A few weeks ago I was talking to an engineering lead at a mid-size fintech company. Her data science team had built a feature extraction agent without telling infrastructure. It was brilliant work—automated data validation, smart caching, the whole thing. One problem: it had read access to the entire production database. Not because they wanted it. Because no one had ever implemented permission boundaries.
This is shadow AI.
It's what happens when teams need to move fast and governance feels like friction. A team spins up an agent to do something useful, deploys it somewhere (a VM, a container, a cron job), and keeps it running because it works. No one's asking about permissions, audit trails, rate limits, or what happens when it fails. The agent might be working fine. Then it causes a production incident at 2am, and suddenly your ops team is discovering infrastructure they didn't know existed.
The pattern repeats across your org. The marketing team has a content generation agent running for three months with no rate limits. The customer success team built a ticket routing agent that's accessing customer data without approval trails. Each team solved a real problem. Each bypassed governance because governance was too slow, too bureaucratic, or didn't exist yet.
The cost isn't just operational—though it is that. It's financial (API spend with no visibility), legal (compliance gaps when someone audits), and organizational (loss of trust when an agent breaks production). And the worst part: it's preventable.
Why governance fails
Before we talk about the fix, let's understand why this happens. The answer isn't that teams are reckless. It's that governance, as it's usually implemented, creates friction at the wrong place in the adoption curve.
A typical enterprise governance process looks like this:
- Team identifies need: "We need an agent to do X."
- Team files a ticket with security or platform.
- Meeting happens. Questions about scope, risk, data access.
- Governance framework is designed. Permissions are negotiated.
- Agent is built and deployed under the new policies.
- Reviews happen quarterly.
This takes weeks. Sometimes months. Meanwhile, a team that just needs to extract data or generate content has already built the thing in a notebook and deployed it somewhere. Governance never enters the picture because the team never had the time or energy to navigate the approval process.
The problem isn't the governance itself. It's that by the time governance kicks in, the agent is already running unsupervised.
The real costs add up
Shadow agents are cheaper in the short term. They're expensive in every other way.
API costs without visibility. A marketing team's content agent runs 24/7 without rate limits because no one thought to add them. In two months, it's burned through $14k in API calls that nobody knew were happening. No cost tracking. No alerts. You find out when the bill arrives.
Incidents nobody saw coming. The data extraction agent has write permissions on three production tables because the permission request was ambiguous. A bug in the prompt causes it to update records it shouldn't. It takes your ops team six hours to identify which agent caused it because the agent was never registered as infrastructure that needed monitoring.
Compliance gaps. A customer success agent accesses customer data but there's no audit trail. Six months later, a compliance audit asks "who accessed this customer's data, when, and why?" There's no answer. The agent exists, the data was accessed, but no one documented it.
Opportunity cost. Your platform team gets paged to investigate incidents. Your security team spends time retroactively understanding what agents exist and what they can access. Your ops team builds monitoring for infrastructure they didn't know about. All of this is work that could have been prevented if governance had been frictionless enough to use in the first place.
Loss of organizational trust. When an ungoverned agent breaks production, it reflects on the whole idea of using agents. "See, we shouldn't be building these things." But the real lesson is simpler: we needed governance from the start, and we needed it to be easy to use.
The pattern repeats because the incentives are backwards
Here's the trap: the teams that build shadow agents aren't trying to evade governance. They're trying to solve problems fast. From their perspective, going through an approval process adds weeks of delay for something that might take two days to build.
So they don't ask for permission. They deploy to a corner of infrastructure where no one's monitoring, or they run it locally and forget to tell anyone, or they justify it as a prototype that somehow becomes production.
And they're not wrong about the time cost. If your governance process requires approval meetings, security reviews, and weeks of negotiation, it is slower than just building the thing and running it.
The fix isn't to relax governance. It's to make governance automatic.
The Orloj approach: governance as infrastructure code
There's a different way to think about this. What if governance wasn't something you request permission for, but something you declare when you deploy?
At Orloj, we built governance into the infrastructure layer. You don't ask for permission to give an agent access to a tool. You declare it in YAML, in the same manifest where you define the agent. You say: "This agent can call this tool. It has a rate limit of 100 calls per minute. Each call gets logged. If it calls a tool it shouldn't, the call fails closed."
