More than half of enterprises report AI agent security incidents, and most are sharing credentials across bots
A new survey of 107 enterprises reveals that 69% run AI agents on shared credentials while only 30% bother to sandbox high-risk bots.
The VentureBeat June 2026 Pulse Research survey, which polled 107 qualified enterprises with more than 100 employees, found that 54% have already experienced an AI agent security incident or near-incident. Of those, 18% confirmed an actual incident, while 36% reported a near-miss.
The credentials problem is worse than you think
A full 69% of enterprises admitted to operating AI agents using shared credentials. Only 32% provide each agent with its own scoped identity. In English: most companies are handing their AI bots the same username and password, which means if one agent gets compromised, attackers potentially get the keys to everything that credential touches.
Isolation controls aren’t much better. Only 30% of enterprises sandbox their high-risk AI agents. A third of respondents said their security budget allocation specifically for agent security sits at 5% or less.
Bigger companies, bigger problems
Incident rates climb as organizations get larger: 49% of firms with 101 to 1,000 employees reported incidents or near-misses, but that number jumps to 63% for enterprises with over 1,000 employees.
A separate survey from API management company Gravitee found that 54% of executives experienced or suspected an AI agent security incident in the last year, with 34.9% confirming such incidents.
The security industry is already responding with its wallet
Palo Alto Networks completed a $21.1 billion acquisition of CyberArk, while Cisco closed a $400 million deal for Astrix. Both transactions target improvements in identity management.
What this means for investors
The current 5%-or-less allocation to agent security is unsustainable given 54% incident rates. On the risk side, any enterprise deploying AI agents without proper identity scoping and sandboxing is carrying material operational risk that may not be reflected in its valuation.