Shadow AI Has a Name Now

This is the week the agent economy got renamed.

Gartner's 2026 Hype Cycle for Agentic AI introduced three new profiles alongside the core agentic technologies: agentic AI governance, agentic AI security, and FinOps for agentic AI.

Same Gartner research package, same week, came with a colder number.

40% of agentic AI projects will be canceled by 2027.

Reason cited: escalating costs, unclear business value, inadequate risk controls.

By 2030, half of all AI agent deployment failures will trace back to a single root cause: insufficient AI governance platform runtime enforcement.

That isn't an adoption story.

That is a governance-runtime-enforcement story dressed up as a cancellation story.

This week's drops in Microsoft Agent 365, Extreme Networks, IBM-Yotta, and WatchGuard all sit inside that bracket. Each one is a different vendor's bet on which layer of the stack owns the agentic AI control plane. None of them, on their own, closes the runtime-enforcement gap Gartner just named.

But first, some catch-up on infra this week.

On May 1, Microsoft Agent 365 hit general availability.

The interesting part wasn't the GA.

The interesting part was the new word.

Microsoft formally coined "shadow AI" as "an entirely new category of enterprise security risk."

The vendor that owns Active Directory, Intune, and the M365 tenant for a large slice of enterprise IT just told its customers: there is a class of asset already running inside your environment that you do not know about, do not govern, and cannot inventory with your existing tools.

The stat behind the framing: per Gravitee's State of AI Agent Security 2026 report, there are more than three million AI agents currently operating inside corporations globally. Only 47.1% are actively monitored or secured.

1.5 million unmanaged agents, running today, accessing data and systems, with no audit trail.

Microsoft's response: Agent 365 in GA, plus a public preview of registry sync to AWS Bedrock and Google Cloud agent registries. The pitch: discover, inventory, govern.

The examples Microsoft used are not abstract. Users installing OpenClaw or Claude Code on their own devices and pointing them at production tickets. SaaS-installed agents on emerging vendor platforms that the IT team has never touched. Each one autonomously executing tasks, modifying code, accessing confidential information, often with the user's own credentials.

For the Indian IT lead reading this, the operational question is concrete. Open your last 30 days of egress logs. Filter by outbound HTTPS to known LLM endpoints (api.openai.com, api.anthropic.com, generativelanguage.googleapis.com, bedrock-runtime.\*, plus any Indian-sovereign LLM gateways your enterprise has whitelisted). Count the unique source IPs.

If that count is larger than your formal AI tooling rollout, you have shadow agents.

Gartner's six-step playbook for managing agent sprawl, published April 28, frames the response. The thread running through it: discover, inventory, govern. Same three verbs Microsoft put on the GA slide a week later. That convergence is the signal that the analyst frame and the vendor frame have aligned. The IT leader who waits for them to misalign before acting is the one whose project lands in the 40%-cancellation column.

Adoption is not the bottleneck. Governance runtime enforcement is.

While Microsoft was naming the problem on the endpoint, Extreme Networks rolled out Agent ONE at Extreme Connect 2026 on May 6.

This is the second-generation agentic AI offering for autonomous networking from Extreme, and the fourth such pitch from a major network vendor in 14 days.

HPE shipped Mist+Aruba self-driving network actions into production on May 5. Cisco has been quietly pushing AgenticOps across its networking blog through April. Juniper Mist sits inside the HPE play. Now Extreme.

The Extreme variant has a couple of distinguishing features.

The first is the nudge pattern. CTO Nabil Bukhari's framing: when a severe alert fires, the agent has already investigated before it notifies the team. "It wakes you up with findings", not raw alerts. The use cases cited are concrete and operationally familiar: rising Wi-Fi congestion in school buildings, auto-remediated through RF reassignment. Recurring point-of-sale slowdowns in retail, addressed by traffic prioritization during peak hours.

wakes you up with findings.

That is the shape of an agentic system that has earned its place in the on-call rotation. Most "AI ops" tooling today still wakes you up with raw alerts, just with a fancier UI.

The second is the two-mode shipping plan. Agent ONE Coworker ships Q3 2026, designed to work alongside IT teams, monitoring activity and executing fixes in real time but inside a tight governance envelope. Agent ONE Operator follows Q4 2026, designed for continuous, always-on network management without active human input. Closed-loop operations inside established governance boundaries, per Extreme's framing.

