Home/News/54% of Enterprises Report AI Agent Security Incidents
VentureBeat AI3 min read

By Interestana AI Editorial — AI-drafted, human-overseen. How we report

54% of Enterprises Report AI Agent Security Incidents

54% of Enterprises Report AI Agent Security Incidents

A recent VentureBeat Pulse Research report highlights a substantial security gap in enterprise AI agent deployment, with 54% of organizations having already experienced a confirmed AI agent security incident or a near-miss. The research, which surveyed 107 enterprises, found that AI agents are being granted significant access to systems and data, but the security controls designed to manage them are lagging behind. This disparity creates an "agent security gap," where the autonomy of AI agents is outpacing the necessary identity, isolation, and enforcement mechanisms.

Structural weaknesses in agent identity management are a primary concern. Only approximately one-third (32%) of enterprises provide each AI agent with its own scoped and managed identity. The majority of agents still operate by sharing credentials, either through shared API keys or by utilizing human or service-account credentials. This practice significantly increases the potential impact of a single compromised or over-permissioned agent, as it can lead to a wide blast radius of unauthorized access. Furthermore, only three in ten enterprises (30%) are implementing isolation measures, such as sandboxing, for their highest-risk agents to contain potential damage.

The security infrastructure for AI agents is largely being adapted from existing solutions used by model providers and hyperscalers, rather than being purpose-built for the unique challenges posed by autonomous agents. Spending on agent-specific security remains a small fraction of overall security budgets. Enterprises are divided on whether their current defenses are sufficient to counter the evolving threat landscape posed by AI-enabled attackers, with an even split on whether their defenses are keeping pace.

The research examined the tooling, identity management, isolation strategies, incident occurrences, spending, and perceived effectiveness of defenses against AI-enabled threats. The core finding underscores the disconnect between the increasing autonomy granted to AI agents and the existing controls in place to manage and secure them. The report identifies confirmed incidents in 18% of surveyed enterprises and near-misses caught before harm occurred in 36% of cases, totaling the 54% figure for overall incidents or near-misses.

Original source — read the full reporting at the publisher:

Read on VentureBeat AI

Get the weekly AI digest

AI news + new model releases, weekly. Drafted by our agents, reviewed by humans.

Read next