
On July 16, VentureBeat published the results of a survey on the security of corporate AI agents. Among 107 respondents, 18% reported a confirmed security incident, while another 36% mentioned an incident that was stopped before causing damage.

Another 42% of participants did not identify such events. In 5% of the organizations surveyed, AI agents were not operational in a production environment, and 2% did not monitor related incidents.
The survey was conducted in June 2026 among representatives of companies with more than 100 employees. The sample was self-selected and skewed towards medium-sized businesses.
Agents Continue to Share Credentials
Only 32% of respondents reported that each AI agent in their organization has its own managed identity with limited rights. This approach allows for controlled access and the ability to determine which program performed a specific action.
Another 48% stated that only some agents received separate identifiers, while others continue to share credentials. In 32% of companies, they primarily operate through shared API keys, employee accounts, or service accounts.
Participants could select multiple options for this question. According to VentureBeat’s calculations, shared credentials are used in at least part of the infrastructure by 69% of the surveyed organizations.
Among companies with such practices, 63.5% reported an incident or a prevented threat. In organizations where each agent had a separate identity, the figure was 40.9%. The authors emphasized that the results show a correlation between the two factors but do not prove causation. The group of companies with separate identifiers included only 22 participants.

To protect AI agents, 49% of organizations limit their rights directly during operation. Another 47% use monitoring and logging but cannot always automatically stop a dangerous action. Only 30% isolate agents with the most extensive rights in sandboxes.
Companies Rely on AI Provider Security
For 82% of respondents, the primary level of security is the built-in tools of AI model providers or major cloud platforms. Solutions from specialized agent security companies are used by a significantly smaller portion of participants.
Built-in restrictions from OpenAI are used by 51% of organizations. Google’s tools were cited by 36%, Microsoft’s by 35%, and Anthropic’s by 29%. Participants could choose multiple products, so the total exceeds 100%.
The average satisfaction with existing tools was 4.2 out of 5. This figure was calculated based on responses from 82 participants who rated the tools they use.
The most common expenditure was 6–10% of the total cybersecurity budget, as indicated by 46% of respondents. Another 26% spend 1–5% of the budget on AI agent protection, and 8% spend less than 1%. Thus, no more than 5% is allocated by a total of 34% of respondents. The share of companies spending more than 10% was 24%.
Despite high satisfaction with current solutions, 59% of organizations plan to implement a new tool, supplement the existing set, or replace one of the products within a year. In the next three months, 29% intend to do so.
Among participants who have already experienced an incident or prevented a threat, 42.1% plan to change their toolset within three months. In organizations without such events, the figure was 14%.

Survey Limitations
45% of participants made final decisions on AI product purchases, while another 30% recommended solutions or influenced their selection. Respondents included managers, specialists, directors, vice presidents, and senior executives.
About 67% of the sample represented companies with 101 to 1000 employees. The largest industry groups were technology companies, manufacturers, retailers, and healthcare organizations.
VentureBeat described the results as a preliminary snapshot of one wave of research. The authors concluded that the spread of AI agents outpaces the implementation of separate identifiers, isolation, and rights control. However, the survey does not allow for determining the actual frequency of such incidents in the corporate sector.
In June, Anthropic proposed protecting corporate AI agents using the Zero Trust principle. This approach involves a separate identity for each program, minimal rights, and verification of each action.
