Over-privileged AI agents can delete a production environment in seconds. See how Bank of America, Travelers, and EY built ownership, access, and reuse controls to stop AI agent sprawl.
In December 2025, a team of Amazon engineers asked an AI agent to fix a small bug. The agent was Kiro, Amazon's own coding tool, and the task was routine: a minor correction inside AWS Cost Explorer. But what happened next was anything but routine.
The agent inherited an engineer's elevated permissions, which let it bypass the standard two-person approval. Because of this, it decided the cleanest path forward was to delete and rebuild the entire production environment, which it accomplished faster than a human could catch it. The result was a 13-hour outage in one of Amazon's regions in mainland China.
The agent didn’t misunderstand the task; it simply chose a method no human would have approved. The danger was what the agent was allowed to do. Amazon disputed that account in a public rebuttal, claiming that the outage came from a misconfigured role, not the AI. It called the tool's involvement a coincidence, noting the same error could have happened with any developer tool (Experts were unconvinced). Regardless, Amazon added mandatory peer review afterward as a safeguard for production changes. The fix was a control, not a smarter model.
This cautionary tale highlights a problem now spreading across large enterprises. Enterprises are deploying AI agents faster than they can track who owns them, what they can access, and how they overlap. This creates a sprawl that resembles shadow IT but carries higher stakes. Every CIO is about to face the same question: how many agents are running right now, who owns them, and what exactly can they touch?
The urgency is quantifiable. Large enterprises are heading toward unchecked AI agent sprawl, with more than 1,600 agents running inside their walls by the end of 2026. Yet only 18% of organizations keep a current, complete inventory of the agents they already have, according to IBM research presented at its Think 2026 conference. Agents are being created faster than anyone can track them: the gap between deployment and visibility is AI agent sprawl.
The easy comparison is shadow IT, the old problem of employees signing up for unapproved software (mirrored recently by shadow AI). But AI agent sprawl is a compounding issue. Whereas shadow software is a passive risk, an AI agent reads, writes, and acts. It can move money, change records, delete environments, and send messages without a human in the loop. When an over-permissioned agent goes wrong, it has the potential to wreak havoc.
This is why AI agent management has moved from a nice-to-have to a board-level concern. The correct approach involves deciding, before the next agent goes live, who owns it, what it can access, and whether it duplicates something that already exists. Here, we examine three companies that exemplify this discipline in practice.

To comprehend the full scope of the issue, it’s important to identify where AI agent sprawl originates from:
Each of the three companies below took deliberate action against one of these failures.
"There are 16 different parameters we look at to determine if a capability holds muster when it comes to responsible deployment, and that has not changed."
—Hari Gopalkrishnan, Head of Consumer, Business and Wealth Management Technology, Bank of America
Bank of America solved the ownership problem by refusing to let any agent reach production without passing through an accountability structure. In fact, at Bank of America, every AI capability is governed by a set of 16 responsible-deployment parameters, including an AI oversight council that manages safety and governance. Instead of scattered, team-by-team ownership, there is one front door.
Bank of America’s discipline shows up in its design choices, too. The bank built its client-facing assistant, Erica, on a controlled proprietary platform rather than an open, unpredictable model. The point was to know exactly what the system could and could not do before millions of customers touched it.
Perhaps counterintuitively, this cautious approach didn’t slow adoption. More than 90% of the bank's 213,000 employees now use the internal version of Erica, and the company credits it with cutting IT service calls by more than half. Coders using generative AI tools posted a 20% efficiency gain. The lesson for leaders keyed into AI agent sprawl is clear: ownership is an accelerator, not a brake. In fact, Bank of America has posted a 94% increase in AI patents since 2022 across multiple categories.
