Only 12% of Enterprises Have Centralized AI Governance. The Small-Firm Version of This Problem Is Easier to Solve.

Gartner's 2026 Hype Cycle for Agentic AI reports that 36% of enterprises say they are taking a centralized approach to AI governance, but only 12% have a centralized platform to back it up. The report adds three new profiles to the maturity curve: governance, security, and FinOps. For the first time, the question is not whether the AI works. The question is whether the firm can see what it is doing.

For a 5 to 50 person service business, the enterprise framing is mostly noise. The underlying problem is exactly your problem.

What "AI sprawl" actually means

AI sprawl is the condition where multiple AI tools are running across multiple parts of a firm, on multiple pieces of data, with no consistent policy, no shared log, and no single person who knows what is running where.

In an enterprise, sprawl looks like fifteen vendors, four shadow IT projects, and a procurement team that finds out about half of them a year late.

In a small creative service firm, sprawl looks like this. The principal has ChatGPT Plus and uses it for client emails. The bookkeeper has Copilot through her Microsoft account. The project lead uses Otter.ai for call notes. A junior designer has a custom GPT they built for fabric sourcing. Nobody documented any of this. None of the tools are on the same data agreement. The principal does not know which clients' information has passed through which model.

The enterprise sprawl is wider. The small-firm sprawl is messier and the principal is personally on the hook for it. The 12% stat is the headline. The structural problem behind it is the same one your firm has.

What Gartner is signaling by adding three new profiles

Gartner's Hype Cycle is most useful as a leading indicator of where attention is moving. The three new profiles signal something concrete.

Governance becomes table stakes. Firms that cannot explain which AI is running on which data and under whose ownership will not pass enterprise procurement reviews in 2027. For service businesses with enterprise clients, this is six months away from being a contract requirement.

Security is no longer an IT-only conversation. When agents act on the firm's behalf across multiple systems, the security surface is the design of the agent, not the perimeter of the network. Old controls do not cover it.

FinOps enters the agentic conversation. Agent costs do not behave like SaaS costs. A multi-step agentic workflow can spend ten times as much in a runaway loop as the firm budgeted for in steady state. Firms without cost monitoring are exposed.

For small firms, this means the work that used to be optional, write the policy, log the agents, know what you are spending, is becoming the entry ticket. Not in five years. In one.

The small-firm version of each pillar

Gartner's framework assumes you can buy a centralized platform. Most small firms cannot and should not. The principle behind each pillar still applies, in a form that costs almost nothing.

Governance. A one-page AI policy. Approved tools, prohibited categories, data rules, exception path. We have written elsewhere that this single document drops shadow AI usage by 67% on average in the 11-to-50 person band. The policy is the small-firm governance platform.

Security. A written list of which agents are running, on what data, who owns each one, and what the agent is allowed to read and write. The list lives in your source of truth, not in someone's head. Updated when an agent is added. Reviewed quarterly.

FinOps. A monthly review of AI spend. Most firms can do this with a spreadsheet. The first time you run it, expect surprises. By month three, the pattern is clear. By month six, the spend tracks the value.

None of this is enterprise-grade. All of it produces 80% of the benefit of the enterprise version at 1% of the cost. The reason small firms underperform on governance is rarely cost. It is discipline.

What the principal actually has to do

The reason 88% of enterprises do not have a centralized platform is that platforms are expensive and slow to procure. The reason small firms do not have the policy, the agent list, and the spend review is something different. The principal has not made the decisions yet.

Which AI tools is the firm willing to pay for. Which is the firm not. What data is allowed to leave the firm under what conditions. Who in the firm has authority to add a new agent. Who reviews the spend monthly. Who is the kill switch when an agent goes off the rails.

Each of those is a one-paragraph answer. Together they are the firm's agentic AI governance. Most small firms have answered none of them in writing. Most enterprises have answered all of them with platforms and committees.

The small-firm advantage is that the decisions are faster to make. The small-firm disadvantage is that nobody else will make them for you. The Hype Cycle is signaling that not making them is no longer free.

What does this mean for you?

Absence of process is itself a finding, not a failure. Most small firms got to mid-2026 without writing any of this down because the cost of not writing it down was, until recently, abstract. The Gartner data is the cost moving from abstract to concrete.

Context is the whole game. An agent without good context is just an expensive random number generator. Governance is how the firm bounds the context. Without governance, every agent is making local decisions about data, scope, and cost. With governance, the firm is consistent.

The 12% stat is the enterprise lens. The 67% reduction from a one-page policy is the small-firm lens. The structural problem is the same. The fix is dramatically smaller.

What to do this week

Block forty-five minutes on the calendar with the title "Write the agent governance page." Open a doc. Three sections.

One. Approved tools and what each is allowed to do.

Two. Agents currently running. Name, owner, data scope, kill switch.

Three. Monthly AI spend cap. What triggers a review.

Send it to the team. The questions you get back are the real version of your agentic AI inventory. The questions are also the road map for the next ninety days.

The 12% stat is a comfort to most small firm owners because it implies the bar is low. It is. The Hype Cycle is also signaling that the bar is moving. The firms that get this done in 2026 will not be the ones with the biggest platforms. They will be the ones with the clearest single page.

The Radiant Work operations audit produces this single page as part of the standard deliverable, alongside the shadow AI inventory and the prioritized build roadmap. See how we work for the methodology.

What to do next

If you want a clear-eyed map of where your firm's AI governance currently sits and what would close the gap, schedule a conversation. Two weeks. One document. Maturity stage placement.