3 min Security

69% of companies allow AI agents to share credentials

69% of companies allow AI agents to share credentials

69 percent of companies allow AI agents to share credentials, according to a VentureBeat survey of 107 organizations. This means that a single compromised agent inherits all the others’ privileges. That’s a recipe for major incidents.

The problem is as simple as it is troublesome. If you share a single API key or identity across five agents, an attacker who compromises just one agent could immediately gain access to all five. Simply because five agents are accessible with the same API key or run on a single account. This also means it’s impossible to determine afterward which agent did what. The forensic trail often ends at the credential.

Only 32 percent of companies assign each agent its own scoped identity. VentureBeat bases this on its Q2 Agentic Security report. More than half (54 percent) of respondents had already experienced a security incident or near-incident involving an agent.

The wave of acquisitions behind that single figure

That explains this year’s wave of acquisitions. On February 11 , Palo Alto Networks completed its acquisition of CyberArk, a deal valued at $25 billion and the largest in the company’s history. In recent years, CyberArk had been expanding its Privileged Access Management specifically toward machine identities, the category that includes AI agents.

CrowdStrike acquired the runtime authorization platform SGNL for $740 million and launched its first product on June 15: Continuous Identity for AI Agents. On May 4, Cisco announced its intention to acquire non-human identity specialist Astrix Security for a reported $400 million.

Exposure grows along with the organization

It’s striking to see what happens when you break down the figures by company size. For organizations with 101 to 1,000 employees, the incident rate stands at 49 percent. For those with more than 1,000 employees, that figure jumps to 63 percent. Sandbox isolation, precisely the measure that limits damage, is trending in the opposite direction: from 35 to 20 percent.

Only 30 percent of companies isolate the highest-risk agents. Detection and logging are funded, but the containment layer is virtually nonexistent. The largest companies run the most agents and have the least isolation around them.

Secured by the model provider

When it comes to security, companies rely heavily on model providers. OpenAI’s guardrails lead the way at 51 percent, followed by Google Cloud (36 percent) and Microsoft (35 percent). As many as 82 percent cite a provider-native or hyperscaler control as their primary security layer. Specialized vendors remain in the single digits.

These controls primarily filter prompts and output, but they do not give an agent its own identity or isolate it. The struggle with agent governance is not new. Previous research by Salesforce and Deloitte already showed that 86 percent of IT decision-makers fear that AI agents create more problems than they add value, partly due to shadow AI and a lack of governance. Nevertheless, 59 percent of respondents plan to purchase or replace new agent security tools within the next twelve months.

Ultimately, AI agents are now making their debut, and, as with any new technology and innovation, security and observability often lag behind. That’s not ideal; it carries risks, but it’s difficult to stop. The most important thing is that organizations remain aware of those risks and continue to invest in AI security.