The DoD Has an Agent Sprawl Problem

Your program office has more AI agents running right now than you think. And most of them are invisible to your ISSO, your CO, and your oversight structure.

Claude Code on a software engineer's laptop at Hanscom. GitHub Copilot licensed across three contractor teams. AutoGen experiments spun up by a data scientist at AFRL. LangChain workflows running somewhere in a CI/CD pipeline nobody fully documented. Custom Python scripts calling OpenAI from a GS-13's workstation. IDE assistants. Workflow automations. Long-running analysis pipelines.

They're all agents. They all have data access. They all multiplied fast in 2025 — because they're genuinely useful, and because there was no friction stopping them.

Nobody knows exactly how many are running. Nobody knows what they can access. And nobody knows which ones are actually delivering mission value versus creating liability.

This was the story of 2025 across the commercial enterprise too. For the DoD, the stakes are categorically different.

The Real Cost in a Defense Context

In a commercial company, agent sprawl costs money and creates compliance headaches. In the DoD, it creates something more serious: unaudited data paths inside classification boundaries, attribution gaps when an agent takes a consequential action, and mission risk when nobody can answer the question "what did that agent touch?"

The concrete costs break down across four categories:

🔍

Audit Exposure

Unmanaged agents create unknown data paths. When an IG audit or security review asks "what accessed this data store between January and March," the answer is silence. That's not a defensible position at IL4 or above — and it won't get better as agents proliferate.

🏷️

Attribution Gaps

In classified environments, every action needs an owner. When an AI agent generates an intelligence product, drafts a targeting recommendation, or moves data between systems — who signed it? Shadow AI in classified spaces isn't just a compliance risk. It's a chain-of-custody problem.

💸

Duplicated Spend Across Program Offices

Three program offices at the same installation are each paying for their own LLM API access, their own agent tooling, and their own integration work — solving the same problems in isolation. The overhead compounds annually. The shared infrastructure they need already exists.

🐢

Velocity Drag on Mission Teams

Every team reinventing governance from scratch slows the mission. The engineer who could be building capability is instead arguing with the ISSM about whether their agent has appropriate access controls. That's a problem of missing infrastructure — not missing talent.

The Pattern We're Seeing

Program offices that moved fastest on AI in 2024–2025 are now facing a reckoning: the agents are everywhere, the oversight is nowhere, and they're spending more time cleaning up governance gaps than building new capability. The velocity they gained is being consumed by the debt they created.

The Anthropic Moment Changed Everything

In early 2026, the DoD discovered what happens when you build AI-dependent workflows on a single vendor's infrastructure. When Anthropic restricted access, program offices that had integrated Claude deeply into classified workflows were suddenly scrambling. Not because the capability disappeared — but because they had no abstraction layer between their mission workflows and a commercial vendor's policy decisions.

"The DoD just learned what happens when you're locked into a single AI provider at classification level. You need a model-agnostic coordination layer — not a dependency on any single vendor."

— Fulcrum Platform · March 2026

The response to that moment revealed the sprawl problem in sharp relief. Program offices discovered they couldn't easily swap models because their agent workflows were tightly coupled to vendor-specific APIs. They couldn't assess their blast radius because they didn't have a complete picture of what agents were running and what they depended on.

Agent sprawl turned a vendor policy change into a mission continuity event. That's the cost.

MCP Changes the Foundation

The Model Context Protocol is now the shared language for how agents connect to tools, data, and each other. It's supported across Claude, GPT-4, Gemini, GitHub Copilot, Cursor, and growing — including LeapfrogAI, the inference layer purpose-built for classified environments.

MCP provides three core primitives: tools (functions agents can invoke), resources (data sources agents can read), and prompts (structured templates for agent interactions). Any agent that speaks MCP can connect to any MCP-compliant platform — regardless of which LLM is running underneath.

