Enterprise AI agents are outpacing security controls, survey finds
VentureBeat Pulse Research says 54% of surveyed enterprises have had an AI agent security incident or near-miss while credential sharing remains common.
By Colin Brandt · Enterprise Reporter
· 4 min read
VentureBeat Pulse Research found that 54% of 107 surveyed enterprises have already recorded a confirmed AI agent security incident or a near-miss, even as most still allow some agents to use shared credentials. The finding matters for security vendors and platform providers because enterprises are putting autonomous software into production faster than they are adopting agent-specific identity, isolation and enforcement controls.
The June 2026 survey covered organizations with more than 100 employees and excluded the smallest company-size band. VentureBeat described the results as directional rather than statistically precise, noting that the sample was self-selected and weighted toward mid-market companies. Forty-five percent of respondents were final decision-makers for AI purchases, while another 30% were recommenders or influencers.
Incidents are already shaping budgets
According to VentureBeat Pulse Research, 18% of respondents reported a confirmed agent security incident and 36% reported a near-miss that was caught before causing harm. Forty-two percent said they had not seen such an event, with the remainder either not running production agents or not tracking these cases.
The reported rate was higher in larger companies. Organizations above 1,000 employees had an incident-or-near-miss rate of 63%, compared with 49% among companies with 101 to 1,000 employees. At the same time, the survey said sandboxing of high-risk agents was lower in the larger-company group, at 20%, compared with 35% in the mid-market group.
Credential sharing remains the weak point
Only 32% of surveyed enterprises said every AI agent has its own scoped, managed identity. VentureBeat reported that 69% had some credential sharing in their agent fleet, including companies where some agents have individual identities while others still use shared credentials, API keys, human credentials or service-account credentials.
The survey found a correlation between that posture and reported events. Organizations with credential sharing had an incident-or-near-miss rate of 63.5%, while organizations that said every agent had its own scoped identity reported a rate of 40.9%. VentureBeat cautioned that the fully scoped group was small, so the data shows association rather than causation.
Containment also appears uneven. Forty-seven percent of respondents said they monitor agent activity, and 49% said they enforce scoped permissions at runtime. Only 30% said they isolate their highest-risk agents in sandboxes.
Platform controls dominate the stack
The tools in use are mostly coming from model providers and cloud platforms rather than dedicated agent-security vendors. VentureBeat said OpenAI guardrails were used by 51% of respondents, with Google, Microsoft and Anthropic controls also prominent. When respondents named their primary layer, 82% chose provider-native offerings.
Specialist vendors and products, including Palo Alto Prisma AIRS, CrowdStrike, Cisco AI Defense, Zenity, HiddenLayer, Check Point’s Lakera, Okta for AI Agents and non-human identity platforms, were each in the low single digits for current use, according to the survey. Only 5% said they ran no dedicated tooling.
That does not mean buyers are fully settled. Satisfaction averaged 4.2 out of 5 overall, and 4.1 for value for money, but 59% of respondents said they planned to adopt, add or replace an agent security tool within 12 months. Twenty-nine percent expected to do so within the next quarter.
Incident history appears to accelerate buying. Among organizations that had been hit, 42.1% planned a tooling change within 90 days, compared with 14.0% of those with no incident. Among organizations with a confirmed incident, the near-term change rate rose to 52.6%.
Identity is still not central to purchase plans
The consideration set still leans toward provider controls: OpenAI at 34%, Google at 30%, Anthropic at 29% and Azure at 25%. Dedicated security vendors drew early interest in the mid-to-high single digits, higher than their current footprint.
Agent identity tools were less visible. VentureBeat reported that 12% of respondents included Okta for AI Agents, Microsoft Entra Agent ID or a non-human identity platform anywhere in their consideration set. Among organizations that both shared credentials and had already experienced an incident, identity consideration stayed at about one in ten.
Spending also trails the reported risk. Forty-six percent of respondents said agent security consumes 6% to 10% of the security budget, 34% spend 5% or less, and 24% allocate more than 10%. VentureBeat’s data points to a market still relying on bundled controls while the controls most tied to containment, scoped identity and isolation, remain underdeployed.
This story draws on original reporting from VentureBeat.