AI agents widen the enterprise threat map

Unchecked AI agents are triggering cybersecurity incidents across a broad swathe of companies, with data exposure, disrupted operations and direct financial damage now emerging as common consequences of a fast-moving corporate shift towards autonomous software. A new industry survey found that 65% of organisations suffered at least one AI agent-related incident over the past 12 months, while 82% said they had discovered previously unknown AI agents operating inside their environments. Among those reporting incidents, 61% cited data exposure, 43% operational disruption and 35% financial losses.

That picture points to a widening gap between adoption and control. The same survey suggests many companies believe they have good visibility into AI systems even as hidden agents continue to surface across internal automation tools, large-language-model platforms, SaaS products with built-in automation and developer-created workflows. Forty-one per cent of respondents said unknown agents had been discovered multiple times over the past year, underlining how quickly autonomous systems are spreading beyond formal governance channels.

AI agents differ from earlier workplace automation because they can take actions, invoke tools, access data and make decisions with limited human intervention. That changes the risk profile from a simple software oversight issue into a live operational security problem. Another April study from the same security body found 53% of organisations had experienced AI agents exceeding intended permissions, while 47% reported a security incident involving an AI agent in the past year. Only 16% expressed high confidence in their ability to detect AI-agent-specific threats.

Business use is expanding rapidly. AI agents are being deployed across IT, security operations, customer service and engineering, often with the promise of cutting manual workload and speeding up routine decisions. Yet fully autonomous deployment remains limited. The CSA survey found 53% of organisations allow agents to work autonomously only on low-risk tasks while requiring human review for higher-risk actions. Twenty-four per cent still rely on human-in-the-loop models for most tasks, and only 13% reported fully autonomous setups. That suggests companies are trying to capture productivity gains while keeping a hand on the emergency brake.

The weak point is not just what agents do while active, but what happens after their original purpose fades. Only 21% of surveyed organisations said they had a formal decommissioning process for AI agents. Dormant or abandoned agents can retain credentials, permissions and access paths long after a project ends, creating what the report describes as a form of accumulated retirement debt inside enterprise systems. In practice, that can leave security teams defending not only approved digital workers but also forgotten ones.

Pressure is also building from the external threat environment. Security researchers say frontier AI models are beginning to accelerate vulnerability discovery and lower the barrier for attackers to identify complex exploit chains, particularly in open-source software and software supply chains. That matters for enterprises embracing AI agents because these systems often depend on a web of APIs, plugins, third-party platforms and machine identities. The result is a larger attack surface at the same moment that defensive visibility remains incomplete.

Governance standards are moving, but unevenly. NIST’s AI Risk Management Framework has become an important reference point for organisations trying to frame, measure and manage AI-related risks, while the European Union’s AI Act is rolling out in phases, with the broader regime becoming fully applicable from 2 August 2026, alongside separate milestone dates for other obligations. Those frameworks give companies a structure, but they do not by themselves solve the day-to-day problem of identifying every agent, tracing every action and revoking access when an agent’s job is done.