A new wave of VentureBeat Pulse Research finds that enterprises are granting autonomous AI agents broad access to systems and data faster than they are deploying the identity, isolation and enforcement controls required to contain them—an “agent security gap” that is already producing incidents and near-misses. The survey of 107 organizations shows that more than half have faced an agent-related security event while only about a third assign every agent a scoped identity and just three in ten isolate their highest‑risk agents. Satisfaction with mostly provider‑native security stacks is high even as spending stays modest and confidence in outpacing AI‑enabled attackers remains mixed.
AI Integration
The research centers on how enterprises are operationalizing agent security: what tools they rely on, how they handle agent identity, how often they isolate risky agents, what has gone wrong so far, and whether they believe their defenses are keeping up. The core finding is the distance between growing agent autonomy and the guardrails around it. A majority of respondents report a confirmed incident or a near‑miss, underscoring that agents are working close to sensitive edges. For organizations in cryptocurrency, blockchain infrastructure and digital‑asset trading—where automated software routinely touches wallets, custody systems, exchange APIs and settlement workflows—the lesson is immediate: the same autonomy that speeds execution can magnify risk if identity and isolation are thin.
Technology Use Case
Identity emerges as the structural weakness. Only about a third of enterprises say every agent operates under its own scoped, managed identity—the prerequisite for clean attribution and least‑privilege access. Across fleets, 69% report some form of credential sharing, whether through shared API keys or borrowed human and service‑account credentials. When credentials are pooled, a single compromised or overly permissive agent can act with unintended reach, expanding the blast radius and muddying forensics. In crypto‑adjacent operations—such as on‑chain data agents assisting with analytics, autonomous systems triaging compliance alerts, or bots preparing trade tickets—the same identity gaps would make it harder to attribute actions and contain errant behavior.
Containment also lags. While roughly half of enterprises monitor agent activity or enforce scoped permissions at runtime, only 30% sandbox their highest‑risk agents. From a defense‑in‑depth perspective, that ordering is inverted: observation records what happened, enforcement tries to prevent it, but isolation bounds damage when prevention fails. Combined with widespread credential sharing, the picture is of fleets that are watched and permissioned but not consistently boxed in—exactly the setup in which a single failure propagates.
Market Impact
Incidents are not hypothetical. More than half of organizations report an agent security event, with exposure scaling by size: larger enterprises see higher incident or near‑miss rates but are less likely to sandbox and report lower satisfaction with their tooling. For participants in digital‑asset markets—where milliseconds, keys and liquidity windows matter—any operational disruption or privilege overreach could have outsize financial and reputational costs. The findings suggest that the controls most relevant to limiting loss during a malfunction—non‑human identity and isolation—are the least mature.
Despite that, the stack doing most of the work is overwhelmingly provider‑native. OpenAI’s guardrails lead adoption, followed by cloud controls from Google and Microsoft and managed‑agent controls from Anthropic. When asked to name a primary security layer, 82% point to these platform offerings. Purpose‑built agent‑security products—such as Palo Alto’s Prisma AIRS, CrowdStrike, Cisco AI Defense, Zenity, HiddenLayer, Check Point’s Lakera, Okta for AI Agents and other non‑human identity platforms—register only in low single digits, and a small minority run without dedicated tooling. The pattern persisted across two Q2 survey waves, indicating that enterprises reach first for what their model or hyperscale platform ships.
Industry Response
The comfort level is striking. Overall satisfaction with current agent security tooling averages 4.2 out of 5, including 4.1 for value. Yet budgets have not caught up: the most common allocation is 6–10% of the security budget, a third spend 5% or less, and only a quarter devote more than a tenth. Confidence in the competitive balance is also tempered: only about a third believe their AI‑enabled defenses are ahead of AI‑enabled attackers, while a clear majority describe the race as even or favoring the attacker. In markets where adversaries also automate, “even” is a precarious posture.
Change appears imminent. Nearly six in ten respondents plan to adopt, add or replace agent security tooling within twelve months, including 29% within the next quarter. Experience drives urgency: organizations that have been hit are far more likely to make near‑term changes, and they are more likely to say attackers are ahead. The consideration set still leans toward provider‑native options—OpenAI, Google, Anthropic and Azure—while dedicated security vendors such as Cloudflare, Cisco, Palo Alto, Okta and Check Point’s Lakera draw early interest above their current footprint. What is largely absent from near‑term plans is the identity layer itself: only 12% list an agent‑identity product such as Okta for AI Agents, Microsoft Entra Agent ID or a non‑human identity platform anywhere in consideration, even among organizations with credential sharing and incidents.
Methodology
The results come from a single June 2026 Pulse Research wave focused on enterprises with more than 100 employees (n=107). The sample is self‑selected, mid‑market‑weighted and intended as directional rather than precise. Respondents are senior and buyer‑credible: 45% are final decision‑makers for AI purchases and 30% are recommenders or influencers, spanning managers through the C‑suite across Technology/Software, Manufacturing, Retail/E‑commerce and Healthcare/Life Sciences. Satisfaction scores reflect those who answered each rating; the overall satisfaction score aggregates 82 qualified responses.
The bottom line
Enterprises are scaling autonomous AI agents into production faster than they are deploying the identity and isolation controls that keep failures small. More than half have already seen incidents or near‑misses; only a third assign scoped identities to every agent; only three in ten sandbox their highest‑risk agents; and most rely on provider‑native guardrails rather than purpose‑built layers. Satisfaction is high, budgets are modest, and many plan to reshuffle tooling within a year. For organizations building on cryptocurrency, blockchain and digital‑asset infrastructure, the message is clear within the confines of the survey: agent adoption is outpacing agent security, and the controls that most directly limit operational and financial blast radius—scoped non‑human identity and isolation—are the least deployed.

