CURRENT | Vision

The Structural Problem

The Org Chart Nobody Drew

By Nora Kaplan— March 25, 2026

Feature image for article: The Org Chart Nobody Drew

The average enterprise now runs 37 AI agents. Most were never reviewed by a security team. More than half operate without logging. Only about a quarter of organizations can see which of their agents are talking to each other. RSA 2026 mobilized around this problem. Governance tools, identity platforms, discovery engines. Threat containment was the universal pitch.

Then look at what the vendors actually shipped. Products that onboard agents through structured workflows. That assign them to human managers. That sort their actions into tiers of decision authority. The security industry set out to build better monitoring. Look closely at what they built, and a different picture emerges of what's forming inside the enterprise.

The Structural Problem

The Org Chart Nobody Drew

By Nora Kaplan— March 25, 2026

The average enterprise now runs 37 AI agents. Most were never reviewed by a security team. More than half operate without logging. Only about a quarter of organizations can see which of their agents are talking to each other. RSA 2026 mobilized around this problem. Governance tools, identity platforms, discovery engines. Threat containment was the universal pitch.

Then look at what the vendors actually shipped. Products that onboard agents through structured workflows. That assign them to human managers. That sort their actions into tiers of decision authority. The security industry set out to build better monitoring. Look closely at what they built, and a different picture emerges of what's forming inside the enterprise.

Two Faces of It

Who Answers for the Agent

When an AI agent updates the wrong record or routes an approval to the wrong person, the org chart offers no answer about who's responsible. Enterprises have embraced "agents as team members," but team members exercise judgment before acting. Agents don't pause. Someone will eventually own the consequences of non-human decisions. The tooling for that person is already being built. The role just doesn't have a name yet, possibly because nobody wants the job.

Two Faces of It

The Pressure Gradient

The first piece looks up and down the org chart for who owns an agent's mistakes. This one looks across it, at what happens when two functions can't agree on whether the agent should have been deployed at all. Ninety percent of organizations pressure security teams to loosen identity controls for AI. Both sides are behaving rationally. Their reward structures just point in opposite directions, and better dashboards won't reconcile them.

Two Faces of It

Who Answers for the Agent

When an AI agent updates the wrong record or routes an approval to the wrong person, the org chart offers no answer about who's responsible. Enterprises have embraced "agents as team members," but team members exercise judgment before acting. Agents don't pause. Someone will eventually own the consequences of non-human decisions. The tooling for that person is already being built. The role just doesn't have a name yet, possibly because nobody wants the job.

Two Faces of It

The Pressure Gradient

The first piece looks up and down the org chart for who owns an agent's mistakes. This one looks across it, at what happens when two functions can't agree on whether the agent should have been deployed at all. Ninety percent of organizations pressure security teams to loosen identity controls for AI. Both sides are behaving rationally. Their reward structures just point in opposite directions, and better dashboards won't reconcile them.

Two Faces of It

Who Answers for the Agent

When an AI agent updates the wrong record or routes an approval to the wrong person, the org chart offers no answer about who's responsible. Enterprises have embraced "agents as team members," but team members exercise judgment before acting. Agents don't pause. Someone will eventually own the consequences of non-human decisions. The tooling for that person is already being built. The role just doesn't have a name yet, possibly because nobody wants the job.

Two Faces of It

The Pressure Gradient

The first piece looks up and down the org chart for who owns an agent's mistakes. This one looks across it, at what happens when two functions can't agree on whether the agent should have been deployed at all. Ninety percent of organizations pressure security teams to loosen identity controls for AI. Both sides are behaving rationally. Their reward structures just point in opposite directions, and better dashboards won't reconcile them.

The Discovery Moment

Forty-Three Agents Nobody Hired — One VP's Reckoning with Shadow AI

The Discovery Moment

Forty-Three Agents Nobody Hired — One VP's Reckoning with Shadow AI

The Market Response

"Control Plane for Agents" Is Now a Product Category. That Tells Us More Than the Product Does.

Microsoft's Agent 365, generally available May 1 at $15 per user per month, is a governance layer for managing AI agents across the enterprise. The product is fine. The interesting part is what it takes for granted: that agent populations inside organizations have grown wild enough to need their own infrastructure.

