The first time leadership asks “how many AI agents are running in production right now and what are they costing us,” the answer should not require a week of spreadsheet archaeology. The AI Control Tower exists for exactly that question. Standing it up well takes a few weeks; ignoring it until the audit is the more expensive path.
The Feature
AI Control Tower (Zurich release, March 2026) is the governance nerve center for every AI surface on the platform. View every active agent across Now Platform modules in one console. Real-time status, usage volume, model invocation cost, error rate, and compliance posture against configured policies. The same console exposes the dependency graph — which agent calls which spoke, which credential, which downstream system.
What You Track
Active agents and their operational state (running, paused, deprecated). Model usage and cost attribution by department, project, or business service. Permissions and data access scope per agent — which tables they can read, which ACL they bypass, which credentials they hold. Compliance audit trail with replay capability. Incident history (when an agent contributed to or caused an incident). Throughput and latency trends per agent over rolling windows.
Tracked dimensions per agent:
state, owner, model, model_version, daily_invocations,
daily_token_cost, error_rate, last_audit, scope_summary,
linked_credentials, linked_spokes, related_incidentsGovernance Actions
Disable agents with one click — useful during incident response or when a model behaves unexpectedly. Adjust scope and permissions without redeploying the agent. Force an audit cycle on demand. Trigger review workflows for agents whose error rate crosses thresholds. Central control replaces walking through each module to govern agents scattered across HRSD, ITSM, SecOps, CSM, and custom scoped apps.
Operational Fit
AI ops teams or platform engineering groups own the Control Tower. Weekly review of anomalies (cost spikes, error rate increases, scope drift). Monthly governance audit covering policy compliance, ownership currency, and decommission candidates. Quarterly policy tune that adjusts thresholds based on observed behavior and changing risk appetite. Without a named owner, the Control Tower becomes shelfware — present in the platform, ignored in operations.
Cost Considerations
The cost-per-agent dashboard is the most actionable surface for finance. Set per-agent and per-department spend caps, route alerts when an agent crosses 80% of its cap. The token cost of agentic workflows compounds quickly; an agent that retries on transient errors can multiply daily cost overnight. Cap retries explicitly and surface retry rate as a Control Tower metric.
Common Failure Modes
Treating the Control Tower as a dashboard for executives rather than a working surface for operators — the value is in the daily and weekly review cadence, not the quarterly screenshot. Allowing agents to run without an assigned owner — orphan agents accumulate scope and cost over time and nobody notices until the audit. Configuring policies that nobody can satisfy (zero error rate, zero scope drift) — pragmatic thresholds with documented exceptions are governance; aspirational thresholds are theater.
Implementation Sequence
Stand up Control Tower in inventory mode for two weeks — collect what is running, who owns it, what it costs. Then layer in the first policy (every agent must have a current owner and a documented purpose). Add cost caps next, then error-rate thresholds, then scope review cadence. Trying to enforce all policies on day one creates a wave of false positives that burns operational credibility.
What to do this week: open the Control Tower if it is enabled, count agents with no assigned owner — that count is your first cleanup target before any other governance work.
