What is an AI assurance audit?

A structured review of an AI system's prompts, tool descriptions, scaffolds, and configurations for structural failure modes — sycophancy, null-result bias, hermeneutic drift, silent instruction relaxation, and others — before the system reaches production. Hermes Labs delivers a written report with prioritized fixes and runtime-control recommendations.

Does Hermes Labs support EU AI Act compliance?

Yes. Evidence packages map to EU AI Act Annex IV requirements and cross-map to ISO/IEC 42001 and the NIST AI Risk Management Framework. The same bundle is defensible under EU, ISO, and US audit review.

Do you work with US-based teams or only EU?

Both. Traceability and auditability requirements apply globally — SOC 2 AI addendums, procurement questionnaires, internal audit trails, and US state AI regulations. The EU AI Act is one framework our evidence packages support; it is not the only one.

What makes Hermes Labs different from a typical AI consultancy?

Research-backed methodology. Two peer-reviewable papers on Zenodo with DOIs, five US patent filings, 2,000+ controlled adversarial evaluations, and 26 merged upstream contributions into the frameworks production AI systems already use — including LangChain, Microsoft Semantic Kernel, PyTorch Ignite, and Optuna.

What frameworks and runtimes does Hermes Labs support?

Python, JavaScript, and TypeScript runtimes. Audit tools (lintlang, rule-audit, suy-sideguy) integrate with standard CI pipelines. Runtime assurance works with LangChain, Microsoft Semantic Kernel, Microsoft AutoGen, LlamaIndex, and custom agent frameworks.

How do Hermes Labs engagements start?

A discovery call to scope the audit surface. Most audits cover the prompt layer, tool descriptions, agent scaffolds, and runtime integration points. Findings are delivered in a written report with prioritized remediation steps. Contact roli@hermes-labs.ai to start.

Is Hermes Labs software open source?

Yes. 18+ tools released open-source under the Hermes Labs GitHub organization at github.com/hermes-labs-ai, including lintlang, little-canary, suy-sideguy, zer0dex, claude-router, agent-convergence-scorer, and more. No subscription required.

Agent Sprawl Is the Next Enterprise AI Risk

May 16, 2026Rolando Bosch

Most companies are adding AI agents faster than they are building the systems to inventory, permission, trace, and audit them.

The first agent is easy to justify.

A sales team wants lead enrichment. Support wants ticket triage. Engineering wants code review. Compliance wants document review. Product wants customer research. Nobody thinks they are creating an enterprise governance problem. They are just trying to remove friction.

Then the agents start accumulating.

Some live inside approved enterprise platforms. Some are embedded features inside legacy vendor tools. Some are internal engineering prototypes that quietly became production dependencies. Others are personal productivity workflows that an employee hooked up to an API key over a weekend to save themselves three hours a week.

Six months later, the company does not have an agent strategy. It has an agent population.

The next enterprise AI risk is not that companies will fail to adopt agentic systems. It is that they will adopt hundreds of them before they know how to govern what those actors are actually allowed to do.

Agent sprawl starts as productivity

A traditional software application operates within defined boundaries: a user initiates an action, a standard permission model validates it, and the execution path is bounded by that specific session.

An agent is structurally different. It takes an objective, decomposes it into a multi-step execution plan, calls external tools, retrieves context from internal databases, makes intermediate judgments, and passes outputs into downstream systems. A single user request can fan out into a dozen asynchronous actions across files, CRMs, inboxes, tickets, and internal knowledge bases.

The moment an agent can act across systems, it is no longer just an interface. It is an operational actor.

But right now, agent adoption is moving faster than the control systems around it. The conversation among CIOs and security teams is shifting away from basic LLM hallucination and toward runtime accountability. The underlying risk is structural: an expanding footprint of non-human identities with persistent privileges, standing data access, and a lack of reliable audit trails.

Agent sprawl doesn’t look chaotic when it starts. It looks like a high-performing team moving fast. The operational debt only becomes visible when you ask basic systemic questions:

Can IT produce a live inventory of every autonomous agent currently operating inside the company?

Can Security verify which agents have write-access to core databases?

Can Compliance reconstruct the exact data, prompts, memory states, and model versions that led to a specific regulated output three months ago?

If the answer is no, the organization has built an invisible, unmanaged layer of shadow infrastructure.

The control surface is bigger than the model

Most enterprise AI discussions are still stuck in the clean-room environment of model evaluation. But in a live agentic system, the model is just a single component of a much larger, messier control surface.

An agent is not a standalone artifact. It is a prompt scaffold, a specific model version, a tool path, a permission set, a memory surface, a retrieval layer, and an active write path into systems people depend on.

When user intent moves through a prompt scaffold, routes to a model, pulls from a memory layer, calls an external tool, and writes back into a core system, control can break down at any point in the chain. If you only log the final output, you missed the actor. If you only log the raw API call to the model, you missed the system behavior entirely.

When an agent changes a record, escalates a high-value customer case, or alters an internal compliance log, traditional software observability breaks down. It can tell you that an API call completed or that a server stayed up. It cannot tell you why an agent made a specific intermediate optimization choice, what data it exposed along the way, or under whose authority it acted.

This is not an argument against deploying agents. The companies that build strong governance infrastructure will actually be able to deploy agentic AI much more aggressively than their competitors. They will scale because they have the rails to do so safely.

The alternative is not innovation. It is defensive restriction. When security and legal teams realize they have zero visibility into an exploding population of autonomous actors, they eventually default to blanket blocks, slowing down deployment and forcing teams to build even further out of sight.

The agent needs an audit trail

Every critical agent operating within an enterprise needs to leave behind a durable, reconstructable trail of evidence. When a customer, an auditor, a regulator, or an internal security team asks, “What actually happened here?” the answer cannot be a hand-waving explanation of your corporate Responsible AI principles.

It has to be verifiable.

Accountability means having the infrastructure to cleanly answer operational realities at the individual execution layer:

Which agent acted, and who is the human owner responsible for it?

What specific context or memory state shaped its decision?

What tools did it select, and what parameters did it pass to them?

What did a human actually see and sign off on versus what was automated?

Can we cleanly isolate and revoke its access without breaking the downstream workflows it touches?

Completion is not accountability. A workflow can finish successfully on a dashboard while the organization completely loses the ability to explain the path from intent to action.

The missing assurance layer

This is where the enterprise AI landscape is moving. The market is shifting past the era of raw model experimentation and entering the era of runtime accountability.

The missing piece is AI assurance infrastructure: the dedicated engineering layer required to inventory agents, manage non-human permissions, trace asynchronous actions, and preserve the precise evidence behind system behavior.

This is the exact problem space we are focused on at Hermes Labs. We build AI assurance infrastructure for production LLM and agentic systems—delivering auditability, traceability, runtime evidence, and failure-mode detection for the critical layer between a demo and true deployment. We treat the agent as a real operational actor—something that requires structural boundaries and verifiable records, not just a better system prompt. If you’re building this layer inside an enterprise, we’d like to compare notes.

The companies that win with agents will not be the ones that let every internal workflow grow its own invisible, autonomous actor. They will be the ones that can say, clearly and defensibly: this agent exists, this is what it can touch, this is what it did, and this is how we prove it.

Agent sprawl is not a hypothetical future risk. It is what happens when AI agents become operational before the enterprise builds the layer that makes them governable.

Roli Bosch is the founder of Hermes Labs, building the auditability and epistemic engineering layer for production AI systems. Roli’s relevant published research: A Taxonomy of Epistemic Failure Modes in Large Language Models. Open-source tooling at github.com/hermes-labs-ai.