2.4 Million Autonomous Agents, 7% Accountability: Three Reports, One Gap

2.4 million autonomous AI agents are operating inside major US and UK companies right now without a human in the loop. Only 7% of those organizations have named a single person responsible for what those agents do.

That number comes from Gravitee's latest survey of 750 CTOs and VPs of Engineering, published today. It sounds like it should be from a cautionary blog post, not a survey of people actively deploying these systems. But two more reports landed in the same 48-hour window — from GitLab and TDWI — and they each measure a different layer of the same problem. The picture they paint together is worse than any single report suggests.

The operational gap: 7.2 million agents, no one in charge

Gravitee's data is the most viscerally alarming of the three. Respondents across the US and UK reported 7,239,650 AI agents deployed across their organizations. Of those, 2,445,553 — roughly one in three — are fully autonomous. Gravitee defines these as systems that can make decisions and take action without approval. Agent counts appear to be doubling every six months.

Seven percent of organizations surveyed have named a single accountable individual for agent behavior. Ninety-three percent have not.

The survey also found that 80% of organizations felt pressure to deploy agents before security was fully in place. For over a third, that pressure came directly from the boardroom. Nearly a third of technology leaders said they were personally uncomfortable with the pace of adoption at their own organizations. And 31% said they were deploying agents specifically to reduce headcount, which adds a different kind of pressure to a situation where accountability is already unclear.

Gravitee CEO Rory Blundell described it bluntly: "There are now millions of AI agents loose at major firms: a number that's increasing every second. But what worries me is that a huge number of these are acting right now, without any oversight and with no accountability."

The code governance gap: speed without control

GitLab's 2026 AI Accountability Report, also published today, surveyed 1,528 developers and technology buyers across six countries. The headline finding: 80% of organizations adopted AI coding tools faster than they developed policies to govern them.

Ninety-one percent of organizations now have at least two AI coding tools in active use. Seventy-eight percent say developers are committing code faster since adopting AI. But 84% agree that the biggest challenge with AI-generated code is governing what happens to it after it's created. Eighty-two percent believe AI-generated code is creating a new form of technical debt their organization cannot manage.

The traceability gap is where this gets concrete. Only 28% of respondents said their software development lifecycle tools are fully integrated. When GitLab asked whether teams could determine within 24 hours whether AI-generated code had contributed to a production incident, 87% said they were confident. But of organizations that actually experienced an incident in the past year, 34% said they couldn't make that determination.

Manav Khurana, GitLab's Chief Product and Marketing Officer, framed the shift: "Speed without control is a liability, not an advantage. The teams thinking ahead are already asking the harder question: can we actually control all the code we're generating?"

Eighty-five percent of respondents agreed that AI has moved the main bottleneck from writing code to reviewing and validating it. The same percentage predicted the next phase of AI in software will focus less on generating code and more on governing it.

The data readiness gap: strong infrastructure, weak foundations

The TDWI Agentic AI Readiness Benchmark, published June 23, surveyed 161 organizations across five readiness dimensions. The median score: 69 out of 100. That sounds above average until you look at where the points are concentrated.

Technology and Engineering readiness scored 15 out of 20. Operationalization scored 15 out of 20. These are the layers where organizations have invested: cloud infrastructure, agent frameworks, technical architecture.

Data readiness scored 13 out of 20. Governance scored 14 out of 20. Organizational readiness scored 13 out of 20. These are the layers that determine whether agents produce correct results.

Fewer than 10% of organizations have multi-agent systems running in production. Only 47% report broadly trusted structured data. Only 27% have a governed, enterprise-wide semantic layer that gives agents a consistent understanding of what their data means.

Precisely, which sponsored the TDWI research, calls this the Agentic AI Data Integrity Gap. In a multi-agent workflow, each agent builds on the output of the previous one. An outdated record or a missing attribute propagates through every downstream decision. Strong infrastructure sitting on a shaky data foundation produces impressive pilots that fail when they hit production data.

The maturity gap: most organizations cannot even inventory their agents

A framework published by Capgemini on June 22 adds the architectural overlay. Their four-foundation model — governance, security, identity, and control — places most organizations between Level 0 (ungoverned) and Level 1 (visible). At Level 0, agents run on borrowed human credentials with no inventory and no central ownership. At Level 1, there is at least a list.

Palo Alto Networks' 2026 research, cited by Capgemini, puts the ratio at 109 machine identities for every human identity. Most of those machine identities lack defined owners, scoped credentials, or expiry dates. Capgemini's Thomas Willner noted that in assessments, organizations often cannot produce a current list of their non-human identities, let alone the owner and expiry for each.

The maturity model matters because it gives the three survey findings a shared explanation. The gap is not a failure of intent. It is a structural consequence of deploying probabilistic systems on deterministic infrastructure that was never designed to govern autonomous actors.

What the convergence tells you

Three independent research teams, three different methodologies, three different respondent populations: 750 CTOs, 1,528 developers and buyers, 161 organizations. They did not coordinate. They measured different things. And they all found the same pattern: technology outpaced governance, data outpaced quality, and agents outpaced accountability.

If you are an operator evaluating where to invest next, the three reports point to a diagnostic you can run today.

Can you produce an inventory of your agents? If not, you are at what Capgemini calls Level 0, and the Gravitee data suggests 93% of organizations have not even assigned someone to find out. Start there.

Can you trace a line of AI-generated code from creation to production and say who is responsible for it? GitLab found that 84% of organizations cannot. If that is you, the bottleneck has already moved from writing to reviewing, and your review process is not ready.

Is the data your agents act on trusted, current, and semantically consistent across systems? TDWI found that only 47% can say yes to even the structured-data version of that question. The unstructured version is worse.

The reports agree on one more thing. The gap is widening, not closing. Agent counts are doubling every six months. Code generation speed keeps increasing. And the governance, data, and accountability infrastructure that should keep pace has not moved. The longer the gap grows, the harder it becomes to close, because the agents already in production are the ones nobody can account for.

Sources: IT Brief (Gravitee survey) · SecurityBrief (GitLab AI Accountability Report) · Precisely/TDWI Agentic AI Readiness Benchmark · Capgemini control foundations