The agent security gap: 54% of enterprises have already had an AI agent incident, and most still let agents share credentials
TL;DR
Across 107 enterprises, AI agents are being given real access to systems and data while the controls meant to contain them lag behind. More than half have already had a confirmed agent security incident or a near-miss; only about a third give every agent its own scoped identity, and most agents still share credentials; and only three in ten isolate their highest-risk agents.
Nauti's Take
If your agents still run on shared API keys, shared service accounts, or broad permissions, that is the first fix, not a later security task. These numbers come from a single 107-enterprise survey reported by VentureBeat, so do not treat them as a market law.
Verify immediately which agent can write to which system, how credentials are separated, and whether high-risk workflows are actually isolated.