54% of enterprises already had an AI agent incident, despite shared credentials
A VentureBeat Pulse Research survey of 107 enterprises finds identity and isolation lag behind agent autonomy.

VentureBeat Pulse Research surveyed 107 enterprises on agent security, using a June 2026 wave focused on tooling, identity, isolation, and enforcement. The result is an agent security gap: 54% reported a confirmed incident (18%) or near-miss (36%), and most still let agents share credentials instead of isolating the highest-risk ones.
The number is blunt: in a June 2026 survey of 107 enterprises, 54% said they have already had an agent security incident. That breaks down into 18% reporting a confirmed incident and 36% reporting a near-miss caught before harm.
The more uncomfortable part is what those same enterprises are doing with agent access. Only about a third (32%) give every AI agent its own scoped, managed identity, while the rest report some form of credential sharing, including “mostly shared API keys” or borrowed human or service-account credentials. And when the blast radius matters most, isolation is rare: only three in ten (30%) isolate their highest-risk agents in sandboxes.
This is the agent security gap in plain English: autonomy is spreading faster than the controls meant to contain it. VentureBeat Pulse Research frames it as the distance between what enterprises let agents do and how well they can limit, attribute, and stop the damage when something goes off the rails. The incident-or-near-miss rate being high tells you the problem is not theoretical. The controls behind the numbers determine whether the next event stays a near-miss or becomes a real breach.
Identity is the structural weakness beneath those events. When agents share credentials, you don’t just increase risk, you blur accountability. An over-permissioned or compromised agent can act with far more reach than intended. And after the fact, forensics have a harder time separating which agent did what because multiple agents effectively run under the same access “identity.” The survey’s cross-sectional snapshot also shows a relationship between credential posture and reported incidents over the past twelve months. Organizations with credential sharing anywhere in the fleet were hit with an incident or near-miss at 63.5% (47 of 74). Organizations where every agent carries its own scoped identity were hit at 40.9% (9 of 22). The report is careful that this is an association rather than proven causation, but the 23-point difference inside a single survey is the kind of signal boards notice.
Containment is where the gap gets especially dangerous, because it is the last line of defense. Enterprises commonly “observe” and “enforce,” but they do not reliably “isolate.” In the survey’s terms, the control that bounds damage is the least common. Monitoring and enforcement are reasonably common, while containment is not. The report shows exposure scales with company size, but containment does not. Incident-or-near-miss rises from 49% in the mid-market (101-1,000 employees) to 63% at larger enterprises (above 1,000 employees). Over the same scale, sandbox isolation of high-risk agents falls from 35% to 20%. Satisfaction with security tooling also drops from 4.36 to 3.97, suggesting that whatever stack enterprises are using, it is not keeping them feeling safe as agent deployments grow.
One reason this is sticky: the security stack is often borrowed rather than purpose-built. VentureBeat notes that controls are overwhelmingly provider-native and hyperscaler-driven, including OpenAI’s guardrails (51%), Google’s and Microsoft’s cloud controls, and Anthropic’s managed-agent controls. Dedicated agent-security specialists “barely register.” That doesn’t mean those controls are bad. It does mean enterprises may be building agent programs faster than they can assemble a security layer designed for agent-specific failure modes like credential sprawl, ambiguous attribution, and inconsistent isolation.
There is also a spending and planning mismatch. The report says spending remains a thin slice of the security budget, and only a third of enterprises believe their AI defenses are ahead of AI-enabled attackers. Still, a clear majority plan to change tooling within the year. In other words, enterprises are satisfied with a borrowed stack while also preparing to replace parts of it. That is a classic “we have something working, but we know it is not the final form” boardroom posture.
Regulatory pressure is part of the context, even though the report focuses on survey results rather than a single new rule. Over the past year, regulators globally have pushed hard on risk management, monitoring, and accountability for AI systems, which naturally maps to the identity and containment gaps the survey measures. If agents can act in systems with shared credentials, and if the highest-risk agents are not routinely isolated, it becomes harder to demonstrate strong controls over access, auditability, and harm prevention. For executives, the takeaway is not just “we had an incident.” It is “our control architecture is not designed for autonomy at this scale.”
The strategic stakes for peers in similar roles are direct. Agent deployments are expanding across more systems, and the report links that broader operational footprint to more incidents and less of the one control that bounds blast radius. If 54% already have reported incidents or near-misses, the question for boards is whether you can reduce uncertainty next quarter: tighten identity to scoped, managed credentials; stop credential sharing patterns across the fleet; and isolate highest-risk agents where the survey shows most enterprises are weakest.
This story's Key Insights and Take-aways are locked.
Create a free account to unlock Executive Actions for one credit.
Register to UnlockAlways free for Executives Club members. Join the Club
More in Technology

AWS billing glitch spiked some monthly fees from cents to billions
A billing error at Amazon Web Services reportedly turned small charges into massive invoices for some customers.

Vertu charges $6,880 for an AI agent, and TechCrunch tests what you get
The luxury foldable’s AI is not vaporware. Here’s how its daily performance stacks up, from workflows to battery and security.

Databricks’ $188B valuation jump signals AI-platform gravity, not a quiet side quest
The company positions itself as AI-first with research backing open-weight coding models and cost savings.

