New VentureBeat research surveying 107 enterprises found that 69% run AI agents with credential sharing somewhere in their production deployments -- a structural security gap that's becoming more consequential as agents gain broader, more autonomous access to internal systems, customer data and third-party tools. The research, part of VentureBeat's June 2026 Pulse Research wave, is the clearest quantified look yet at how far enterprise security practice lags behind AI-agent adoption.
The layered-defense numbers tell a worrying story on their own: only 49% of enterprises enforce scoped permissions at runtime, and 47% monitor and log agent activity in any systematic way. Critically, just 30% sandbox their highest-risk agents -- the one control that actually limits the blast radius when the first two defenses fail, meaning most enterprises are relying on prevention alone rather than containment as a backstop.
The incident data confirms the gap is already being exploited or at least stress-tested in the real world: 54% of surveyed enterprises have had an AI agent security incident or near-incident, with 18% confirming an actual breach and 36% catching a near-miss before it became one. The pattern gets worse with scale, not better: incident rates climb from 49% at mid-sized companies (101-1,000 employees) to 63% at companies with more than 1,000 employees, even as sandbox adoption falls from 35% to 20% over the same size range -- meaning the largest, most attractive targets are proportionally the least contained.
Security vendors have noticed, and capital is flowing accordingly: Palo Alto Networks, CrowdStrike and Cisco have collectively committed more than $22 billion to AI-agent security in the past year alone. Palo Alto Networks completed its $21.1 billion acquisition of CyberArk in February, folding privileged-access management directly into its platform, while CrowdStrike closed a $740 million purchase of runtime-authorization platform SGNL and had shipped its first integrated product, Continuous Identity for AI Agents, by mid-June -- an unusually fast time-to-market for a security acquisition.
For enterprise software and security founders, the data is a clear market signal: agent-specific identity, credential-scoping and sandboxing tooling is one of the more durable, urgently-needed categories in enterprise AI infrastructure right now, distinct from general cloud security tooling that wasn't built with autonomous, tool-using agents in mind. For CISOs and enterprise buyers, the research is a useful benchmark to measure their own organization against -- if sandboxing sits below 30% and incident rates above 50% industry-wide, treating agent security as a solved problem is premature at almost any company's current maturity level.
The bear case: self-reported survey data on security incidents likely undercounts actual exposure, since companies with the weakest practices are also the least likely to have detected incidents in the first place -- meaning the true gap between agent adoption and agent security is probably wider than these numbers show. What to watch next: VentureBeat's full Q2 Agentic Security report, debuting July 14-15 at VB Transform, and whether the current wave of security-vendor M&A actually closes the sandboxing gap or just consolidates the market without improving real-world adoption rates.