Guozhen AIGlobal AI field notes and model intelligence

Realtime AI News

Half of enterprises hit by AI agent security incidents as deployments outpace governance, DigiCert finds

A DigiCert survey of 1,001 IT and cybersecurity leaders across the US, UK, and Australia found that 50% of enterprises experienced a security incident tied to an unauthorized or misconfigured AI agent in the past six months. While 90% of organizations have discussed AI governance at the leadership level, only half have formal programs and dedicated budgets in place.

Published

A new survey from DigiCert has put a concrete number on a risk that security teams have been tracking but few have fully governed: half of enterprises experienced a security incident directly tied to an unauthorized or misconfigured AI agent in the past six months. The survey, conducted across 1,001 IT and cybersecurity leaders in the United States, the United Kingdom, and Australia, was covered by The Deep View on July 7 and published via MarketScale on July 9.

Nearly eight in ten respondents — 78% — reported that their organization encountered some form of AI-related security issue during the period. Of those, 28% identified vulnerabilities without a confirmed incident, while the remaining 50% reported an actual breach or disruption. Science and technology firms logged the highest incident rates, followed by banking and financial services, telecommunications and media, and retail.

Brian Trzupek, DigiCert's senior vice president of product, told The Deep View that AI agents present a fundamentally different identity problem from traditional endpoints. They operate autonomously at machine speed, yet most enterprises have not applied the same identity, authentication, and audit controls to them that they already require of human users, connected devices, and enterprise applications.

The exposure vectors Trzupek cited include prompt injection attacks, data poisoning, unauthorized access to sensitive systems, and an inability to trace which model produced a given output. Nearly half of respondents reported limited or no visibility into how their AI systems arrive at decisions, making post-incident investigation significantly harder.

The volume of AI systems being pushed into production is accelerating the governance gap. In the same six-month window, 75% of organizations deployed four or more AI-powered systems, and more than a third deployed over ten. Each additional model or agent integration extends the attack surface without necessarily adding a corresponding control layer.

Governance discussions are widespread, with 90% of organizations reporting they have addressed AI governance at the leadership level. But acting on those discussions is another matter — only half have dedicated budgets and formal programs in place. One bright spot: 86% reported having at least some process for revoking access to a compromised AI system. Yet as Trzupek framed it, without governance, organizations cannot answer the basic questions of what AI is running, what it can access, and who is responsible when it fails.

Why it matters

The 50% incident rate is a number risk committees and boards will recognize, making the business case for formal AI governance programs. As AI agent deployment surges far ahead of identity and audit controls, enterprises face an urgent need to extend IAM frameworks to cover non-human actors before the next wave of incidents.

DigiCertAI AgentSecurityEnterpriseGovernance
Back to realtime news

Nearby Updates

All