industryvia VentureBeat AI

AI Agent Security Gap: 54% of Enterprises Have Already Had an Incident, Yet Most Still Let Agents Share Credentials

A VentureBeat survey of 107 enterprises reveals that 54% have already experienced an AI agent security incident or near-miss. Despite this, most companies still let agents share credentials, only a third give each agent its own scoped identity, and just 30% isolate their highest-risk agents. The security stack is largely borrowed from model providers and hyperscalers rather than purpose-built for agents, and spending remains a thin slice of the security budget.

AI Agent Security Gap: 54% of Enterprises Have Already Had an Incident, Yet Most Still Let Agents Share Credentials

VentureBeat AI reports that 54% of enterprises have already faced AI agent security incidents or near-misses, yet most still share credentials among agents. The survey, covering 107 enterprises, found that AI agents are increasingly being given real access to systems and data, but the security controls to contain them are lagging behind. Only about a third of companies give each agent its own scoped identity, and just three in ten isolate their highest-risk agents.

This lack of robust security measures poses significant risks. If an AI agent with shared credentials is compromised, it could lead to widespread data breaches or unauthorized access to sensitive information. The security stack is overwhelmingly borrowed from model providers and hyperscalers rather than purpose-built for agents, and spending on agent security remains a thin slice of the overall security budget. Enterprises are also evenly split on whether to build their own agent security tools or buy from vendors.

To protect yourself, check if the services you use have implemented AI agent security best practices. Look for companies that use individual identities for each agent and isolate high-risk agents. You can start by reviewing the security policies of your banking or healthcare providers and asking them about their AI agent security measures. If they can't provide clear answers, consider switching to providers that prioritize AI security.

#ai-security#enterprise#data-protection#ai-agents#cybersecurity