Loading prices…
STKR NewsSTKR News0 of 3 free this month
AI

The agent security gap: 54% of enterprises have already had an AI agent incident, and most still let agents share credentials

Enterprise AI agents are taking over internal systems faster than we can secure them, with over half of organizations already reporting security incidents or close calls.

Originally on VentureBeat AI
AB

Adrian Boysel

Contributor

Jul 16, 2026

4 min read

Photo illustration / STKR News

I spend a lot of time talking to founders who are building 'autonomous agents.' The pitch is always the same: efficiency, scale, and the ability to let software do the heavy lifting of a human. But as someone who has built systems from the ground up, my first question is always: 'What happens when it breaks?'

We finally have some data that answers that question, and frankly, it confirms my skepticism. According to a recent survey of over 100 enterprise leaders, we are currently living through a massive agent security gap. More than half of these organizations (54%) have already seen an AI agent go rogue, either via a full-blown security incident or a 'near-miss' that was caught just before the wheels fell off. If you are a builder, this should be your wake-up call to stop treating agents like toys and start treating them like the high-privilege employees they actually are.

The Identity Crisis in Your Stack

In the physical world, we don't give five different employees the same key to the vault and hope for the best. We use badges, biometrics, and logs. In the world of AI agents, however, we are being incredibly lazy. The data shows that only about a third of enterprises actually give each agent its own unique, scoped identity. The rest are just reusing API keys, sharing login credentials, or—worst of all—letting agents run on the credentials of a human employee.

This is a foundational mistake. When agents share credentials, you lose two things: attribution and containment. If an agent starts deleting database rows or leaking customer data, and it's using a shared service account, how do you know which specific process failed? You can't just kill the one bad actor; you have to shut down the whole system. For builders, this means if you aren't architecting for non-human identity (NHI) from day one, you are building technical debt that will eventually become a liability.

The Illusion of Safety

The weirdest part of the current state of affairs is how happy everyone seems to be while the house is on fire. The survey found that enterprise satisfaction with current security tools is surprisingly high—around 4.2 out of 5. This is a classic case of 'false comfort.' Most of these companies aren't using purpose-built security for their agents; they are just using the default guardrails that come with OpenAI, Microsoft, or Google.

Don't get me wrong, provider-native tools are a great start. But they are essentially the 'training wheels' of agent security. They aren't designed to handle the complex, multi-step reasoning failures that happen when an agent misunderstands a prompt and decides to 'optimize' its way through your sensitive files. Relying solely on your LLM provider to secure your application is like relying on your landlord to install your cyber-security firewall. It’s not their job, and they won’t do it as well as someone who knows your specific business logic.

Sandbox or Bust

As a founder, I think about 'blast radius' a lot. If a feature fails, does it take down the landing page, or does it drain the company bank account? The most effective way to limit that radius with agents is isolation—putting the agent in a sandbox where it can’t see anything it doesn't need to see.

The data tells us only 30% of companies are doing this for their high-risk agents. Instead, most are focusing on 'monitoring' (watching the disaster happen) or 'enforcement' (trying to block specific actions at runtime). While those are necessary, they are reactive. A sandbox is proactive. If you are building agentic workflows today, your 'high-risk' agents—those that can write code, talk to APIs, or access PII—must be isolated. Anything less is just waiting for an incident report to be written.

The Reality of the AI Arms Race

There is a lot of hype about how AI is going to help us defend our networks. But the people actually in the trenches aren't so sure. Only 35% of those surveyed believe their AI-powered defenses are actually beating the attackers who are also using AI. The rest think it's a toss-up or that we’re already losing.

This should temper the 'AI will solve everything' narrative. For builders, it means your security budget and your development roadmap need to be in lockstep. Right now, most companies are spending less than 10% of their security budget on AI agents. That is a lagging indicator. The risk is here today, but the funding is still stuck in the 2023 roadmap.

What Builders Specifically Need to Do

  • Implement Scoped Identities: Stop using the same API key for every agent. Every agent needs its own set of permissions that are strictly limited to the task at hand.
  • Move Beyond Guardrails: Don't assume that because you have 'system prompts' or basic model-side filtering that you are safe. You need application-layer security that understands your specific data flows.
  • Prioritize Sandboxing: If an agent can execute code or make external calls, it should happen in a hardened environment that has no path to your core infrastructure.
  • Plan for the Pivot: Nearly 60% of enterprises plan to change their security tools in the next year. If you are building a product, make sure your security architecture is modular enough to swap out your identity or monitoring layers as better, purpose-built tools hit the market.

The gap between the autonomy we are giving these agents and the controls we have to restrain them is widening. We are essentially giving the car keys to a teenager who has watched a lot of YouTube videos on driving, and we're acting surprised when they clip the mailbox. The 'near-misses' reported in this survey are the final warnings. The next phase won't be about who built the smartest agent—it will be about who built the most resilient one.


Read the original at VentureBeat AI →

The Brief

Stay Updated on Cutting-Edge Tech

A six-minute morning dispatch on the markets and the technology shaping them.

Free. No spam. Unsubscribe anytime.

Write for STKR

Become a Contributor

Earn $STKR for published stories on markets, protocols, and culture.

  • Earn $STKR for every published piece
  • Editorial support from the STKR desk
  • Byline visibility across the network
  • First look at the upcoming creator program
Apply to Write

Keep reading

All stories

Comments

24 reader responses