30 Agents, Zero Governance: What SaaStr Learned the Hard Way

SaaStr, the largest SaaS community in the world, runs almost 30 AI agents in production. Not as an experiment. Not as a demo. In production, handling real outbound sales, sponsor management, ticket operations, and internal strategy — every day.

In a recent episode of their podcast, SaaStr’s team shared the five biggest problems they have encountered scaling from a few agents to almost thirty. It is one of the most honest, operationally grounded accounts of what multi-agent deployment actually looks like today.

Every single problem they describe is, at its core, a governance problem. Not a model quality problem. Not a prompt engineering problem. A governance problem — the kind that emerges when autonomous systems act on behalf of an institution without institutional infrastructure to coordinate, constrain, and govern them.

Here are the five problems, in their own words, and what they reveal about the state of multi-agent operations in 2026.

SaaStr uses agents from Salesforce (AgentForce), Artisan, Qualified, Monaco, Claude, Replit, and others. Each agent has its own interface, its own context window, its own way of ingesting information.

The result is that a single operational change — like a new ticket promotion — has to be manually communicated to five different agents in five different interfaces.

This is not a tooling inconvenience. It is a governance failure. When institutional context — goals, campaigns, constraints — cannot be expressed once and enforced everywhere, you get drift. Each agent operates on a slightly different version of reality. The institution’s intent fragments across vendors.

Constellation solves this by providing a single set of institutional goals, permissions, and guardrails that apply regardless of which vendor’s agent is acting. You define the constraint once. Every agent that passes through the governance gate inherits it.

Every time SaaStr adds a new agent, the existing agents degrade. Not because they break, but because the human managing them redirects all their attention to onboarding the new one.

They estimate a two-week blackout period per new agent, during which existing agents go stale: "While they’re idling, they go stale really fast. Not because they can’t do things on their own, but because they’re waiting for you to tell them what to do."

The deeper issue: there is no institutional layer that maintains continuity while human attention shifts. Each agent is an island, dependent on a single human’s daily check-ins to stay current. This is not a scaling problem — it is an architectural one. Governance infrastructure provides the continuity that human attention cannot.

This was the most striking admission. SaaStr’s CEO said it plainly:

One person knows which contacts go into which agent. One person knows the segmentation logic. One person has the context that makes the whole system work. And that knowledge lives — their words — "all in my brain right now."

When they asked their Claude-based agent what would happen if the main operator got hit by a bus, the agent’s response was telling: it listed documents stored on a local laptop, campaign plans only it and the operator knew about, and even "the vibe" of SaaStr Annual. Then it said: "Don’t get hit by a bus."

This is the institutional memory problem. When operational knowledge is trapped in one person’s head — or worse, in one person’s local Claude context — the institution is one departure away from losing its entire agent infrastructure.

Constellation’s Idealoom layer exists precisely for this. It captures institutional knowledge — decisions, commitments, constraints, rationales — as structured, persistent, searchable records. Not in someone’s chat history. Not on someone’s laptop. In the institution itself.

SaaStr runs regular security audits on their vibe-coded apps and agents. The results are not encouraging.

Their honest assessment of the security landscape across their 30 agents:

And when you multiply security maintenance across 30 agents: "It’s almost unfathomable how to keep your apps and all your data secure."

The pattern they describe — periodic audits that produce overwhelming findings, patches that break other things, a growing backlog of unresolved issues — is the security equivalent of governance debt. It accumulates silently until something breaks.

Governance infrastructure changes the equation from periodic audits to continuous enforcement. Constraints are checked at the moment of action, not in a quarterly review. Security policies are institutional — they apply to every agent, including ones you vibe-coded last weekend.

This was the thread that ran through the entire conversation. Despite managing 30 agents, despite having budget and technical sophistication, despite actively looking — SaaStr has not found an orchestration layer.

They explored whether they could build one themselves and hit a wall: "Do all these agents have enough of an API or open system that we could manage? They’d all have to be 100% manageable through their API... which they’re not all today."

And the honest assessment of the vendor landscape: "Platforms are not as open as they look... they’re siloed solutions today."

This is the exact gap Constellation occupies. Not as another agent platform, but as the governance layer that sits above all of them. Constellation does not need to fully control each agent through its API. It intercepts actions at the governance gate — the point where any agent, from any vendor, attempts to do something consequential. The institution’s constraints apply at that boundary, regardless of what is behind it.

SaaStr’s proposed solution to these problems is hiring a "Chief Agent Officer" — a human who can manage all the agents, ideally backed by a second person for redundancy.

This is correct as a short-term measure. But it does not scale. A human managing 30 agents through daily one-on-ones — their current approach — is a linear solution to an exponential problem. Every new agent adds more context switching, more blackout periods, more succession risk. The human becomes the bottleneck, and the institution becomes dependent on that human.

The structural solution is not a better human. It is governance infrastructure — a layer that expresses institutional intent as machine-readable constraints, enforces them at the moment of action, and maintains institutional memory independent of any single operator.

SaaStr is not a governance company. They are not trying to sell anything in this space. They are practitioners sharing operational reality. That makes their testimony unusually credible.

What they describe is an organisation that has gone further with multi-agent deployment than almost anyone — 30 agents, real production workloads, measurable ROI — and has run directly into the limits of operating without governance infrastructure. Every problem they name maps to a known governance concept:

These are not bugs in their agent stack. They are the predictable consequences of deploying autonomous systems without the institutional infrastructure to govern them.

The question for every organisation scaling AI agents is not whether they will hit these problems. It is whether they will have governance infrastructure in place when they do.