Lack of visibility remains a top security risk with 65% of respondents reporting AI agent-related incidents in the past year

A new survey report from the Cloud Security Alliance (CSA), the world’s leading not-for-profit organization committed to AI, cloud, and Zero Trust cybersecurity education, found that nearly all organizations (82%) have unknown AI agents running in the IT infrastructure while nearly two in three (65%) have experienced AI agent-related incidents in the past 12 months. As a result, 61% reported data exposure, 43% operational disruption, and 35% financial losses.

The survey, Autonomous but Not Controlled: AI Agent Incidents Now Common in Enterprises, which was commissioned by Token Security, the leader in identity-first AI agent security, also exposed AI agent decommissioning as a leading risk factor, with only 21% of respondents having formal decommissioning processes in place.

While 68% of organizations believe they have strong visibility, the high number of undiscovered AI agents contradicts this perception. Many of these agents linger long past their intended use, retaining permissions and credentials that create “retirement debt,” exposing organizations to long-term risk. Left unchecked, this debt will continue to grow, accumulating quietly until it becomes a structural exposure, setting the stage for larger governance challenges.

“AI agent security and governance encompass an interconnected system spanning visibility, lifecycle management, policy, and monitoring. While foundational controls are in place, gaps in consistency and end-of-life management remain. As agents gain greater autonomy, governance must evolve into a more unified, operational model that can sustain control at scale,” said Hillary Baron, AVP of Research, Cloud Security Alliance.

The survey also found that:

• AI agent autonomy isn’t absolute. Organizations are enforcing control at decision points rather than across the board: 53% operate agents autonomously for low-risk tasks, with human review for higher-risk actions, 24% rely on human-in-the-loop models for most tasks, and only 13% report fully autonomous models. Similarly, when agents exceed their scope, 38% of respondents said the action requires human approval and 24% require it be logged. Only 11% will automatically block the action.
• Shadow deployment persists, despite confidence in visibility. While 68% report high confidence in their visibility into AI agents, 82% have discovered previously unknown agents in the past year, with 41% of respondents saying this happened multiple times. Shadow agents most commonly emerge in internal automation or scripting environments (51%) and LLM platforms, including custom tools, assistants, and plugins (47%), SaaS tools with built-in automation (40%), and developer-created workflows (40%).
• Risk and delegation are cornerstones of AI agent governance. Action risk (63%) and human authorization (53%) are emerging as the primary signals for governing agent behavior. This emphasis on risk and human authorization is also shaping future priorities: 79% say context-aware controls will be important/very important in the next two years. Respondents also indicated they’re already investing in defining acceptable behavior at the start, with 66% reporting they have clear guardrails for defining agent boundaries in place.
• AI agent incidents are driving security priorities. AI agent-related incidents are no longer the exception: 65% reported at least one in the past year. These incidents have tangible business impact, including data exposure (61%), operational disruption (43%), and financial cost (35%). No respondent reported experiencing zero material business impact. As a result, organizations are prioritizing risk management (29%), monitoring (28%), and permission control (19%), signaling a shift from discovery to managing agent behavior at scale.

“AI agents are outpacing the identity systems meant to secure and control them, and it’s already showing up in unknown agents and real incidents in the enterprise,” said Itamar Apelblat, CEO and Co-Founder of Token Security. “These agents are not just another workload. They are a new type of identity and legacy controls don’t work. Securing them requires an intent-based model, where every agent is continuously scoped to its purpose, which is what makes least privilege actually work for AI.”

Token commissioned CSA to develop the survey and report to better understand the industry’s knowledge, attitudes, and opinions regarding autonomous AI agents. Token financed the project and co-developed the questionnaire with CSA research analysts. The survey was conducted online by CSA in January 2026, and is based on 418 responses from IT and security professionals from organizations of various sizes and locations. CSA’s research analysts performed the data analysis and interpretation for this report.

Download Autonomous but Not Controlled: AI Agent Incidents Now Common in Enterprises.

About Token Security

Token Security accelerates the secure adoption of agentic AI by discovering AI agents across the enterprise, understanding their context and risk, and enforcing policies that govern their access and behavior. The platform provides continuous visibility, lifecycle management, and least-privilege enforcement to help organizations control autonomous AI agents operating across cloud, SaaS, and enterprise environments, eliminating blind spots, reducing risk, and ensuring compliance at scale.

Token Security is backed by Notable Capital, Crosspoint Capital, and TLV Partners. To learn more: token.security.

About Cloud Security Alliance

The Cloud Security Alliance (CSA) is the world’s leading not-for-profit organization committed to awareness, practical implementation, and credentialing of forward-looking cybersecurity topics, including AI, cloud, and Zero Trust. In an era where digital transformation drives business success, CSA stands as the global authority ensuring organizations can operate securely while harnessing cutting-edge technology. Through volunteer-driven research, globally-accepted standards, and award-winning vendor-neutral education programs that unite technical experts, industry practitioners, and varied associations, governments, chapters, and corporate members, CSA bridges the gap between innovation and pragmatic security execution. Visit CSA’s website to learn more.

View source version on businesswire.com: https://www.businesswire.com/news/home/20260421037010/en/

Many of these agents linger long past their intended use, retaining permissions and credentials that create “retirement debt,” exposing organizations to long-term risk.