As medium-sized to enterprise-level firms rush to adopt autonomous AI agents, a data privacy and identity security crisis could be looming…
Based on survey of 353 IT professionals* of medium to enterprise sizes from five continents^, on the topic of using AI agents in their responsibilities, an identity security firm has disclosed some data trends to the media.
First, 82% of respondents’ organizations^ were cited to be already using AI agents, with 44% indicating they had policies in place to secure the usage risks.
Second, 96% of technology professionals among the responders had indicated that their view of AI agents as growing risk, amid 98% of all respondents’ organizations planning to expand usage of AI agents within the next year.
Other findings
Third, 72% stated their view that AI agents pose a greater risk than machine identities. Also:
- These respondents cited factors contributing to AI agents as a security risk:
- AI agents’ access to privileged data (60%)
- Their potential to perform unintended actions (58%)
- Risk of agents sharing privileged data (57%)
- Risk of agents making decisions based on inaccurate or unverified data (55%)
- Accessing and sharing of inappropriate information (54%)
- 92% had indicated their view that governing AI agents was critical to enterprise security
- 23% had indicated that AI agents had ever been tricked into revealing access credentials
- Among 80% of respondents citing security risks and unintended actions using AI agents, three major concerns were:
- Accessing unauthorized systems or resources (39%)
- Accessing or sharing sensitive or inappropriate data (31% and 33%)
- Downloading sensitive content (32%)
According to Chandra Gnanasambandam, CTO and EVP of Product, SailPoint, the firm releasing its survey trends: “Autonomous agents are transforming how work gets done, but they also introduce a new attack surface. They often operate with broad access to sensitive systems and data, yet have limited oversight. That combination of high privilege and low visibility creates a prime target for attackers. As organizations expand their use of AI agents, they must take an identity-first approach to