![BofA AI patents increased 94% since 2022, thanks in part to prioritizing ownership to proactively address any AI agent sprawl issues. Displayed here is a circle chart with a gear graphic in the middle, titled “BofA patents granted in the first half of 2024.” Categories are described with percentages, like “Artificial Intelligence (AI) and Machine Learning [17%].”](https://cdn.prod.website-files.com/60494527fea68422687bfcf1/6a4446b51218cd76e1f0a758_95553787.jpeg)
The insurance company Travelers addressed potential access and control concerns by being deliberate about scope. In early 2026, it launched a fully agentic AI Claim Assistant, a voice system that handles customer claim calls from start to finish. The temptation with a capable agent is to point it at everything at once, yet Travelers did the opposite.
The assistant launched for a single, narrow job: taking first-notice auto damage claims (the initial formal report filed to an insurance company). One lane. Customers could reach a live specialist at any point, and human adjusters handled the complex cases. The agent's authority was defined by what it was allowed to handle, not by everything it was technically capable of handling.
"The technology behind our AI Claim Assistant is remarkably dynamic and responsive, and early customer feedback has been overwhelmingly positive."
—Nick Seminara, Executive Vice President and Chief Claim Officer, Travelers
The single-lane approach paid off. After launching in eight states, Travelers expanded the assistant across the country within two months, and 85% to 90% of customers now complete their claim filing through the agent. Travelers called this “disciplined innovation,” and that’s the part worth copying. A tightly scoped agent that works is far more valuable than a broad one that needs to be reined in after something goes wrong.
EY ran into duplication and fragmentation head-on. As its teams began building agents, workflows, and custom models on their own, fragmentation set in. Different groups were solving similar problems in different ways, which meant duplicated investment, inconsistent governance, and effort that didn’t pay off.
Rather than allowing teams to continue building in isolation, EY built a single operating system for its agents. On that shared layer, agents are created, discovered, and reused across the business, with governance built into the foundation. A team that needs a capability can find and reuse an existing one rather than build a fifth version.
The scale illustrates the success of this approach. EY developed more than 50,000 agents in nine months on that shared, governed platform. The number is striking, but the structure underneath it is the real point. Without a reuse layer, 50,000 agents would be 50,000 separate liabilities. With one, they become a managed system. For enterprises watching AI agent sprawl accelerate, EY's method shows that centralization is key to governance and unified effort.
Amazon's response to the Kiro outage was telling. Rather than build a smarter agent, it added a human review step, a control on what agents are permitted to do. That instinct is the same one running through Bank of America, Travelers, and EY. None of them succeeded by deploying the most agents. They did so by deciding who owns each agent, what it can access, and whether it already exists somewhere else, before it shipped.
So the question for your next leadership meeting is not how many agents you can launch this quarter. It is whether you can answer three things about the agents already running:
If those answers are missing, you have an AI agent sprawl issue, and with policies like the EU AI Act tightening record-keeping and oversight rules for high-risk systems, the cost of oversight is rising.
Agentic AI is an undeniably powerful tool, but without a clear program for managing it, organizations run the risk of discovering issues only after something breaks.
.avif)
AI agent management is the practice of governing the full lifecycle of enterprise AI agents: who owns them, what they can access, how they are monitored, and whether they duplicate existing work. It has moved from a nice-to-have to a board-level concern as agent counts climb and regulators tighten record-keeping rules for high-risk systems.
Agents act on their permissions at machine speed. While a traditional script does only what it was programmed to do, an agent can choose actions no one requested. Teleport found that over-permissioned AI systems see 4.5 times more security incidents than tightly scoped ones, making access control central to AI agent management.
Define ownership, access, and reuse strategies before agents go live. Route every agent through one accountable approval structure, scope its permissions to the specific task, and build on a shared layer so teams reuse agents instead of duplicating them. Companies like Bank of America, Travelers, and EY show these disciplines in practice.
Shadow IT is a passive risk, while AI agent sprawl is an active one. An unapproved software tool holds data. An agent reads, writes, and acts: it can move money, change records, or delete environments without a human in the loop. When an over-permissioned agent fails, it can cause major issues for an organization.
AI agent sprawl can be thought of as the gap between how fast enterprises deploy AI agents and how they track them. Agents can emerge across departments without inventory or clear ownership. IBM found that large enterprises are heading toward more than 1,600 agents each by the end of 2026; only 18% keep a complete inventory.