Forty-Five to One.

The Non-Human Workforce Already Inside Your Enterprise Is Not on Any Register.

Ninety-seven percent of European enterprises are exploring agentic AI. Forty percent of those projects will be cancelled by 2027. Twelve percent govern their agents from a single platform. And for every human you employ, forty-five non-human identities are already authenticating, transacting, and committing on your enterprise’s behalf.

Agentic AI did not arrive in 2026. It accumulated. While the board debated pilots, individual business units shipped them: fifty-plus task-specific agents in the average enterprise, dozens more from SaaS vendors auto-enabling “copilot” features, and an unbounded long tail of low-code agents built by employees who never opened a ticket. The result is the largest population of authenticated actors your enterprise has ever hosted — and the smallest share of them under any form of central governance in the history of your IT function.

OutSystems’ 2026 State of AI Development survey (1,879 IT leaders) is the clearest x-ray of the gap: ninety-seven percent of organisations are already exploring agentic AI strategies, and forty-nine percent rate their own capability as “advanced” or “expert.” Yet only thirty-six percent operate a centralised approach to agentic governance, and only twelve percent use a centralised platform to maintain control. An eighty-five-point gap between perceived mastery and operational control is not a maturity curve. It is an enterprise architecture failure in motion.

A parallel survey of six hundred CIOs found that eighty-seven percent now have AI agents embedded in production-critical systems — and only twenty-five percent claim full visibility of those agents. Sixty-two percent of the surveyed estates cannot enumerate which agents are calling which APIs, with what credentials, and to what end. The conversation has migrated from “shadow IT” to what Forrester now calls “shadow operations”: autonomous actors executing logic, modifying state, and clearing transactions outside the boundary of any control plane the CIO actually owns.

The Population Is Already Here

Gartner’s April 28, 2026 release — Six Steps to Manage Artificial Intelligence Agent Sprawl — quantified what most CIOs already suspected: service accounts, API keys, RPA workers and agentic AI now outnumber human identities by forty-five to one in the average enterprise, rising to eighty-to-one or more in cloud-native organisations. Only twenty-one-point-nine percent of those enterprises treat AI agents as independent, identity-bearing entities. The remaining seventy-eight percent run them under shared service principals, shared API keys, or impersonated user tokens — the three patterns DORA Article 28 was designed to surface, and that NIS2 Article 21 supply-chain controls explicitly require enterprises to inventory.

The reason this matters is not philosophical. Every European enterprise above the NIS2 essential or important threshold must, by transposition, maintain a register of significant ICT services and their dependencies. Every financial entity in scope of DORA must, since January 17, 2025, maintain the Register of Information of contractual arrangements and update it for the supervisor on demand — the same register the European Supervisory Authorities used on November 19, 2025 to designate the first nineteen Critical ICT Third-Party Providers. A non-human workforce of forty-five-to-one is not on either register. Neither are the gateway libraries underneath them (see AGCR-D, Edition 51). Neither are the orchestration frameworks they bind to. The agents themselves are the most populous, least governed, and most regulator-invisible third party in the European enterprise.

Agent sprawl is not a security problem in waiting. It is an enterprise architecture portfolio decision you have already made — by not making it.

Why Forty Percent Will Be Cancelled

Gartner’s prior forecast — that more than forty percent of agentic AI projects will be cancelled by the end of 2027 — has been read by the market as a warning about model maturity. It is not. The cited causes are escalating costs, unclear business value, and inadequate risk controls: three EA-portfolio failures, not three AI failures. Models are not the bottleneck. The absence of a portfolio function that can see the agent fleet, price it, govern it, and retire it is the bottleneck. Cancellations in 2027 will not be cancellations of bad agents. They will be cancellations of agents whose owners cannot prove what they did, what they cost, or who authorised them — because no one in the enterprise was ever positioned to know.

