VC
Value Add VC
โšกHomePulseโšกHelpful Apps๐Ÿ“Blog
โ† Value Add PulseAI69% credential sharing (107 enterprises)

Shared API Keys Expose AI Agents at 69% of Enterprises

New VentureBeat research of 107 enterprises found 69% run AI agents with shared credentials in production, and only 30% sandbox their highest-risk agents.

69% of enterprises
Credential sharing
49%
Scoped runtime permissions
47%
Monitor/log agent activity
30%
Sandbox highest-risk agents
54%
Incident/near-incident rate
TC
Trace Cohen
Early-stage VC & angel ยท Founder, New York Venture Partners
July 9, 2026
2 min read
ShareXLinkedInEmail
THE RUNDOWN
1

VentureBeat's June 2026 Pulse Research, surveying 107 enterprises, found 69% run AI agents with credential sharing somewhere in their deployments -- a structural security gap as agents gain more autonomous access to systems and data

2

Only 49% of enterprises enforce scoped runtime permissions and 47% monitor and log agent activity; just 30% sandbox their highest-risk agents, the one control that limits blast radius when the first two layers of defense fail

3

More than half of respondents, 54%, have already experienced an AI agent security incident or near-incident -- 18% confirmed a real incident, 36% caught a near-miss -- and the incident rate climbs to 63% at companies with more than 1,000 employees, even as those larger companies sandbox less often than smaller ones

4

Security vendors are responding at scale: Palo Alto Networks, CrowdStrike and Cisco have collectively committed more than $22 billion to AI-agent security in the past year, including Palo Alto's $21.1 billion CyberArk acquisition and CrowdStrike's $740 million purchase of runtime-authorization platform SGNL

TC
The VC Read ยท Trace's TakeTrace Cohen

A 39-point gap between companies that got exposed (54%) and companies that actually sandbox their riskiest agents (30%) is the single most useful number in enterprise AI security right now -- it's the gap between 'we know agents are risky' and 'we've actually done something about it.' Founders building agent-identity and sandboxing tooling are sitting on one of the more durable enterprise AI infrastructure categories of the next two years, not a feature that gets absorbed by a platform play.

New VentureBeat research surveying 107 enterprises found that 69% run AI agents with credential sharing somewhere in their production deployments -- a structural security gap that's becoming more consequential as agents gain broader, more autonomous access to internal systems, customer data and third-party tools. The research, part of VentureBeat's June 2026 Pulse Research wave, is the clearest quantified look yet at how far enterprise security practice lags behind AI-agent adoption.

The layered-defense numbers tell a worrying story on their own: only 49% of enterprises enforce scoped permissions at runtime, and 47% monitor and log agent activity in any systematic way. Critically, just 30% sandbox their highest-risk agents -- the one control that actually limits the blast radius when the first two defenses fail, meaning most enterprises are relying on prevention alone rather than containment as a backstop.

The incident data confirms the gap is already being exploited or at least stress-tested in the real world: 54% of surveyed enterprises have had an AI agent security incident or near-incident, with 18% confirming an actual breach and 36% catching a near-miss before it became one. The pattern gets worse with scale, not better: incident rates climb from 49% at mid-sized companies (101-1,000 employees) to 63% at companies with more than 1,000 employees, even as sandbox adoption falls from 35% to 20% over the same size range -- meaning the largest, most attractive targets are proportionally the least contained.

Security vendors have noticed, and capital is flowing accordingly: Palo Alto Networks, CrowdStrike and Cisco have collectively committed more than $22 billion to AI-agent security in the past year alone. Palo Alto Networks completed its $21.1 billion acquisition of CyberArk in February, folding privileged-access management directly into its platform, while CrowdStrike closed a $740 million purchase of runtime-authorization platform SGNL and had shipped its first integrated product, Continuous Identity for AI Agents, by mid-June -- an unusually fast time-to-market for a security acquisition.

For enterprise software and security founders, the data is a clear market signal: agent-specific identity, credential-scoping and sandboxing tooling is one of the more durable, urgently-needed categories in enterprise AI infrastructure right now, distinct from general cloud security tooling that wasn't built with autonomous, tool-using agents in mind. For CISOs and enterprise buyers, the research is a useful benchmark to measure their own organization against -- if sandboxing sits below 30% and incident rates above 50% industry-wide, treating agent security as a solved problem is premature at almost any company's current maturity level.

The bear case: self-reported survey data on security incidents likely undercounts actual exposure, since companies with the weakest practices are also the least likely to have detected incidents in the first place -- meaning the true gap between agent adoption and agent security is probably wider than these numbers show. What to watch next: VentureBeat's full Q2 Agentic Security report, debuting July 14-15 at VB Transform, and whether the current wave of security-vendor M&A actually closes the sandboxing gap or just consolidates the market without improving real-world adoption rates.

ShareXLinkedInEmail

Originally reported by VentureBeat. Analysis and editorial commentary by Value Add Pulse.

โ† Back to Pulse

THE WIRE in your inbox

Tech, startup & VC news with Trace's take. Free, no spam.

Read Next

AI$1.25/$4.25 per 1M tokens

Meta Enters the AI Coding Race With Muse Spark 1.1

Meta launched Muse Spark 1.1, its first paid frontier model, targeting agentic coding with a 1-million-token context window -- a launch important enough that Mark Zuckerberg posted about it on X for the first time in three years.

AIN/A

OpenAI Shuts Down Atlas Browser Less Than a Year After Launch

OpenAI is discontinuing its standalone Atlas browser by August 9, folding its agentic browsing features into ChatGPT's desktop app and a Chrome extension instead.

AI41% LinkedIn longform AI-generated

LinkedIn and X Are Flooded With AI Spam, New Data Shows

AI-detection firm Pangram found 41% of longform LinkedIn posts and roughly a third of longer X posts are likely fully AI-generated, based on a two-month analysis of a million organically browsed posts.

@Trace_Cohenยทt@nyvp.com