- Almost half of that team doesn’t quite know what their AI agents get access to daily
- Businesses love AI agents, but also fear what they’re doing behind closed digital doors
- AI tools now need governance, audit tracks and control like human employees
Despite growing enthusiasm for Agentic AI across businesses, new research suggests that the rapid expansion of these tools will surpass the efforts to secure them.
A Sailpoint study of 353 IT subject people with corporate security responsibility has revealed a complex mixture of optimism and anxiety over AI agents.
The survey reports that 98% of organizations intend to expand their use of AI agents within the coming year.
AI Agent’s adoption surpasses security readiness
AI agents are integrated into operations that handle sensitive business data, from customer items and finances to legal documents and supply chain transactions – 96% of respondents said they consider these agents a growing security threat.
A core problem is visibility: Only 54% of professionals claim to have full awareness of the data their agents can access – leaving almost half of business environments in the dark about how AI agents interact with critical information.
By putting together the problem, 92% of respondents agreed that the regular AI agents are crucial to security, but only 44% have an actual policy in place.
In addition, eight out of ten companies say their AI agents have taken actions for which they were not intended – this includes access to unauthorized systems (39%), sharing inappropriate data (33%) and downloading sensitive content (32%).
Even more worryingly admitted 23% of respondents that their AI agents have been tricked into revealing access information, a potential gold mines for malicious actors.
A remarkable insight is that 72% believe that AI agents pose greater risks than traditional machine identities.
Part of the reason is that AI agents often require multiple identities to function effectively, especially when integrated with high-performance AI tools or systems used for development and writing.
Calls for a shift to an identity-first model are growing higher, but Sailpoint and others claim that organizations need to treat AI agents such as human users, complete with access control, responsibility mechanisms and full audit tracks.
AI agents are a relatively new addition to the business area and it will take time for organizations to fully integrate them into their operations.
“Many organizations are still early on this journey, and growing concerns about data control highlight the need for stronger, more comprehensive identity security strategies,” Sailpoint concluded.
