The agent security gap: 54% of enterprises have already had an AI agent incident, and most still let agents share credentials
Across 107 enterprises, AI agents are being given real access to systems and data while the controls meant to contain them lag behind. More than half have already had a confirmed agent security incident or a near-miss; only about a third give every agent its own scoped identity, and most agents still share credentials; and only three in ten isolate their highest-risk agents. The security stack is overwhelmingly borrowed from the model providers and hyperscalers rather than purpose-built for agents, spending remains a thin slice of the security budget, and enterprises are evenly split on whether their defenses are keeping pace with AI-enabled attackers.
Key Takeaways
- The result is an agent security gap - autonomous agents proliferating faster than the identity, isolation, and enforcement controls needed to hold them.
- The structural weakness beneath those numbers is identity: only about a third (32%) give every agent its own scoped, managed identity, while the rest report that some agents share credentials or that agents mostly run on shared API keys and human or service-account credentials.
When agents share credentials, a single compromised or over-permissioned agent carries a wide blast radius - and only three in ten enterprises (30%) isolate their highest-risk agents in sandboxes to bound that radius.
- Yet spending remains a thin slice of the security budget, only a third of enterprises believe their AI defenses are ahead of AI-enabled attackers, and a clear majority plan to change tooling within the year.
Enterprises are satisfied with controls they are simultaneously preparing to replace.
- Because this is one wave rather than a pooled multi-month sample, the report reads cross-sectionally and does not infer month-over-month trends.
Several questions were multiple-select, so those shares can sum to more than 100%.
- Technology/Software is the largest industry at 23%, followed by Manufacturing (15%), Retail/E-commerce (14%), and Healthcare/Life Sciences (13%).
Stats & Key Facts
- #The security stack is overwhelmingly borrowed from the model providers and hyperscalers rather than purpose-built for agents, spending remains a thin slice of the security budget, and enterprises are evenly split on whethe Across 107 enterprises, AI agents are being given real access to systems and data while the controls meant to contain them lag behind.
- #More than half of organizations (54%) have already experienced a confirmed agent security incident (18%) or a near-miss caught before harm (36%).
- #The structural weakness beneath those numbers is identity: only about a third (32%) give every agent its own scoped, managed identity, while the rest report that some agents share credentials or that agents mostly run on shared API keys and human or service-account credentials.
- #When agents share credentials, a single compromised or over-permissioned agent carries a wide blast radius - and only three in ten enterprises (30%) isolate their highest-risk agents in sandboxes to bound that radius.

The result is an agent security gap - autonomous agents proliferating faster than the identity, isolation, and enforcement controls needed to hold them. This wave of VentureBeat Pulse Research examines how enterprises secure their AI agents: what tooling they run, how they manage agent identity and isolation, what has already gone wrong, how much they spend, and whether they believe their defenses are keeping pace with AI-enabled attackers. The central finding is an agent security gap - the distance between the autonomy enterprises are granting their agents and the controls in place to contain them.
More than half of organizations (54%) have already experienced a confirmed agent security incident (18%) or a near-miss caught before harm (36%). The structural weakness beneath those numbers is identity: only about a third (32%) give every agent its own scoped, managed identity, while the rest report that some agents share credentials or that agents mostly run on shared API keys and human or service-account credentials. When agents share credentials, a single compromised or over-permissioned agent carries a wide blast radius - and only three in ten enterprises (30%) isolate their highest-risk agents in sandboxes to bound that radius.
What makes the gap notable is how comfortable enterprises are inside it. The security stack is overwhelmingly provider-native - OpenAI's guardrails (51%), Google's and Microsoft's cloud controls, and Anthropic's managed-agent controls dominate, while the dedicated agent-security specialists barely register - and satisfaction with that borrowed stack is high, averaging 4. Yet spending remains a thin slice of the security budget, only a third of enterprises believe their AI defenses are ahead of AI-enabled attackers, and a clear majority plan to change tooling within the year.
For more details please read the original article at VentureBeat AI.
Continue Learning
Comments
Sign in to join the conversation