95% of Enterprises Run AI Agents Autonomously

ConductorOne's survey included responses from 300 IT and security leaders across various industries. The study aimed to understand the current state of AI agent deployment and the associated security challenges. The survey revealed that 67% of enterprises admitted they lack full visibility into the permissions and activities of these autonomous AI agents. This lack of visibility creates significant "identity risks," where AI agents might access sensitive data or perform unauthorized actions. One major concern highlighted in the report is the potential for AI agents to inherit excessive permissions, a phenomenon known as "privilege creep". This occurs when agents retain permissions beyond what they initially require, expanding the attack surface for malicious actors. Industry experts recommend implementing robust identity governance policies and access controls to mitigate these risks. Continuous monitoring of AI agent activities and regular permission audits are also crucial. Companies like Microsoft and Google are developing tools to help organizations manage AI agent identities and permissions. These tools offer features such as centralized access management, role-based access control, and real-time monitoring of agent activities. Startups are also emerging in the AI security space, offering specialized solutions for managing AI agent risks. These companies often focus on specific aspects of AI security, such as anomaly detection, threat intelligence, and incident response.