On July 16, VentureBeat published the results of a survey on the security of corporate AI agents. Among the 107 respondents, 18% reported a confirmed security incident, while another 36% experienced an event that was prevented before any damage occurred.

Source: VentureBeat Pulse Research.

Additionally, 42% of participants reported no such incidents. In 5% of the organizations surveyed, AI agents were not operational in a production environment, and 2% did not track related incidents.

The survey was conducted in June 2026 among representatives of companies with more than 100 employees. The sample was self-selected and skewed towards medium-sized businesses.

Agents Continue to Share Credentials

Only 32% of respondents indicated that each AI agent in their organization has its own managed identity with limited permissions. This approach allows for better access control and accountability regarding which program performed a specific action.

Another 48% stated that only some agents received individual identities, while others continued to share credentials. In 32% of companies, agents primarily operated through shared API keys, employee accounts, or service accounts.

Respondents could select multiple options for this question. According to VentureBeat's calculations, 69% of surveyed organizations use shared credentials at least in part of their infrastructure.

Among companies practicing this, 63.5% reported an incident or a prevented threat. In organizations where each agent had a separate identity, the figure was 40.9%. The authors noted that the results indicate a correlation between the two factors but do not prove causation. The group of companies with separate identifiers included only 22 participants.

Source: VentureBeat Pulse Research.

To protect AI agents, 49% of organizations restrict their permissions during operation. Another 47% utilize monitoring and logging but may not always be able to automatically halt dangerous actions. Only 30% isolate agents with the broadest permissions in sandboxes.

Companies Rely on AI Vendor Security

The primary level of security cited by 82% of respondents was the built-in tools from AI model vendors or major cloud platforms. A significantly smaller proportion of participants used solutions from specialized companies focused on agent protection.

Built-in restrictions from OpenAI were utilized by 51% of organizations. Google’s tools were mentioned by 36%, Microsoft by 35%, and Anthropic by 29%. Participants could select multiple products, so the total exceeds 100%.

The average satisfaction with existing tools was rated at 4.2 out of 5. This score was based on responses from 82 participants who evaluated the tools they used.

The most common expenditure category was 6–10% of the total cybersecurity budget, cited by 46% of respondents. Another 26% allocated 1–5% of their budget for AI agent protection, while 8% spent less than 1%. Thus, no more than 5% of respondents accounted for a total of 34%. The proportion of companies with expenditures exceeding 10% was 24%.

Despite high satisfaction with current solutions, 59% of organizations plan to implement a new tool, enhance their existing toolkit, or replace one of their products within the year. In the next three months, 29% intend to make such changes.

Among participants who had already faced an incident or a prevented threat, 42.1% plan to change their toolkit within three months. In organizations without such events, the figure was 14%.

Source: VentureBeat Pulse Research.

Survey Limitations

45% of participants made final decisions on the purchase of AI products, while 30% recommended solutions or influenced their selection. The respondents included managers, specialists, directors, vice presidents, and senior executives.

About 67% of the sample represented companies with 101 to 1000 employees. The largest industry groups were technology companies, manufacturers, retailers, and healthcare organizations.

VentureBeat described the results as a preliminary snapshot from a single wave of research. The authors concluded that the proliferation of AI agents is outpacing the implementation of individual identifiers, isolation, and rights control. However, the survey does not allow for an accurate assessment of the actual frequency of such incidents in the corporate sector.

It is worth noting that in June, Anthropic proposed protecting corporate AI agents based on the Zero Trust principle. This approach entails a separate identity for each program, minimal permissions, and verification of every action.