“A study of 107 enterprises reveals critical security gaps in AI agent deployment, with over half having suffered confirmed incidents or near-misses. Most organizations fail to implement basic security practices like individual agent identities and credential isolation, instead relying on borrowed security infrastructure from model providers.”
Key Takeaways
- 54% of enterprises have had confirmed AI agent security incidents or near-misses
- Only 33% assign unique scoped identities to every agent; most share credentials
- Just 30% isolate high-risk agents; security stack borrowed from providers, not purpose-built
54% of enterprises have experienced AI agent security incidents despite inadequate controls.
trending_upWhy It Matters
As enterprises rapidly deploy AI agents with real system access, the lack of purpose-built security controls creates significant vulnerability exposure. The reliance on generic cloud provider security tools rather than agent-specific solutions leaves organizations exposed to cascading failures. This emerging gap between agent capabilities and security infrastructure could become a critical liability as agent deployment accelerates across industries.
FAQ
Why are most enterprises still sharing agent credentials?
Organizations are deploying agents faster than implementing proper identity and access management, defaulting to credential-sharing for convenience while security frameworks lag behind.
What's the difference between agent-specific and borrowed security?
Purpose-built agent security addresses unique risks like agent-to-agent communication and autonomous decision-making, whereas borrowed provider tools were designed for traditional cloud workloads.



