without proper visibility and control, they introduce operational risk, security gaps, and unnecessary costs.
According to IDC, the number of actively deployed AI agents is expected to exceed one billion by 2029, representing a forty-fold increase from current levels. Growth is already accelerating. In the first half of 2025 alone, AI agent creation rose by 119 percent. As a result, enterprise leaders are shifting their focus from building agents to finding, auditing, and governing them at scale.
The visibility problem at the heart of AI governance
In many organisations, AI adoption is decentralised by design. Marketing teams might deploy agents on one platform, while logistics or finance teams build on another. Over time, central IT loses a unified view of what agents exist, what they do, and what data they can access.
Salesforce has moved to address this fragmentation by expanding its MuleSoft Agent Fabric, adding automated discovery capabilities that aim to centralise oversight across diverse ecosystems. The goal is to give CIOs and security teams a clear, real-time picture of their AI estate, regardless of where or how agents are deployed.
Automating discovery across platforms
At the core of the update are tools known as “Agent Scanners.” These scanners continuously monitor major AI environments, including Salesforce Agentforce, Amazon Bedrock, and Google Vertex AI, to identify active agents. Instead of relying on developers to manually register their deployments, the system automatically detects agents as they appear.
Discovery alone is not enough. Governance teams also need context. Once an agent is identified, the scanners collect metadata describing its purpose, the large language models behind it, and the data endpoints it is authorised to use. This information is then standardised using Agent-to-Agent (A2A) specifications, creating consistent profiles across vendors and platforms.
Andrew Comstock, SVP and GM of MuleSoft, said the approach is designed to support innovation without sacrificing control.
“The most successful organisations of the next decade will be those that harness the full diversity of the multi-cloud AI landscape,” he said, noting that unified visibility is essential for scaling responsibly.
Reducing risk and controlling costs
Unmanaged AI agents can create both security exposure and financial inefficiency. In regulated industries such as banking, validating a new AI agent often requires time-consuming manual checks. Automated cataloguing allows security teams to instantly see which systems an agent can access and confirm that its permissions are appropriate, using live data rather than outdated documentation.
From a cost perspective, visibility also reveals duplication. Large enterprises frequently discover that different teams have built or licensed similar AI agents for the same tasks on separate platforms. By filtering their AI estate by function, operations leaders can identify overlaps and consolidate tools, reducing redundant licensing and lowering total cost of ownership.
Supporting innovation without losing control
Innovation often happens at the edges of an organisation, where data scientists and engineers build bespoke tools outside traditional procurement processes. The expanded MuleSoft Agent Fabric allows these “homegrown” agents, as well as Model Context Protocol servers, to be registered via URL. Once registered, they become visible and reusable across the enterprise rather than remaining hidden silos.
Jonathan Harvey, Head of AI Operations at Capita, said automated discovery shifts the focus away from inventory management.
“Knowing that every agent is automatically discovered and catalogued allows our teams to collaborate, reuse work, and build smarter multi-agent solutions,” he said.
AT&T is also using the framework to orchestrate agents across customer support, chat, and voice services. Brad Ringer, Enterprise and Integration Architect at AT&T, described the platform as a foundation for scaling AI initiatives across the organisation rather than a standalone tool.
Building the agentic enterprise
As companies move from pilot projects to widespread deployment, governance models must evolve. Relying on spreadsheets or manual tracking is no longer compatible with the speed at which AI agents are created and updated.
Technology leaders are increasingly advised to assume their AI inventory is incomplete and to deploy automated scanning tools to establish a reliable baseline. From there, governance policies can require all agents, whether purchased or internally built, to expose their capabilities and data access in standardised formats such as A2A. With that visibility in place, executives can more effectively audit spending, manage risk, and align AI investment with business priorities.
