Agent Security Incidents Are Already Common
More than half of enterprises have already faced an AI agent security incident or a close call, according to new research from VentureBeat's Pulse series. The survey of 107 organizations with over 100 employees found that 54% reported either a confirmed agent security incident (18%) or a near-miss that was caught before causing harm (36%). Only 42% said they had experienced nothing, while a small remainder either do not run agents in production or do not track such events.
The high number of near-misses suggests that enterprises are catching problems, but often just in time. The controls that determine whether a near-miss becomes a full incident include identity management, isolation, and enforcement mechanisms.
The Identity Gap: Credential Sharing Is Widespread
A central weakness behind these incidents is how agents are identified. Only about a third of enterprises (32%) give every agent its own scoped, managed identity. This is the foundation for least-privilege access and clear attribution. Nearly half (48%) said some agents have scoped identities but many still share credentials, and another 32% reported that agents mostly run on shared API keys or borrowed human and service-account credentials. Respondents could select multiple patterns, so these numbers overlap.
When agents share credentials, a single compromised or over-permissioned agent can act with far more reach than intended. Forensics after an incident become difficult because it is not clear which agent performed which action. The survey found that organizations with credential sharing anywhere in the fleet experienced incidents or near-misses at a rate of 63.5% (47 of 74), compared to 40.9% (9 of 22) for those where every agent had its own scoped identity. This 23-point gap suggests a strong association, though the fully-scoped group is small.
Isolation and Containment Are Rare
While monitoring and enforcement are reasonably common, containment is not. Only three in ten enterprises (30%) isolate their highest-risk agents in sandboxes to limit the blast radius of a potential compromise. The lack of isolation is especially concerning for larger organizations. The incident rate rises from 49% in mid-market companies (101-1,000 employees) to 63% at larger enterprises (over 1,000 employees), while sandbox isolation of high-risk agents falls from 35% to 20%.
Security Stack Borrowed from Providers
The security tools enterprises use are overwhelmingly native to their AI model providers. OpenAI's guardrails (51%), Google's and Microsoft's cloud controls, and Anthropic's managed-agent controls dominate the stack. Dedicated agent-security specialists barely register. Despite this borrowed approach, satisfaction with the current tooling is high, averaging 4.2 out of 5.
Stay updated
Get the day's AI and automation news in your inbox. No spam, unsubscribe anytime.
Yet spending on agent security remains a thin slice of the overall security budget. Only a third of enterprises believe their AI defenses are ahead of AI-enabled attackers. A clear majority plan to change tooling within the year, indicating that while enterprises are satisfied with current controls, they are simultaneously preparing to replace them.
Methodology and Sample
The survey was fielded in June 2026 as part of VentureBeat's Pulse Research series. Responses were filtered to organizations with more than 100 employees, with the smallest size band excluded. The sample of 107 respondents is drawn from a single wave and reads cross-sectionally, not as a trend. Several questions allowed multiple selections, so shares can sum to more than 100%.
By role, 45% are final decision-makers for AI purchases and another 30% are recommenders or influencers. The seniority mix includes managers (43%), individual contributors (24%), VPs and directors (15%), and C-suite (11%). By organization size, the sample is mid-market-weighted: 251-1,000 employees (42%), 101-250 (25%), 1,001-5,000 (19%), 5,001-10,000 (8%), and 10,001+ (7%). Technology/Software is the largest industry at 23%, followed by Manufacturing (15%), Retail/E-commerce (14%), and Healthcare/Life Sciences (13%).
The sample is large enough for directional reading but should be treated as a signal rather than a precise measurement. It is self-selected and not a probability sample. Satisfaction ratings are computed on the 82 respondents who answered each rating question.
The Agent Security Gap
The central finding is an agent security gap: the distance between the autonomy enterprises grant their agents and the controls in place to contain them. More than half have already experienced an incident or near-miss. Identity management is the structural weakness, with only a third giving each agent its own scoped identity. Isolation of high-risk agents is rare, and the security stack is borrowed from providers rather than purpose-built for agents.
Enterprises are comfortable inside this gap, with high satisfaction ratings despite plans to change tooling. The gap is concentrated in the mid-market, but the organizations running the most agents across the most systems carry the most incidents and the least containment.
Related on Neura Market
- AI Tools Directory, Browse and compare AI security and agent management solutions.
- Automation Marketplace, Discover automation platforms and agent orchestration tools.
- Enterprise Security Directory, Find security solutions for AI and agent deployments.