Forrester’s 2026 outlook now expects half of enterprise ERP vendors to launch autonomous governance modules — explainable-AI panels, automated audit trails, real-time compliance monitoring — and sixty percent of Fortune 100 firms to appoint a dedicated AI oversight head. Microsoft Agent 365 went GA earlier this quarter as a cross-cloud agent control plane for Microsoft, AWS, and Google environments. The market is converging on the answer. The European enterprise is not yet converging on the question.

The Agentic Architecture Sprawl Index (AASI)

AASI is a five-axis diagnostic for the agent fleet itself — not for any individual model, not for any individual vendor. It measures whether the enterprise can credibly answer the only five questions a regulator, an auditor, or a board chair will actually ask once the cancellations begin: How many agents do we have? Who is each one? What does each one share with the others? Who can stop them? And what would they break if they kept going? Each axis is scored from one (no discipline) to five (portfolio-grade). Composite below twelve indicates critical sprawl. Most European enterprises today score in the six-to-eight range.

Axis 1 — Pilot-to-Platform Convergence (PPC)

Are agentic AI initiatives consolidated onto a single platform, or distributed across uncoordinated business-unit pilots? The OutSystems baseline — twelve percent centralised platform — maps almost directly to a PPC score of two. Score one when each business unit operates its own framework and the CIO cannot enumerate them. Score five when every agent in production runs under one registered platform with one lifecycle owner.

Anchors: ISO/IEC 42001 Clause 5 (Leadership) and Annex A.6 (AI system life cycle); EU AI Act Article 50 transparency (in force August 2, 2026, unchanged by the May 7 Digital Omnibus on AI); Forrester 2026 (autonomous governance modules).

Axis 2 — Non-Human Identity Discipline (NHID)

Does every agent carry a cryptographic, revocable, lifecycle-managed identity — or do agents ride on shared service principals, hard-coded API keys, or borrowed user tokens? The Gartner baseline — forty-five-to-one NHI ratio with twenty-one-point-nine percent treated as identity-bearing — maps to a NHID score of two. Score one when the enterprise cannot produce a list of agent identities at all. Score five when every agent is issued from a single non-human identity provider, with rotation, expiry, and behavioural baselining.

Anchors: NIS2 Article 21 (supply-chain controls and access management); ISO/IEC 27001 Annex A.5.16 (identity management) and A.8.5 (secure authentication); DORA Article 9 (ICT security policies); GDPR Article 32 (security of processing).

Axis 3 — Gateway and Orchestration Concentration (GOC)

How many distinct LLM gateways, orchestration frameworks, and prompt routers does the agent fleet depend on — and is the dependency visible in the DORA Register and the NIS2 inventory? This is the direct downstream of AGCR-D (Edition 51): a forty-minute compromise at the gateway layer is a compromise of every agent that routes through it. Score one when no inventory exists. Score five when the gateway substrate is enumerated, version-pinned, regulator-visible, and surfaced to the board as a concentrated third-party dependency in its own right.

Anchors: DORA Article 28 (Register of Information; nineteen CTPPs designated November 19, 2025; Joint Examination Teams operational with suspend/terminate powers); NIS2 Article 21; AGCR-D (Edition 51).

Axis 4 — Policy Engine Convergence (PEC)

What percentage of agents in production are evaluated by a single policy engine — the same engine that mediates user access, with the same audit trail, the same break-glass procedure, and the same kill-switch? Anything below ninety percent in a regulated estate is regulatory exposure. Score one when each agent enforces its own logic. Score five when policy decisions are externalised, centralised, attestation-signed, and replayable.

Anchors: ISO/IEC 42001 Annex A.9 (Use of AI systems and human oversight); DORA Article 11 (business continuity, including suspend/terminate); EU AI Act Article 14 (human oversight, where applicable); ENISA Threat Landscape 2025.

Axis 5 — Settlement and Side-Effect Containment (SSC)

Where do agents have authority to commit irreversible side-effects — payment instructions, data exports, infrastructure changes, contract acceptance — and is each commitment authority registered, capped, and reconciled? This is the direct downstream of ACAM Layer 1 (Edition 48): the agent that pays via x402 must be the same identity the policy engine governs and the same agent the DORA Register contains. Score one when commitment surface is unknown. Score five when every commit-capable agent runs under named authority, financial caps, and same-day reconciliation.

