AIToday

54% of enterprises hit by AI agent security incidents; most still share credentials

VentureBeat AI3h ago
54% of enterprises hit by AI agent security incidents; most still share credentials

Key takeaway

A survey of 107 enterprises reveals that more than half have already suffered an AI agent security incident or near-miss, yet most organizations still allow agents to share credentials and lack purpose-built security controls. With autonomous agents deploying faster than identity and isolation defenses can scale, and security spending on agents remaining minimal, enterprises face a widening gap between agent capabilities and the controls needed to contain them.

Summaries like this, in your inbox every morning.

Sign up free →

3 Key Points

  • What happened

    A survey of 107 enterprises found that 54% have already experienced a confirmed AI agent security incident or near-miss. Most agents still share credentials rather than each having its own scoped identity, and only three in ten enterprises isolate their highest-risk agents.

  • Why it matters

    Enterprises are deploying AI agents with real access to systems and data while security controls lag behind. The security tooling in use is overwhelmingly borrowed from model providers and hyperscalers rather than purpose-built for agents, and spending on agent security remains a thin slice of the overall security budget—leaving organizations exposed as autonomous agents proliferate faster than the containment measures needed to protect them.

  • What to watch

    Enterprises are evenly split on whether their current defenses are keeping pace with AI-enabled attackers. The research examined tooling, agent identity management, isolation practices, and incidents across the 107-enterprise sample.

In Depth

VentureBeat Pulse Research surveyed 107 enterprises to examine how organizations are securing their AI agents, looking at the tooling they deploy, identity and isolation management practices, and incidents that have already occurred.

The findings paint a picture of widespread exposure. Across the surveyed sample, 54% have already had a confirmed AI agent security incident or experienced a near-miss—a striking figure that indicates the problem is already affecting a majority of organizations attempting to deploy agents in production. This occurs even as enterprises grant agents real access to systems and data, making containment essential.

Yet the containment measures remain underdeveloped. Only about a third of enterprises give every agent its own scoped identity; the majority still allow agents to share credentials, a practice that complicates auditing, revocation, and forensic analysis. Even more concerning, only three in ten isolate their highest-risk agents—the very systems where the damage from a compromise or misconfiguration would be greatest.

The tooling picture reflects this immaturity. The security stack deployed across these enterprises is overwhelmingly borrowed from model providers and hyperscalers—companies like AWS or Azure or the makers of large language models—rather than purpose-built specifically for agent deployment patterns. This approach, while expedient, leaves gaps tailored to agent-specific threats. Furthermore, spending on agent security remains a thin slice of the overall security budget, suggesting that organizations have not yet prioritized dedicated investment in this area.

On defense posture, enterprises themselves are uncertain. The survey found them evenly split on whether their current defenses are keeping pace with AI-enabled attackers. As the body notes, autonomous agents are proliferating faster than the identity, isolation, and enforcement controls needed to contain them—a gap described as the "agent security gap." The research ultimately points to a pressing need for controls that match the speed and scope of agent deployment.

Context & Analysis

The research surface a critical mismatch in enterprise AI deployment. Organizations are granting AI agents real access to systems and data—a necessary step for productive use—but the security infrastructure to constrain that access has not kept pace. The fact that 54% of enterprises across a 107-company sample have already experienced an incident or near-miss suggests the gap is not theoretical; it is already manifesting in real operational risk.

Several structural factors contribute to this gap. First, identity and isolation practices remain immature: only about a third of enterprises have assigned each agent a scoped identity, and most still rely on shared credentials—a practice that violates least-privilege principles and makes forensics and revocation much harder. Second, the tooling landscape is dominated by solutions adapted from model providers and hyperscalers, not purpose-built for agent deployment patterns. Third, and crucially, agent security spending remains marginal within the overall security budget, suggesting that the problem is not yet perceived as urgent enough to attract dedicated investment.

The fact that enterprises are evenly split on whether defenses are keeping pace with attackers underscores the uncertainty. As autonomous agents continue to proliferate—and the body states they are proliferating faster than controls can scale—the risk surface will only expand. The research points to a window in which purpose-built tooling, clearer identity standards, and intentional isolation architecture could help close the gap before the problem becomes endemic.

FAQ

What percentage of enterprises have already had an AI agent security incident?
More than half (54%) of the 107 enterprises surveyed have had a confirmed agent security incident or near-miss.
How many enterprises give each agent its own scoped identity?
Only about a third of enterprises give every agent its own scoped identity; most agents still share credentials.
What is the main source of the security tools enterprises are using?
The security stack is overwhelmingly borrowed from model providers and hyperscalers rather than purpose-built specifically for agents.

Get the latest Large Language Models news every morning

AI-summarized, only the topics you pick — one digest a day via Email, Slack, or Discord.

Free · takes 30 seconds · unsubscribe anytime

Discussion

No comments yet. Be the first to share your thoughts!

Log in to join the discussion

Related Articles

Stay ahead with AI news

Get curated AI news from 200+ sources delivered daily to your inbox. Free to use.

Get Started Free

Free · takes 30 seconds · unsubscribe anytime

1 minute a day. The AI essentials.

200+ sources · Email / LINE / Slack

Get it free →