More than half of enterprises deploying AI agents have already experienced security incidents, according to new research that exposes critical gaps in how organisations manage autonomous AI systems. The findings, reported by VentureBeat AI citing Datavault AI research, reveal that 54% of companies have suffered breaches despite most maintaining inadequate access controls.
The security failures stem largely from a fundamental architectural flaw: organisations are allowing AI agents to share credentials rather than implementing individual authentication mechanisms. This practice, which would be considered unacceptable for human employees in regulated environments, has become commonplace in AI deployments as enterprises rush to implement agent-based systems without establishing proper governance frameworks.
The credential-sharing approach creates cascading risks. When multiple AI agents operate under shared authentication, security teams cannot trace specific actions to individual agents, making incident response and audit trails nearly impossible. If credentials are compromised, the blast radius extends across all agents using those credentials rather than being contained to a single system.
“Most organisations are treating AI agents like shared service accounts rather than individual actors requiring discrete access controls,” the research indicates. This represents a regression from identity and access management best practices that enterprises spent decades implementing for human users.
The business impact extends beyond technical security concerns. Regulatory compliance frameworks increasingly require organisations to demonstrate clear accountability chains for automated decision-making. Shared credentials make this impossible, potentially exposing enterprises to regulatory penalties under frameworks including GDPR, financial services regulations, and emerging AI-specific legislation.
For security vendors, the findings represent a substantial market opportunity. Organisations now require purpose-built identity and access management solutions for AI agents, creating demand for products that can provision individual credentials, enforce least-privilege access, and maintain comprehensive audit logs for autonomous systems. Traditional IAM vendors and emerging AI security specialists are positioned to capture this market.
Conversely, enterprises that fail to address these gaps face mounting risks. Beyond direct security incidents, organisations may find themselves unable to deploy AI agents in regulated processes or high-value workflows, limiting the return on their AI investments. Insurance carriers are also beginning to scrutinise AI security practices, potentially affecting coverage terms and premiums.
The research arrives as enterprises accelerate AI agent deployments across customer service, software development, data analysis, and business process automation. Industry analysts estimate that agent-based AI systems will handle billions of enterprise transactions annually by 2025, magnifying the consequences of inadequate security controls.
The credential-sharing problem reflects broader organisational challenges in adapting security practices to AI systems. Many enterprises are applying legacy frameworks designed for passive AI models—which merely generate outputs—to autonomous agents that take actions, access systems, and make decisions independently. This category error leaves critical security gaps unaddressed.
Security experts recommend that organisations implement several immediate measures: provision unique credentials for each AI agent, enforce role-based access controls that limit agents to necessary systems and data, establish comprehensive logging of agent actions, and create incident response procedures specifically designed for agent-related breaches.
Looking ahead, the security posture of AI agent deployments will likely face increased scrutiny from boards, regulators, and customers. Organisations should expect emerging compliance requirements to mandate specific controls for autonomous AI systems, similar to how data protection regulations evolved in response to cloud computing adoption.
The question facing enterprises is no longer whether to secure AI agents differently, but how quickly they can implement proper controls before the next incident occurs. With more than half already experiencing breaches, the window for proactive security measures is rapidly closing.





