Speaking at the Gartner Digital Workplace Summit in London, Max Goss, Sr. Director Analyst at Gartner said: “As CIOs and IT leaders see an explosion of AI agents across their organizations, many are contending with an ungoverned sprawl of agents that expose their organizations to a range of risks, including misinformation, oversharing and data loss.
“Organizations need to find a balance where they can govern agents and manage sprawl, but also safely empower employees to innovate with these tools.” – Max Goss, Sr. Director Analyst at Gartner
1. Establish agent governance and policies: Set clear rules for when and how agents are built, who can create and share them, and what connectors are permitted.
2. Build centralized agent inventory: Organizations can use AI trust, risk, and security management (AI TRiSM) tools to help discover and categorize agents across applications, both from sanctioned tools, and from shadow AI solutions. Once organizations have an agent inventory, they can start to build adaptive controls to enforce the right policies based on the level of risk the agent presents.
3. Define agent identity, permissions and life cycle model: Manage the agent identity, permission model and access controls, review, and retire redundant agents to prevent uncontrolled sprawl.
4. Develop AI information governance: Govern what information the AI tool or agent has access to and ensure that there is a process in place to keep the data current, manage its permissions to prevent oversharing, and archive the data when it is obsolete.
5. Monitor and remediate agent behavior: Establish ongoing visibility into agent usage, ensure policy compliance, detect anomalous behavior, and correct agents that exceed their intended scope or risk tolerance.
6. Foster a culture of responsible AI usage: Support the workforce with training programs and a community of practice to drive adoption and amplify best practices on agent management across the organization.
