AI Agent Security Gap: 54% of Enterprises Already Had an Incident
A new study reveals that over half of enterprises have experienced AI agent security incidents, yet most still allow agents to share credentials, creating significant risks.

According to the latest VentureBeat Pulse research covering 107 enterprises, AI agents are being granted real access to systems and data while security controls lag behind.
Key Findings
More than half (54%) of organizations have already experienced a confirmed AI agent security incident (18%) or a near-miss that was caught before harm (36%). However, only about one-third (32%) give every agent its own scoped, managed identity. The rest report that some agents share credentials or that agents mostly run on shared API keys and human or service-account credentials.
Identity and Isolation Deficits
When agents share credentials, a single compromised or over-permissioned agent carries a wide blast radius. Only three in ten enterprises (30%) isolate their highest-risk agents in sandboxes to bound that radius. The security stack is overwhelmingly borrowed from model providers and hyperscalers rather than purpose-built for agents.
Conclusion
The study highlights an agent security gap – autonomous agents proliferating faster than the identity, isolation, and enforcement controls needed to contain them. Notably, enterprises appear comfortable despite the risks, with security spending remaining a thin slice of the budget and opinions split on whether defenses are keeping pace with AI-enabled attackers.