Microsoft reportedly found 500,000 agents inside its own environment while building this. If the vendor creating the governance tool couldn't see what it had, most enterprises are flying blind.

But notice what the category name frames as the problem. Visibility. Control. Permissions. These are real concerns. They're also the concerns a platform vendor is well-positioned to solve. The harder questions, like whether organizations are losing the judgment to know when an agent's output is subtly wrong, don't fit neatly into a $15/month SKU.

The Market Response

"Control Plane for Agents" Is Now a Product Category. That Tells Us More Than the Product Does.

Microsoft's Agent 365, generally available May 1 at $15 per user per month, is a governance layer for managing AI agents across the enterprise. The product is fine. The interesting part is what it takes for granted: that agent populations inside organizations have grown wild enough to need their own infrastructure.

Microsoft reportedly found 500,000 agents inside its own environment while building this. If the vendor creating the governance tool couldn't see what it had, most enterprises are flying blind.

But notice what the category name frames as the problem. Visibility. Control. Permissions. These are real concerns. They're also the concerns a platform vendor is well-positioned to solve. The harder questions, like whether organizations are losing the judgment to know when an agent's output is subtly wrong, don't fit neatly into a $15/month SKU.

Bundle signal:

Agent 365 ships inside Microsoft 365 E7 at $99/user/month, positioning agent governance as default enterprise capability

Identity architecture:

Each agent receives its own Entra Agent ID, elevating autonomous systems to first-class identity principals alongside human users

Governance gap:

Only 14.4% of organizations report all AI agents launching with full security and IT approval, per Gravitee's 2026 survey

Historical echo:

MDM emerged because smartphones outpaced IT governance. Agent sprawl follows the same pattern with higher stakes and less visibility

Complexity forecast:

Four in five IT leaders believe agent proliferation will generate more complexity than value without dedicated governance infrastructure

Going Deeper

HBR: 'To Scale AI Agents Successfully, Think of Them Like Team Members'

Carnegie Mellon and Pitt researchers frame agent deployment as workforce design, not software rollout. The HR analogy lands harder than expected.

Gravitee: 'State of AI Agent Security 2026 Report: When Adoption Outpaces Control'

82% of executives feel covered. Only 21% can actually see what their agents are doing. That gap is the whole story.

Cisco Newsroom: 'Cisco Reimagines Security for the Agentic Workforce'

Microsoft Security Blog: 'Secure Agentic AI End-to-End'

The Hacker News: 'AI Agents: The Next Wave Identity Dark Matter'

Going Deeper

HBR: 'To Scale AI Agents Successfully, Think of Them Like Team Members'Carnegie Mellon and Pitt researchers frame agent deployment as workforce design, not software rollout. The HR analogy lands harder than expected.

Gravitee: 'State of AI Agent Security 2026 Report: When Adoption Outpaces Control'82% of executives feel covered. Only 21% can actually see what their agents are doing. That gap is the whole story.

Quick links

Cisco Newsroom: 'Cisco Reimagines Security for the Agentic Workforce'

Microsoft Security Blog: 'Secure Agentic AI End-to-End'

The Hacker News: 'AI Agents: The Next Wave Identity Dark Matter'

Past Articles

The Human Door

If the machine-readable interface is more honest than the human one, an uncomfortable question follows: what happens to ...

The Honest Version We Built for Machines

A hotel booking site, talking to an AI agent, can't show a countdown timer. It can't bury fees on page three of checkout...

The Maintenance Phase

If agents become features embedded in every platform, someone still has to keep them working. BCG found that 70% of succ...

What Stops Being Found When Every Agent Agrees

If different AI agents applied genuinely independent judgment, the filtering described in our companion piece would be u...

Past Articles

The Human Door

If the machine-readable interface is more honest than the human one, an uncomfortable question follows: what happens to ...

The Honest Version We Built for Machines

A hotel booking site, talking to an AI agent, can't show a countdown timer. It can't bury fees on page three of checkout...

The Maintenance Phase

If agents become features embedded in every platform, someone still has to keep them working. BCG found that 70% of succ...

What Stops Being Found When Every Agent Agrees

If different AI agents applied genuinely independent judgment, the filtering described in our companion piece would be u...