344
Productivity & Workflow355
Automation & Workflow224
Software Development251
Marketing & Growth192
AI Infrastructure & MLOps174
Writing & Content Creation203
Data & Analytics141
Design & Creative170
Photography & Imaging156
Customer Support131
Sales & Outreach125
Voice & Speech135
Education & Learning131
Operations & Admin87
A VentureBeat survey of 107 companies finds many AI agents share logins, few are isolated, and incidents are already happening.
In short: A new survey suggests many companies are giving AI agents real access to business systems, while basic safety controls lag behind.
VentureBeat Pulse Research surveyed 107 organizations with more than 100 employees about how they secure AI agents, meaning software that can take actions on its own, like pulling data or triggering a workflow.
More than half of respondents, 54%, said they have already had either a confirmed security incident (18%) or a near-miss that was caught before harm (36%). Only 42% said they had not identified any such event.
A key issue is how these agents “log in.” Only 32% said every agent has its own scoped identity, meaning its own limited, tracked login with only the permissions it needs (like giving each employee their own badge and only the keys they need). The survey found 69% have some credential sharing across agents, such as shared API keys (a kind of password for software) or borrowed human and service account logins.
Isolation is also uncommon. Only 30% said they sandbox their highest-risk agents, meaning they run them in a restricted environment that limits damage if something goes wrong (like testing a new machine inside a protective cage).
Most companies rely on built-in controls from major providers instead of tools made specifically for agent security. For example, 51% reported using OpenAI guardrails. Overall satisfaction with current tooling was still high at 4.2 out of 5, even though 59% plan to adopt or switch tools within the next year.
If more companies keep letting agents share credentials and operate without strong isolation, the number of incidents could rise as agents are connected to more sensitive systems. It is also worth watching whether companies start treating agent identity and sandboxing as standard practice, not optional add-ons.
Source: Venturebeat