The VentureBeat survey revealed serious gaps in the protection of corporate AI agents
7/17/2026, 12:13 PM • Евгения Слив

VentureBeat has published the results of a recent survey on the security of corporate AI agents. The study covered 107 representatives of companies with more than a hundred employees. 18% of respondents reported confirmed cybersecurity incidents. Another 36% were able to stop the threat before causing real damage. Almost half of the participants did not detect such events in their systems. Only 5% of organizations have completely abandoned AI agents in the work environment. Experts note that the sample is biased towards medium-sized businesses. The main problem lies in the access control of software agents. Only 32% of companies provide each AI with a unique managed identity. The remaining 68% continue to use shared credentials.
Using shared API keys or service accounts creates serious risks. According to analysts, this practice is common in 69% of organizations. Interestingly, companies with shared credentials are more likely to report incidents. This figure was almost 64% compared to 41% for companies with separate identifiers. To protect the systems, 49% of organizations restrict the rights of agents during work. Almost half of the respondents use monitoring and logging of actions. However, only 30% isolate agents with broad rights in special sandboxes. This indicates an insufficient level of automation of cybersecurity processes.
Most companies rely on built-in protection tools from AI vendors. 82% of respondents trust the solutions of large cloud platforms. 51% of organizations use OpenAI tools, while Google and Microsoft use about a third. The average satisfaction with these tools was 4.2 out of five possible points. Companies allocate from 1% to 10% of the total cybersecurity budget to protect AI agents. Despite the current satisfaction, 59% of organizations plan to update their tools within a year. Companies that have already faced real threats are doing this especially actively. Experts remind that the spread of AI agents is still ahead of the introduction of reliable control mechanisms.
