New research from Cloud Security Alliance (CSA) and Token Security reveals how enterprises are struggling to secure and govern AI agents as adoption rapidly accelerates across cloud platforms, SaaS applications, internal systems, and LLM-powered workflows.

Based on insights from 418 IT and security professionals, the report uncovers the growing gap between AI agent adoption and enterprise readiness to secure and govern autonomous systems at scale.

Key Stats 

AI Agent Governance Has Become an Operational Security Challenge

AI agents are no longer experimental. Organizations are already experiencing real-world security incidents, visibility gaps, and governance failures tied to autonomous systems.

65% of organizations experienced at least one AI agent-related security incident in the past 12 months.

82% of organizations discovered previously unknown or “shadow” AI agents operating without governance oversight.

61% of incidents resulted in exposure or mishandling of sensitive data.

21% of organizations have formal decommissioning processes for AI agents.

What You Will Learn

This research explores how organizations are securing and governing AI agents as they become embedded in enterprise operations and critical business workflows.

Inside the report, you’ll learn:

• Why AI agent-related security incidents are already widespread across enterprises
• How organizations are managing AI agent autonomy, approvals, and exception handling
• Where shadow AI agents most commonly emerge
• Why visibility remains one of the biggest security and governance gaps
• How organizations are approaching lifecycle management and decommissioning
• Why governance models are shifting toward contextual, risk-aware controls
• What security leaders view as the biggest operational challenges for AI agents today
• How enterprises are evolving from AI experimentation toward scalable governance

‍