Then you deploy the manifest. Governance is enforced automatically. You don't need an approval meeting. The agent's permissions are declared, versioned, and auditable by default.
Here's what that looks like in practice:
agents:
- name: content-generator
model: gpt-4
tools:
- name: generate-outline
rateLimit:
calls: 100
window: 60s
- name: draft-article
rateLimit:
calls: 50
window: 60s
- name: publish-to-blog
requires:
- approval
policies:
- name: content-generator-policy
subject: content-generator
allow:
- tools: [generate-outline, draft-article]
limit: 150 calls/min total
- tools: [publish-to-blog]
require: human-approval
The agent's permissions are right there in the code. Rate limits are declared. What the agent can do is visible to anyone reading the manifest. Changes to permissions are version-controlled and reviewable like any other code change. Violations fail closed.
This approach changes the incentive structure. Instead of "governance feels slow, so I'll skip it," a team thinks: "I'll declare my agent's permissions while I'm building it, and Orloj will enforce them automatically when I deploy." It takes five minutes to add. And it means your ops team isn't surprised at 2am.
Governance speeds up adoption
This seems backwards at first. Good governance actually accelerates agent deployment.
The real bottleneck isn't the engineering work. It's the approval process. Teams negotiate permissions, wait for security reviews, explain why agents are trusted, and fight through processes that feel adversarial.
Automatic governance eliminates this bottleneck. Your security team reviews manifests in five minutes. Your platform team doesn't maintain manual registries. Your ops team sees what's running and why.
The friction moves from "getting permission" to "writing good manifests." And writing a manifest is the same skill as building the agent in the first place.
This is why organizations with strong infrastructure practices—Kubernetes shops, companies with code review cultures—adopt agents faster once they have the right governance primitives. They're not waiting for permission. They're building the agent, writing the manifest, passing review, and deploying.
The conversation shifts from "should we allow this?" to "is this agent well-designed?" which is the conversation you actually want to have.
What we're learning
We've been talking to teams running Orloj in production for the last few months. A pattern is emerging.
Teams that over-govern end up with policies nobody follows. Teams that start with baseline constraints (agents fail-closed, logging enabled, rate limits required) and then relax them for proven agents build sustainable governance. They accept risk instead of preventing it.
The data science team's feature extraction agent gets permissions to read from three tables, not the entire database. The system logs what it reads and why. If it tries to read something else, it gets denied. Three months in, if they've proven they can be trusted, you can expand the permissions. But you're expanding from a known good state, not discovering an ungoverned agent at 2am.
This isn't surprising. It's the same evolution you've seen with containers (everything starts with "lock down everything," then you refine based on what you've learned) and with databases (principle of least privilege). Governance that survives contact with production is governance that starts restrictive and scales permissions as teams earn trust.
The hard part hasn't changed
Orloj makes governance declarable and enforceable. We don't make the hard part easier, which is deciding what permissions an agent should have in the first place.
That's still a conversation. You still need to understand what the agent does, what data it needs, and what could go wrong. But at least now you're having that conversation in a manifest you can review and version-control, not in a meeting where half the stakeholders are checking email.
The take-home
Shadow AI isn't a sign that teams are reckless or that agent adoption is dangerous. It's a sign that governance was too slow for the pace at which teams wanted to move.
Fix the governance infrastructure, and you fix the incentive. Make permissions declarable, enforceable, and auditable by default. Make it faster to deploy with good governance than without it. Then you stop seeing shadow agents. You start seeing agents that are deployed transparently, that your ops team can monitor, that your security team can review, and that your teams can iterate on without friction.
That's what production-grade agent infrastructure looks like.
Related posts
The Governance Gap: Why Most Agent Deployments Fail Before They Start
80% of Fortune 500 companies are deploying AI agents. Only 14.4% have actually gotten security approval to run them. Here's why governance is the real blocker.
Why Every Agent System Needs a Governance Layer (Not Just Guardrails)
Guardrails check outputs. A governance layer controls inputs, execution, access, and budget. They solve different problems. Most teams need both.
Agent Governance for Financial Services: What Compliance Teams Actually Need
Regulators care about audit trails, model risk management, and data access controls. Most agent frameworks provide none of these. Here's what financial services compliance actually requires from agent infrastructure.