The Indian campus refresh buyer evaluating Extreme against HPE Aruba+Juniper or Cisco AgenticOps gets a third datapoint to weigh.

Worth asking the rep:

👉 What is the governance envelope, in writing? "Within established governance boundaries" is a marketing phrase. The procurement question is which actions the agent can take autonomously and which require a human signoff, expressed as a config.

👉 How does the agent handle decisions that span devices the vendor does NOT sell? Extreme's Platform ONE just added multi-vendor support for Cisco, HPE/Juniper, and others. That is the cross-cutting wrinkle worth probing.

👉 What does the audit trail look like? If Agent ONE auto-remediates a VLAN misconfiguration at 2am, what artefact lands in the change management record by 9am?

Underneath the vendor pitch, the deeper signal is that "agentic AI" is now a control-plane feature of network gear, not an opt-in product. Network engineers who have not budgeted training time for evaluating agentic controllers in their next refresh cycle are going to evaluate them by accident, inside the procurement they thought was a switch refresh.

While Microsoft and Extreme were shipping the agent-governance story on US infrastructure, the Indian sovereign-AI stack moved on May 7.

IBM and Yotta announced a sovereign agentic-AI platform on India-based Shakti Cloud (Yotta's MeitY-empanelled infrastructure), combining IBM watsonx Orchestrate with IBM Sovereign Core.

The framing was deliberate. Four sovereignty pillars: operational, data, technology, and AI sovereignty.

For BFSI, manufacturing, public-sector, and digital-native buyers under DPDP pressure, this is the alternative to "your agentic AI runs in us-east-1." The choice was, for a long time, theoretical. The Indian sovereign-AI vendors had the marketing, the global hyperscaler agents had the capability, and the gap was wide enough that procurement teams could safely defer the decision. The IBM-Yotta announcement narrows that gap in one direction.

The use cases IBM and Yotta cited cover the ground a Significant Data Fiduciary cannot ship offshore: IT service management agents handling internal-ops tickets, HR and finance agents touching employee and payroll data, procurement agents holding vendor PII, customer-support agents transacting against customer records.

Government adopters are positioned as early customers. The signal there: if the Government of India can run agentic workloads inside an India-empanelled sovereign stack, the private-sector BFSI buyer's procurement objection ("we cannot host sovereign data on a US cloud agent runtime") just lost its last excuse.

For the Indian CIO, the practical questions are familiar.

✔ Which agentic-AI workloads currently sit in a non-India cloud region? Inventory them.

✔ Which of those workloads touch personal data, financial data, or any data class your DPDP DPO has flagged?

✔ Which of those workloads could move to a Shakti Cloud or comparable Indian sovereign runtime in a 90-day migration window?

The IBM-Yotta announcement does not include GPU counts, named-customer commitments, or a public price list. Treat the news as the door opening on a viable alternative. Not the contract being signed.

The reservation worth keeping: sovereign infrastructure does not, on its own, solve the runtime governance problem. Putting agents in a domestic data center is a jurisdictional control, not an operational one. The agents still need discovery, inventory, governance, and audit, regardless of which country's flag flies over the rack.

That is the limit of sovereignty as a security argument.

Step back from the individual vendors for one section.

Look at what shipped in the last 14 days.

Microsoft put an agentic-AI governance plane in the endpoint stack.

Extreme put one in the network management plane.

HPE put one in the wireless and switching plane.

WatchGuard launched Rai, an agentic-AI digital workforce purpose-built for MSPs to scale managed-security delivery. The framing matters here. Rai is not pitched at the end-customer enterprise. It is pitched at the managed services provider, the SOC delivery floor, the people sitting on top of your incident queue at 2 a.m. That layer of the stack is now being explicitly redesigned around agentic AI as the unit of work, not the human analyst as the unit of work.

IBM and Yotta put one inside an India-sovereign agentic-AI runtime.

Every major layer of the enterprise stack now ships its own agentic offering, with its own governance vocabulary, its own audit-trail format, and its own definition of what "autonomous within established boundaries" means.

The runtime-enforcement gap Gartner named in the opener of this issue is not a gap inside any one of those layers. It is the gap between them.

