AI agents are moving into core enterprise systems faster than companies are securing them, according to a Cloud Security Alliance survey commissioned by Aembit. In the survey, 67% of organizations said they already use task-automation agents, and just 15% said AI agents are not in production environments. Another 73% expect agents to become very important or critical within a year.
The security gap shows up in how those agents are identified and controlled. More than half of organizations said agents use workload identities, but 43% still rely on shared or generic service accounts and 31% said agents sometimes operate under a human user’s identity. That helps explain why 68% said they cannot very clearly distinguish AI-agent actions from human activity.
Risk is already visible. Nearly three-quarters of respondents said AI agents often get more access than needed, 79% said the systems create new access paths that are hard to monitor, and 81% said prompt manipulation could expose credentials or tokens. Nevertheless, confidence remains higher than the controls behind it: one-third of respondents said they do not know how often agent credentials are rotated, while only 22% said access-control frameworks are applied very consistently to AI agents.
What companies want next is telling. Real-time visibility into agent actions ranked first at 52%, ahead of clearer separation between human and AI identities at 45%. The survey, conducted online in January 2026, drew 228 responses from IT and security professionals.
Photo by Eric Krull on Unsplash
