65 Percent of Enterprises Have Already Experienced AI Agent Security Incidents

Recent CSA and Token Security Webinar Provided What Security Leaders Need to Know

AI agents have moved into the enterprise faster than most organizations expected. What started as experimentation with copilots, workflow automation, and LLM-powered assistants has rapidly evolved into something much larger: autonomous systems operating across cloud platforms, SaaS applications, internal orchestration frameworks, and business-critical workflows. And, while organizations are racing to adopt AI agents for productivity and efficiency, security and governance are struggling to keep pace.

That was the central theme of a recent webinar hosted by Cloud Security Alliance (CSA) and Token Security, where CSA’s AVP of Research Hillary Baron joined Token Security CEO and Co-Founder Itamar Apelblat to discuss the findings from CSA’s latest research report, Autonomous but Not Controlled: AI Agent Incidents Now Common in Enterprises.

The conversation painted a picture of an industry entering a new phase of AI adoption where the challenge is no longer simply deploying AI agents, but understanding how to secure and govern them before they become a source of operational and security risk.

Early in the webinar, Hillary highlighted the statistic that immediately reframed the conversation: 65% of organizations reported experiencing at least one security incident involving an AI agent or autonomous workflow within the past year.

For many organizations, AI agent security has already become operational reality.

The incidents themselves were far from minor. Organizations reported sensitive data exposure, operational disruption, unintended business actions, and customer-facing delays. Most notably, not a single respondent reported “no material impact” from these incidents.

What makes this shift particularly striking is how quickly it happened. During the discussion, Itamar reflected on how dramatically the landscape has changed in a very short time.

Just a year ago, many organizations would have claimed they had little or no AI agent presence at all. Today, enterprises are managing sprawling ecosystems of autonomous workflows often without fully understanding where those agents exist, what permissions they hold, or how independently they operate.

That visibility gap became one of the most important themes of the webinar.

According to the research, most organizations feel confident in their visibility into AI agents and autonomous workflows. Yet that confidence breaks down when compared against reality. While 68% of respondents reported high confidence in their visibility, 82% admitted they had discovered previously unknown “shadow” AI agents operating in their environments during the past year.

The contradiction is significant. Organizations believe they can see their AI ecosystem, yet unknown agents continue appearing inside the exact environments where legitimate AI adoption is accelerating: internal automation platforms, SaaS tools, developer-created workflows, and LLM-powered applications.

As Itamar explained during the webinar, many security leaders initially answer “yes” when asked whether they have visibility into AI agents. But, that answer changes as the conversation goes deeper.

Teams may have visibility into sanctioned enterprise AI deployments while simultaneously missing local coding agents, experimental workflows, or employee-created automations running outside traditional governance channels. In many ways, the same systems enabling rapid AI innovation are also creating the conditions for shadow AI to flourish.

That challenge becomes even more complicated because AI agents do not behave like traditional machine identities.

One of the most insightful parts of the webinar focused on how governance models themselves are evolving. The research found that organizations are increasingly shifting away from static permission models and moving toward contextual governance frameworks centered around risk and intent.

This shift reflects a deeper realization that AI agents are inherently dynamic systems.

Traditional applications tend to behave predictably. AI agents, however, pursue goals, adapt to context, and operate with varying levels of autonomy. That means governance can no longer rely solely on static access controls or predefined rules. Organizations are increasingly prioritizing human authorization, contextual decision-making, and risk-aware policies that evaluate whether an agent’s action should proceed in real time.

Throughout the conversation, both Hillary and Itamar emphasized that many organizations are still in the early stages of figuring out what effective AI governance actually looks like.

In some areas, progress is clearly happening. Enterprises are becoming more disciplined around onboarding agents, documenting intended purpose, reviewing permissions, and creating governance processes earlier in the lifecycle. But those improvements are not extending evenly across the full lifecycle.

One of the more important findings in the report involved what CSA described as “retirement debt.” While organizations are investing heavily in creating and deploying AI agents, far fewer have mature processes for decommissioning them once they are no longer needed. Only 21% of organizations reported having formal decommissioning processes in place, and only 19% expressed high confidence that unused agents are fully removed and their access properly revoked.

That creates a growing layer of invisible risk from inactive agents with lingering permissions, orphaned credentials, and stale integrations that continue existing quietly inside enterprise environments long after their original purpose has disappeared.

Itamar noted during the webinar that this problem is especially frustrating because, in many ways, it represents low-hanging fruit. Organizations are focusing heavily on detecting sophisticated AI threats while often failing to address basic lifecycle hygiene that could significantly reduce exposure.

Underlying all of these findings was a broader message that both speakers returned to repeatedly: AI agent governance is no longer a narrow technical discipline. It is rapidly becoming part of enterprise security and risk management processes.

The challenge organizations face now is not simply discovering AI agents. It is maintaining control over systems operating with increasing autonomy, broad access to enterprise data, and machine-speed decision-making.

As AI agents continue scaling across cloud infrastructure, SaaS ecosystems, internal orchestration systems, and LLM environments, governance can no longer function as a collection of disconnected controls. Visibility, lifecycle management, permissioning, contextual policies, monitoring, and enforcement all need to operate together as a cohesive system.

Ultimately, the webinar highlighted that AI adoption is accelerating whether organizations are ready or not. The organizations that succeed will not necessarily be the ones deploying the most AI agents. They will be the ones that learn how to secure and govern them effectively at scale.

Watch the full webinar on demand here:  https://www.brighttalk.com/webcast/16947/667137

‍