Alcon, the eye-care company operating in more than 60 countries, built over 900 AI agents in under a year. βEveryone went and built their own agents β business users and IT users alike,β said Sreenivasa Patibandla, the companyβs Director of System Integrations and APIs.
Itβs a useful opening to Salesforceβs 2026 Connectivity Benchmark Report, because it illustrates how agent deployment has moved faster than the frameworks designed to govern it.
The report, the 11th annual edition produced with Vanson Bourne and Deloitte Digital, finds that 89% of organisations are already deploying AI agents across most or all of their teams. Organisations currently run an average of 12 agents, with that number projected to grow 67% within two years. Half of those agents operate in isolation, disconnected from one another and in many cases from any central oversight. Only 54% of organisations have a formal governance framework covering their agent deployments.
The report describes a situation that is probably familiar for IT leaders: procurement and deployment have happened faster than policy. The difference now is scale, and the rate at which it is still accelerating.
What uncoordinated agents actually cost
The practical consequences of ungoverned agent sprawl are not theoretical. The report identifies several that IT teams are already dealing with. Redundant automations are being built in parallel across departments because no registry exists to show what is already deployed. Data governance gaps are widening: an estimated 27% of enterprise APIs are currently ungoverned, and only 49% of organisations have addressed cross-application data governance as part of their integration strategy. Eighty-six percent of IT leaders in the survey said they are concerned that agents will introduce more complexity than value without stronger integration frameworks.
There is also a compliance dimension. Agents making decisions or accessing data without a documented governance trail create audit exposure, particularly for organisations subject to data protection regulation. The 46% of organisations without a centralised oversight framework are, in effect, running automated processes at scale with limited ability to account for what those processes do.
Andrew Comstock, SVP and GM of MuleSoft at Salesforce, put it in terms of what the IT function is now being asked to own.
βThe true success of an agentic enterprise isnβt found in the sheer number of agents deployed, but the overall effectiveness of those agents. We need to think about how they are discovered, governed and orchestrated to work together. The role of IT is evolving from managing silos to building a unified foundation as the central control plane that allows multi-agent systems to be safe, reliable, and scalable.β
The architecture problem underneath governance
The governance gap doesnβt exist in isolation. The number of applications running across enterprise environments grew from 897 to 957 year-on-year, with only 27% of them integrated. Ninety-six percent of organisations say they face barriers to using data effectively for agent use cases. Forty percent point to outdated IT architecture and data silos as the primary blocker.
This matters for buyers evaluating agent platforms, because the question of whether an agent can be governed depends partly on whether it can be seen. Agents that operate on data held in disconnected systems, with no shared context layer, are harder to monitor, harder to audit, and harder to roll back when something goes wrong. The report finds that 94% of IT leaders agree that agent success requires IT architecture to become more API-driven, with APIs acting as the integration layer that makes agents discoverable and their activity traceable.
Salesforceβs own answer to this isΒ Agent Fabric, which the company has significantly expanded. It is a centralised registry and control layer that automatically discovers agents across third-party platforms including Amazon Bedrock, Microsoft Foundry, and Google Vertex AI, and brings them into a single governance view. The reportβs conclusions and Salesforceβs product roadmap are pointing at the same problem, which buyers should factor into how they read the recommendations.
Deloitteβs read on what organisations need to do
Deloitte Digitalβs involvement in the research adds a perspective from the implementation side. Kurt Anderson, managing director and API transformation leader at Deloitte Consulting, was direct about where the priority should sit.
βThis is an inflection point. Enterprises must move from simply deploying agents to operationalising them at scale through sustainable and secure integration strategies. By establishing API-driven guardrails, enterprises can ensure their agentic transformation is ready for the demands of the modern enterprise.β
That framing aligns with what buyers have been hearing across the industry. AtΒ Enterprise Connect in March, governance and observability had moved clearly to the centre of vendor conversations, with pre-deployment testing and audit tooling treated as requirements rather than optional extras. The 2026 Connectivity Benchmark adds research weight to what has become a consistent message from vendors and analysts: production-grade agent deployment requires governance infrastructure to be in place before scale, not after it.
Three questions IT leaders should be asking now
The reportβs most useful output for buyers is less about what vendors should build and more about what IT teams should be checking internally. Based on the findings, three questions are worth putting to your own organisation.
First: do you have a complete inventory of agents currently deployed, including those built or procured by individual teams without central IT involvement? The Alcon case suggests most organisations do not. Without that inventory, governance frameworks are working on incomplete information.
Second: are the systems your agents access integrated well enough to produce consistent, auditable outputs? Sixty-eight percent of IT leaders in the survey said they still find it difficult to keep current with emerging agent standards, including Agent-to-Agent (A2A) and Model Context Protocol (MCP), both of which are relevant to how agents share context and hand off between systems. If your architecture does not support those protocols, agent coordination will require manual intervention at the points where it should be automatic.
Third: what happens when an agent makes a decision that turns out to be wrong? The governance framework question is not just about compliance. It is about whether your organisation can identify what happened, who or what was responsible, and how to prevent recurrence. With agent counts set to grow by two thirds over the next two years, the answer to that question needs to be in place before the next wave of deployments, not built to catch up with them.
