The Agent Audit Trap: 81% of Enterprises Say AI Agents Cost More to Monitor Than They Save

The pitch was simple: deploy AI agents, free up human hours, show efficiency gains. What IT managers actually got was more audit work than the agents were supposed to eliminate.

ZDNet published reporting this week on a Rubrik ZeroLabs survey of more than 1,600 global IT and security leaders — and the number that should be keeping CFOs up at night is 81%. That is the percentage of organizations reporting their AI agents require more manual oversight than the efficiency those agents were meant to generate. It is not the headline number, which was 77% saying agents are out of control. It is the number beneath it: the efficiency promise is broken.

The timing matters. Within the past two weeks, both Microsoft and Google announced dedicated agent governance products — Entra Agent ID and Agent Identity respectively — addressing the exact sprawl the survey quantifies. Three major vendors, one problem they all need to solve now.

"Any team with API access can spin up an agent in an afternoon," said Nik Kale, principal engineer with the Coalition for Secure AI, speaking to ZDNet. "Multiply that across a large enterprise, and you get hundreds of agents with overlapping permissions, no consistent identity model, and no one who can tell you the full inventory."

The sprawl mirrors what organizations experienced with early cloud adoption. Then, teams spun up workloads independently, creating fragmented governance and hidden security gaps. Agents do the same thing but worse: they act autonomously rather than running passively. They make decisions, call tools, access data, and generate a trail that needs auditing. The governance burden scales with capability.

Eighty-eight percent of respondents to the Rubrik survey say they cannot roll back an agent's actions without disrupting their systems. Eighty-six percent expect agent proliferation to outpace their security guardrails within the next year. Nearly half expect agentic systems to drive the majority of attacks their organizations face.

Kavitha Mariappan, chief transformation officer at Rubrik, put it plainly in the report: "Enterprises are struggling because they've deployed systems they can't fully observe, govern, or restore." The implication for organizations running agent deployments without control planes is not hypothetical. It is the current state.

The counterargument is real: the Rubrik survey is funded by a company that sells governance software. The 81% figure is self-reported, and may reflect respondents who deployed agents without proper configuration rather than a structural flaw in the agent model itself. The vendors announcing solutions this month have a commercial interest in the problem being acute.

But the Microsoft Tech Community post from April 24 describes the same pain across finance, retail, telecommunications, and public sector customers — without a Rubrik byline. Google published Agent Identity on April 22 with a cryptographic ID and auditable trail product for the same enterprise buyers facing the same visibility gap. When three platform vendors simultaneously conclude their customers have an agent governance emergency, the market is signaling something real.

The Pulumi blog, written from a practitioner standpoint rather than a vendor position, frames the stakes directly: at least one of the unmanaged agents in an enterprise environment will cause an incident. At least one will surface in an audit. Both are inevitable.

What makes the 81% number the real story rather than a footnote is what it means for the return calculation. An agent that costs more to monitor than it saves is not a productivity tool. It is a new category of operational overhead wearing the clothes of automation. The question for anyone who deployed agents to hit efficiency targets — or approved the budget for someone who did — is whether those targets are still plausible, or whether the audit trail is where the real cost lives.

The governance products now shipping from Microsoft, Google, and Rubrik are addressing a market that did not want to need them. The irony is that buying the control plane means accepting that the first wave of agent deployment ran ahead of the infrastructure needed to run it safely. That acceptance is itself the story.