72% Unmanaged, 42% Losing Revenue: Agent Governance Became a Product Category

79% of enterprises have had to manually reverse a decision an AI agent made on its own. 42% say those reversals tied to actual revenue loss. 72% admit their agents operate with unmanaged risk.

These are not projections from an analyst firm. They come from Kore.ai's 2026 Agent Productivity Index, published June 17, surveying over 400 IT leaders at U.S. companies with 2,000+ employees. And they describe a condition that has already arrived, not one that is approaching.

In the same 48-hour window, four separate platforms launched to address it. Thoughtworks shipped Agent/works, a governed runtime and control plane for enterprise agents. Palo Alto Networks integrated its Prisma AIRS runtime security API into Databricks' Unity AI Gateway. Databricks opened that gateway to thirteen third-party security and identity vendors. And all of this converged at the Data + AI Summit in San Francisco.

The timing is not a coincidence. The survey data explains why governance platforms are suddenly a product category rather than a feature buried inside a larger suite.

What the survey actually says

The Kore.ai numbers break down like this. Among the 400+ IT leaders surveyed:

• 79% had to reverse an agent action manually after it executed
• 70% experienced a failure their teams could not trace
• 62% delayed deployments specifically because of governance concerns
• 53% are running agents they do not fully trust or understand
• 42% report lost revenue tied to an agent failure
• 40% saw a single agent failure cascade across multiple systems

The agents in question are not chatbots answering FAQs. 41% are running data migrations and system updates. 26% are approving or denying decisions. 15% are executing financial transactions. Companies handed agents real authority over consequential workflows, and in most cases, they cannot account for what happened after the fact.

The 40% cascade figure deserves attention. When one agent fails inside a multi-agent chain, the failure does not stay contained. A bad data migration triggers a downstream reporting error, which triggers a compliance flag, which blocks a customer-facing process. The survey quantifies what security teams have been warning about: agent failures compound at machine speed across interconnected systems.

The market response: four platforms, one thesis

Every platform that launched this week is built on the same assumption: governance cannot be a checklist applied after deployment. It has to be a runtime layer that sits between agents and enterprise data, enforcing policy before and during execution.

Thoughtworks Agent/works

Thoughtworks launched Agent/works on June 16 as a governed runtime and single control plane for AI agents across any cloud. The platform does three things worth noting.

First, it checks compliance before an agent runs. Before execution, Agent/works analyzes every path through an agent's workflow and confirms that at least one fully compliant route exists end to end. If no compliant path exists, the agent does not start.

Second, it grants permissions designed for agents rather than humans. Those permissions are capability-based, scope-bound, and time-limited. An agent accessing public web data gets broad access. The same agent touching internal finance records gets narrower permissions automatically. This matters because most enterprises today use human identity models for agents, which means agents inherit the full permissions of whoever deployed them.

Third, it provides a central registry for the entire agent fleet: every agent, model, tool, and policy in one place, with usage analytics and cost controls.

Shayan Mohanty, chief data and AI officer at Thoughtworks, framed the cost dimension bluntly: "Without runtime controls, costs can scale as quickly as the agents themselves."

IT Brief US noted that Agent/works is designed to sit beneath custom agent applications rather than serve as a standalone product. That positioning matters. It treats governance as infrastructure, not an application layer.

Databricks Unity AI Gateway ecosystem

Databricks opened Unity AI Gateway to thirteen third-party integrations on June 17, organized into two groups.

The runtime security group includes Alice, CrowdStrike, Cyera, HiddenLayer, Netskope, Noma Security, Obsidian Security, Openlayer, Palo Alto Networks, and Zscaler. Each plugs into the gateway to inspect prompts, model responses, tool calls, and agent actions in real time. CrowdStrike's Falcon AIDR detects prompt injection and MCP tool poisoning. Cyera classifies data before agents can reach it. HiddenLayer blocks jailbreaks and data exfiltration attempts at runtime.

The identity governance group includes Okta, Ping Identity, and Saviynt. These govern agent identities the same way they govern human identities: provisioning, access certification, least-privilege enforcement, and drift detection.

Databricks also announced cost management features inside the gateway: spend visibility across providers, hard spend caps, and intelligent routing to balance quality against cost. The gateway extends Unity Catalog's existing data governance to the runtime interactions between models, agents, MCP servers, and tools.

Palo Alto Networks + Databricks runtime security

Palo Alto Networks and Databricks announced a partnership integrating the Prisma AIRS API directly into the Unity AI Gateway. The integration scans user inputs, agent outputs, and tool calls for prompt injections, sensitive data loss, and malicious code. The goal is to move security from a reactive layer into a native component of the AI architecture, embedded at the gateway rather than bolted on after deployment.

The partnership is notable because Palo Alto Networks completed its acquisition of Portkey's AI Gateway technology in May 2026, which is being integrated into Prisma AIRS 3.0. By embedding that runtime protection into Databricks' governance layer, the two companies are positioning the gateway as the enforcement point for agent security policy.

Why these launches cluster together

The Databricks Data + AI Summit created a natural focal point. But the clustering reflects something deeper. The Kore.ai survey data shows that enterprises have already crossed the threshold from pilot to production with agents that have real authority. The governance infrastructure to manage that authority does not exist in most organizations.

Thoughtworks, Databricks, and Palo Alto Networks are each attacking a different part of the problem from a different angle. Thoughtworks starts with the control plane: who can deploy what, what permissions travel with it, what compliance checks run before execution. Databricks starts with the data estate: extend Unity Catalog's existing governance model to agent interactions at runtime. Palo Alto Networks starts with threat detection: inspect every prompt, response, and tool call for attacks in real time.

All three converge on the same architecture: a governance layer that sits between agents and enterprise systems, enforcing policy at runtime rather than relying on post-hoc audits.

What to actually do with this

If you are deploying AI agents in production, the Kore.ai survey describes conditions that probably apply to you. Three steps follow from this week's launches.

Inventory your agents. Obsidian Security's CEO noted that most enterprise environments now have more AI agents in their SaaS stack than human users. You cannot govern what you have not inventoried. Start by finding every agent that touches a production system, regardless of who deployed it.

Put runtime controls in front of high-authority agents. The 26% of agents approving decisions and the 15% executing financial transactions need runtime policy enforcement before they act. A governance gateway that inspects tool calls before execution is the difference between catching a bad action and reversing one after the fact.

Track agent spend. Thoughtworks cited Sonar's finding that 42% of committed code is now AI-generated or AI-assisted. Agent-driven workflows consume tokens at a rate that can drain a monthly budget overnight if no cost controls exist. The Databricks cost management features and Agent/works' usage analytics both address this directly.

The governance gap Kore.ai quantified is not going to close itself. This week's platform launches suggest the market has decided to build the infrastructure to close it. Whether enterprises adopt it fast enough is a separate question, and the 42% revenue loss figure suggests the cost of waiting is already measurable.