A new VentureBeat Pulse study of 107 midsize enterprises reveals that 69% of organizations run AI agents with shared API keys or borrowed human credentials. When a single agent is compromised, the attacker instantly inherits the permissions of every workflow that key touches, and forensic tracing becomes impossible.
The survey shows that 54% of respondents have already faced an AI‑agent incident or near‑miss, with larger firms (over 1,000 employees) experiencing a 63% incident rate versus 49% for smaller groups. Only 32% assign each agent a scoped, managed identity, while just 30% sandbox their highest‑risk agents. This gap has driven major deals this year: Palo Alto Networks bought CyberArk for $21.1 billion, CrowdStrike acquired SGNL for $740 million and launched Continuous Identity for AI Agents, and Cisco announced a $400 million purchase of Astrix Security, all aimed at tightening the credential‑sharing layer.
Security leaders are urged to inventory every agent’s credentials, eliminate shared keys, and prioritize sandboxing for the most sensitive agents. With 59% of firms planning new tooling within a year, the market for dedicated AI‑agent security solutions is set to expand rapidly.