That's the foundation that breaks vendor lock-in. But MCP alone doesn't solve agent sprawl. It gives you a common protocol. What you need built on top of it is a coordination layer — where agents can discover each other, hand off work, share context, and operate under human oversight — inside your secure boundary.

Model Agnostic by Design

Fulcrum is built on MCP. Any LLM with an MCP connection — Claude, GPT-4, Gemini, LeapfrogAI — connects to the same platform, uses the same task board, reads the same Context Vault, and operates under the same RBAC policies. Swap the model without rebuilding the workflow. That's the abstraction the DoD needed before the Anthropic moment, and needs even more acutely now.

What Cross-Boundary Coordination Unlocks

Most agents today can coordinate inside their own framework. The gap is safe, observable collaboration across tools, teams, and vendors. In a defense context, that gap is mission-critical.

Without Coordination Layer

Agents operate in isolated silos — no shared context

Every workflow reinvents state management from scratch

Humans manually pass outputs between agents

No audit trail connecting agent actions to human oversight

ISSO can't answer "what did the agent touch?"

Vendor change breaks mission-critical workflows

With Fulcrum

Agents discover each other, share context via the Vault

Shared task board — accountability across the entire team

Autonomous handoffs via @mention and task assignment

Immutable audit trail on every agent action, every call

RBAC + RLS enforced at the database layer

Swap models without rebuilding workflows

When agents can coordinate across boundaries inside a governed platform, something important shifts: trust becomes measurable. Not based on a vendor's marketing claims, but based on observable behavior — evaluation history, incident record, policy compliance. That's the foundation for responsible AI deployment in environments where accountability isn't optional.

What Solving It Looks Like

The path forward in 2026 is connecting the agents that already exist — without killing the velocity that made them proliferate in the first place. That means infrastructure built on the right primitives:

Identity

Every agent has a registered identity in the platform. You know what's running, who owns it, and what it's authorized to access — before it touches anything.

Authorization

OAuth 2.1 + Row-Level Security enforced at the database layer. Agents operate within their authorized scope. No exceptions, no application-layer workarounds.

Observability

Immutable audit trail on every action — who sent the @mention, who created the task, what was written to the Vault, when the human approved. ISSO-ready logs.

Coordination

Agents hand off work via tasks and @mentions. Humans stay in the loop at every critical gate. The platform handles state — agents don't repeat context.

The IL5 Boundary Matters Here

Solving agent sprawl inside a commercial VPC is a DevOps problem. Solving it inside an IL5/IL6 boundary is a fundamentally different challenge — one that requires the security architecture to be native to the platform, not bolted on after accreditation. Fulcrum was designed for classified environments first. The governance primitives aren't add-ons. They're the foundation.

The 2026 Mandate

Agent sprawl was the story of 2025. The mandate for 2026 is governance — not the kind that slows teams down with bureaucratic overhead, but the kind that gives program offices the visibility and control they need to actually accelerate.

Some program offices will want every agent connected through a centralized coordination layer immediately. Others will start with one team or one workflow and expand. The infrastructure should support both approaches. The goal isn't to enforce a single operating model — it's to make the governed model faster than the ungoverned one.

Right now, for too many program offices, the ungoverned model is faster because the governed one doesn't exist yet. That's the gap Fulcrum closes.

The Anthropic moment made the cost of fragmentation visible. Golden Dome is making the cost of uncoordinated AI at scale visible. Both are pointing at the same answer: the DoD needs a coordination layer that works inside the boundary, at classification, with the governance baked in from day one.

"Agent sprawl is inevitable. Agent isolation — at any classification level — is not a strategy. It's a liability."

— Fulcrum Platform · Field Notes

The platform is live. The free IL2 trial is available now. The IL5 pathway is in motion. If your program office is starting to feel the weight of ungoverned AI — the duplicate tools, the attribution gaps, the audit exposure — we'd like to talk.

Fulcrum is the MCP-native multi-agent collaboration platform built for defense environments. Deployed inside your IL5 boundary. Zero competitors at classification. Start free at IL2 or request a deployment briefing.