


























New research shows rapid AI adoption is outpacing governance, with unintended AI agent behavior becoming common across enterprises
SEATTLE – April 16, 2026 – A new study conducted by the Cloud Security Alliance (CSA), the world’s leading not-for-profit organization committed to AI, cloud, and Zero Trust cybersecurity education, found that the risk posed by AI agent scope violations is no longer theoretical but increasingly common. Commissioned by Zenity, the leading security and governance platform for AI, the Enterprise AI Security Starts with AI Agents survey found that 53% of organizations have had AI agents exceed their intended permissions, leaving them vulnerable to increased risk.
Nearly half (47%) of respondents experienced a security incident involving an AI agent in the past year. The study also found that when these incidents occur, detection and response times extend to hours and even days.
“AI agents are already operating at scale as part of the enterprise digital workforce, but security and governance haven’t kept pace with their autonomous actions,” said Hillary Baron, AVP of Research, Cloud Security Alliance. “The findings highlight gaps in visibility, runtime controls, and action traceability, underscoring the need for organizations to evolve their governance and security strategies, designing them specifically for autonomous systems and scaling them alongside adoption.”
Among the survey’s key findings:
"For years, the AI security conversation has focused on prompts. What this report confirms is that the real question is different: why did the agent do that? Agents are reading emails, accessing financial data, and changing configurations inside core business workflows. Most organizations can't say what those agents have accessed, what decisions they've made, or who is accountable when something goes wrong,” said Ben Kliger, co-founder and CEO of Zenity. “When scope violations are routine for 9 in 10 organizations and only 13% feel prepared for the regulatory scrutiny ahead, the problem isn't awareness. It's that legacy security was built to monitor what users say, not what autonomous systems do. The risk lives in runtime, in what agents actually do once they're in motion. That's where security has to be."
Zenity commissioned CSA to develop a survey to better understand the industry’s knowledge, attitudes, and opinions regarding autonomous AI agents. Zenity financed the project and co-developed the questionnaire with CSA research analysts. The survey was conducted online by CSA in September and November 2025 and received 445 responses from IT and security professionals from organizations of various sizes and locations. CSA’s research analysts performed the data analysis and interpretation for this report.
Download the Enterprise AI Security Starts with AI Agents survey report.
About Zenity
Zenity is the first security and governance platform purpose-built for AI agents - spanning SaaS, home grown platforms (Cloud), and end-user devices (Endpoint). Trusted by Fortune 500 enterprises, Zenity helps security teams confidently adopt AI by delivering defense in depth with full-lifecycle coverage: from agent discovery and posture management to real-time detection, inline prevention, and response. With an agent-centric approach that prioritizes how agents behave, what they access, and which tools they invoke, Zenity eliminates blind spots and enforces consistent policy and controls across environments so organizations can innovate with AI, without compromising security. Learn more at www.zenity.io.
About Cloud Security Alliance
The Cloud Security Alliance (CSA) is the world’s leading not-for-profit organization committed to awareness, practical implementation, and credentialing of forward-looking cybersecurity topics, including AI, cloud, and Zero Trust. In an era where digital transformation drives business success, CSA stands as the global authority ensuring organizations can operate securely while harnessing cutting-edge technology. Through volunteer-driven research, globally-accepted standards, and award-winning vendor-neutral education programs that unite technical experts, industry practitioners, and varied associations, governments, chapters, and corporate members, CSA bridges the gap between innovation and pragmatic security execution. Visit CSA’s website to learn more.
Media Contacts
Kristina Rundquist
ZAG Communications for the CSA
[email protected]
Elyse Familant
Results PR (for Zenity)
[email protected]
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。