Gartner: Over 40% of Agentic AI Projects Cancelled by 2027

On 25 June 2025, Gartner issued a public prediction that over 40% of agentic AI projects will be cancelled by the end of 2027, citing escalating costs, unclear business value, or inadequate risk controls. The prediction sits beside Gartner's own positioning of agentic AI as the headline entry in its Top 10 Strategic Technology Trends for 2025 (published 21 October 2024), which projected rapid enterprise adoption. The two messages are not in tension. The same technology can be the year's defining trend and the year's most-abandoned project category, because hype and governability move on different clocks.

For identity architecture, the phrase that matters is "inadequate risk controls". Cost overruns and unclear value are business problems. Inadequate risk controls is an identity problem, and it is the one our discipline is positioned to fix before it becomes the reason a programme gets cancelled.

An agentic AI deployment is, structurally, a request to create a population of autonomous non-human identities that read systems, make decisions, and take actions on their own authority. If that population is created the way most service accounts are created, ad hoc, broadly scoped, long-lived, and owned by no one, then "inadequate risk controls" is not a risk. It is the default outcome.

The architecture move is to treat agent identity as a precondition of the agentic project, not a clean-up task after it ships. That means a scope model that grants the agent only the access its task requires, short-lived credentials with a clear issuing authority, behavioural baselines that flag an agent acting outside its mandate, and a revocation path that works in seconds. The organisations whose agentic projects survive Gartner's predicted cull will largely be the ones that did this work up front. The ones that did not will discover the risk controls were inadequate at the same moment everyone else does, during the incident review.