More than half of enterprises report AI agent security incidents or near-misses, survey finds
Only about a third of organizations give every agent its own scoped identity, while most still share credentials; fewer than three in ten isolate high-risk agents.
1 source · cross-referenced
- More than half of enterprises (54%) have experienced a confirmed AI agent security incident or near-miss, with 18% reporting a confirmed breach and 36% a near-miss caught before harm occurred.
- Only about a third (32%) of enterprises provide every AI agent with its own scoped identity, while 69% report some form of credential sharing among agents.
- Fewer than three in ten enterprises (30%) isolate their highest-risk AI agents in sandboxes to limit blast radius.
- Security tooling is dominated by provider-native solutions (e.g., OpenAI, Google, Microsoft, Anthropic), while dedicated agent-security specialists remain in low single digits.
- Nearly six in ten enterprises plan to adopt or switch agent security tooling within a year, despite high satisfaction (4.2/5) with current controls.
A VentureBeat Pulse Research survey of 107 enterprises finds that 54% have experienced either a confirmed AI agent security incident (18%) or a near-miss caught before harm (36%) in the past year. Only 42% report no such events, while a small remainder either run no agents in production or do not track such incidents.
The structural weakness underlying these incidents is identity management. Only about a third of enterprises (32%) give every agent its own scoped, managed identity, while 48% report that some agents share credentials and 32% say agents mostly run on shared API keys or borrowed human and service-account credentials. Organizations with credential sharing anywhere in their agent fleet experienced incidents or near-misses at a 63.5% rate, compared to 40.9% for those with fully scoped identities.
Isolation controls are also underdeveloped. Only 30% of enterprises isolate their highest-risk agents in sandboxes, despite this being the control that bounds damage when other measures fail. Monitoring and enforcement are more common—47% observe agent activity and 49% enforce scoped permissions at runtime—but containment lags behind.
Security tooling remains dominated by provider-native solutions. OpenAI’s guardrails lead at 51%, followed by Google’s and Microsoft’s cloud controls and Anthropic’s managed-agent controls. Dedicated agent-security specialists, such as Palo Alto’s Prisma AIRS or CrowdStrike, register in the low single digits. Satisfaction with current tooling is high (4.2/5), yet only a third of enterprises believe their AI-enabled defenses are ahead of AI-enabled attackers.
Budget allocations reflect the lag in preparedness. The most common spending range is 6–10% of the security budget on AI agent security (46%), with 34% spending 5% or less. Only 24% devote more than a tenth of their security budget to this area.
Despite high satisfaction, a majority of enterprises plan to change tooling within a year. Fifty-nine percent intend to adopt a new, additional, or replacement agent security solution within twelve months, with 29% planning to do so within the next quarter. Among organizations that have experienced an incident, 42.1% plan to act within 90 days, rising to 52.6% after a confirmed incident.
- Jul 17, 2026 · Hugging Face
Hugging Face discloses AI-driven intrusion into production infrastructure
Trust79 - Jul 16, 2026 · OpenAI — News
OpenAI outlines age-appropriate safeguards for ChatGPT access by teens
Trust66 - Jul 16, 2026 · Simon Willison’s Weblog
Researchers bypassed Claude’s web_fetch safeguards to exfiltrate user data
Trust79