Anchors: DORA Article 11 (BCM); MiCA Article 34 (stablecoin reserves and settlement); PSD3/PSR (final Parliament plenary expected May/June 2026; ECON Committee voted May 5, 2026); ACAM Layer 1 (Edition 48).

Scoring and the Composite

Score each axis one to five. A composite of twenty-five is portfolio-grade. Twenty to twenty-four is defensible. Thirteen to nineteen is exposed but recoverable. Below twelve is critical sprawl, and any axis below three is by itself a regulatory finding. Most European enterprises score six-to-eight on AASI today — not because their agents are bad, but because the agent population grew faster than the portfolio function that was supposed to see it. AASI exists to make that gap measurable in a single number that can be reported to a board, plotted against a calendar, and acted on.

Your AI strategy is whatever your forty-five-to-one non-human workforce is doing right now. If you cannot enumerate it, you do not have a strategy. You have a population.

Why This Edition Belongs Next to AGCR-D, ACAM, and SAVED

The Hawk Nest IP portfolio has been mapping the European AI third-party stack from the bottom up. ACAM (Edition 48) named the agentic-payments protocol layer. SAVED (Edition 49) measured fourth-party AI breach exposure. GAIA-D (Edition 50) introduced power as a third sovereignty axis. AGCR-D (Edition 51) surfaced the AI gateway library as the fifth, unnamed layer of AI third-party risk. AASI is the portfolio-level diagnostic that sits above all four — the question of whether the enterprise can see, count, govern, and stop the population of agents that consume those underlying layers.

It is also the answer to Gartner’s forty-percent cancellation forecast that does not require cancelling forty percent of the portfolio. The agents that will survive the next twelve months are the ones whose owners can answer the AASI questions before the auditor does. The ones that will be cancelled are the ones whose owners cannot.

Where to Look First, This Week

Three artefacts will tell you your real AASI score in under an hour. First: run a single query against your identity provider for non-human principals created in the last ninety days, and ask whether the count is consistent with the agent inventory the CIO would present to the board. Second: pull the DORA Register of Information (or, for non-financial entities, the NIS2 supplier inventory) and search for the LLM gateway, the agent orchestration framework, and the agent platform by name. If they are absent, AASI Axis 3 is below three on its own. Third: pick any single agent in production and ask the owner to produce the policy decision log for its last ten actions. If it cannot be produced, AASI Axis 4 is below three.

None of these tests require a new platform, a new vendor, or a new framework. They require an enterprise architect with the mandate to ask. AASI exists so that the architect can ask in a language that the board, the regulator, and the CFO recognise at the same time.

Paulo Falcão

Fractional Enterprise Architect · AI Strategist · Transformation Leader

Hawk Nest · hawknest.pt

Selected sources

• OutSystems, 2026 State of AI Development Report (survey of 1,879 IT leaders); summarised in TechHQ, “Agentic AI Governance Is the CIO’s Most Urgent Blind Spot.”

• Gartner press release, “Six Steps to Manage Artificial Intelligence Agent Sprawl,” 28 April 2026.

• Gartner press release, “Over 40% of Agentic AI Projects Will Be Canceled by End of 2027,” 25 June 2025.

• Forrester, “Predictions 2026: AI Agents, Changing Business Models, and Workplace Culture Impact Enterprise Software.”

• CIO.com, “Shadow AI morphs into shadow operations” and “Taming agent sprawl: 3 pillars of AI orchestration.”

• ESAs Joint Designation of Critical ICT Third-Party Providers, 19 November 2025 (under DORA Article 32(1)).

• ISO/IEC 42001:2023, AI Management Systems — Clause 5 and Annex A.6 / A.9.

• Hawk Nest Newsletter, Editions 48 (ACAM), 49 (SAVED), 50 (GAIA-D), 51 (AGCR-D).