An agent that lives in Microsoft 365 and triggers a network action through Extreme Agent ONE crosses two governance planes, two audit-trail formats, and two notions of "policy." That handoff is where Gartner's 40%-cancellation cases are quietly accumulating, today, in projects that have not yet failed loudly.

The Indian CIO's procurement decision shifts because of this.

The right vendor question this quarter is no longer "do you ship agentic AI?" Every vendor will say yes within the next 90 days. The right question is two layers deeper.

👉 How does your agentic plane handle a cross-stack handoff to my other vendors' agentic planes? What does the joint audit trail look like? Whose runbook gets triggered if the handoff fails?

👉 Where does the governance config live? If I want to write a single policy that says "no agent may move customer PII out of an India-resident system, regardless of which vendor's agent initiates the move", which control plane enforces that?

👉 What is the failure mode when the governance plane disagrees with the agent's local policy? Does the agent fall back to safe defaults, escalate to a human, or proceed?

For the IT leader staring down the 40%-cancellation forecast and the 1.5 million unmanaged agents stat, that is the procurement framework worth carrying into Q3.

Cognizant sets aside $270M for "Project Leap" layoffs, up to 15,000 jobs
CRN, 2026-05-08.
The Indian-IT-services workforce restructuring story moved last week. Worth reading alongside this issue's thesis: Cognizant is reorganising the operating model on the assumption that agentic AI does meaningful work inside managed services. Whether or not the assumption holds, the budget is committed.

Indian businesses back AI for cybersecurity, but security gaps persist
Voice & Data India, 2026-05.
The Indian survey complement to the Gravitee 47.1% number. Adoption rhetoric high, operational gap wide. Use as the procurement counter when a vendor tells you Indian buyers are "ready."

Sterlite Technologies invests $100M in US AI connectivity expansion
Voice & Data India, 2026-05.
The other side of the Cognizant story. Indian connectivity infrastructure money flowing outbound into US AI build-out. India IT is not just contracting under AI pressure. Parts of it are absorbing the AI-infra trade in the opposite direction.

Lumen acquires Alkira for $475M
Data Center Dynamics, 2026-05.
Telco buying a multi-cloud NaaS startup. Pairs with Belden-Ruckus (covered earlier) and the broader transport-and-fabric consolidation thread. The vendor stack is rearranging itself faster than most procurement cycles can react.

HPE Aruba + Juniper Mist: unified AI-native network brain
SiliconANGLE, HPE Discover recap.
Strategic frame above this issue's Extreme Agent ONE section. If you are mid-evaluation between HPE and Extreme, this is worth ten minutes.

Most discussions of agentic AI inside enterprise IT this year have been about adoption.

How fast can we ship agents into the workflow.

How many agents per knowledge worker.

How quickly the productivity numbers move.

That conversation is going to age badly.

The conversation Gartner just named, Microsoft just shipped against, Extreme just put inside the network, and IBM-Yotta just put inside an Indian sovereign stack, is a different conversation. It is about whether the runtime governance plane keeps up with the agent rollout.

Runtime enforcement is the moat.

Forty percent of agentic AI projects will be canceled by 2027. The projects that survive will not be the ones with the most agents. They will be the ones with a working answer to three questions: which agents are running, who authorized them to act, and what was the audit-grade record when they did.

For the Indian CIO, those three questions are also the questions every CERT-In advisory, every DPDP-aligned procurement contract, and every BFSI-regulated audit will ask in the next 24 months. The agentic-AI conversation and the operational-governance conversation are now the same conversation.

VEMIO™ exists because we had this conviction before "agentic AI" had a name. The architecture under VEMIO™ is the cross-stack observability plane this issue's convergence section was describing. Agent registry sync, egress telemetry, cross-vendor audit, India-resident log retention, runtime enforcement integration with the customer's existing SOAR or SIEM, all under one operator view.

The agentic-AI announcements of the next quarter will be loud. The vendors with the best slides will not be the vendors with the best runtime enforcement.

The gap between "ships agentic AI" and "enforces governance at runtime" is the entire 2026 procurement conversation.

Reply to this email with the one agentic workload you cannot currently account for in your last week's egress logs, and we will feature the most operationally interesting reply (anonymised, with consent) next issue.

Until next time,

Ajay Salvi & the Vinay Enterprises team.