Enterprises Report Widespread AI Agent Security Incidents
A new study reveals over half of enterprises have experienced AI agent security incidents. Most agents still share credentials, with only a third assigned unique, scoped identities.

Over half of enterprises (54%) have already faced a confirmed security incident or a near-miss involving AI agents, according to new research by VentureBeat. The study highlights a critical gap between the autonomy granted to AI agents and the controls in place to manage them.
The primary weakness lies in identity management, with only about a third (32%) of organizations assigning each AI agent its own distinct, scoped identity. The majority of agents continue to share credentials or API keys, significantly increasing the potential impact of a single compromised agent. Furthermore, only three in ten companies (30%) isolate their highest-risk agents in sandboxed environments to limit potential damage.
The security stack for AI agents is largely borrowed from cloud providers and AI model developers, rather than being purpose-built. Despite a stated satisfaction with these existing tools, a majority of companies plan to change their security tooling within the year. Spending on AI agent security remains a small fraction of overall security budgets, and only one-third of enterprises believe their defenses are keeping pace with AI-enabled attackers.
The research, based on responses from 107 enterprises with over 100 employees, suggests a proactive catching of issues, as evidenced by the high rate of near-misses. However, it points to an urgent need for more robust, dedicated security solutions to address the evolving threat landscape posed by autonomous AI agents.