65% of Enterprises Experienced AI Agent Security Incidents, 82% Discovered Undiscovered Agents

Research by Cloud Security Alliance and Token Security found 65% of enterprises experienced at least one AI agent-related cybersecurity incident in the past year. Despite over half reporting confidence in agent visibility, 82% discovered previously unknown agents in their networks. Forgotten agents not properly decommissioned pose significant risk, with incidents affecting core enterprise operations. CSA emphasizes the need for agent lifecycle governance, operational boundaries, and human-approval workflows.

Agent sprawl creates multiple attack surfaces: (1) forgotten agents with stale credentials accessing sensitive systems, (2) agents deployed by shadow IT without security review, (3) agents with over-permissioned access retained beyond project completion, (4) lack of centralized inventory preventing incident response. Attackers exploit these gaps to move laterally or exfiltrate data via compromised agent credentials.

Enterprise AI agent deployments across all frameworks: autonomous agents (OpenClaw, Anthropic Computer Use), multi-agent orchestration (LangChain, LlamaIndex, AutoGen, MetaGPT), and custom agentic workflows. Particularly acute in organizations with decentralized AI adoption or rapid proof-of-concept culture.

Implement agent inventory and governance: (1) deploy agent discovery tools to identify all active agents, (2) establish lifecycle management with mandatory decommissioning procedures, (3) apply least-privilege principles with time-bounded access grants, (4) require human approval for high-risk agent actions, (5) instrument agent activity logging for security monitoring. CSA recommends treating agents as a new identity class requiring IAM-level controls.