Survey finds enterprises see 44% of agents

Nokod said Monday that enterprise security teams can see only 44% of the apps, agents, and automations business users build inside their companies. (prnewswire.com) The finding comes from Nokod’s 2026 survey of 200 enterprise chief information security officers, released April 27, 2026. The company said 80% of security teams lack full visibility into those systems. (prnewswire.com) (morningstar.com) Nokod said business users now outnumber professional developers by an average of 4 to 1, and by as much as 10 to 1 in some organizations. It pointed to tools including Microsoft Copilot Studio, ServiceNow, Power Automate, and UiPath. (prnewswire.com) These systems are not side projects, according to the survey. Nokod said more than half of chief information security officers believe business users are building applications that support business-critical processes. (prnewswire.com) An AI agent is software that can plan, call tools, move data, and take actions with little or no human approval at each step. McKinsey described these systems as autonomous and goal-driven, with the ability to reason, plan, act, and adapt. (mckinsey.com) That changes the risk from a hidden app to a hidden worker with credentials. McKinsey said AI agents act like “digital insiders,” operating inside company systems with varying levels of privilege and authority. (mckinsey.com) Prompt injection is one of the main ways those agents can be manipulated. OWASP says the attack works by feeding instructions that alter a model’s behavior or output in unintended ways, which can lead to data leakage or unauthorized actions. (genai.owasp.org) (owasp.org) Nokod said 90% of enterprises are working to standardize security and governance for AI tools, but the survey suggests policy is moving slower than deployment. The same report said most organizations still cannot account for more than half of what employees have already built. (prnewswire.com) The National Institute of Standards and Technology published its Generative Artificial Intelligence Profile on July 26, 2024, as a companion to its Artificial Intelligence Risk Management Framework. The guidance is voluntary, but it is designed to help organizations identify and manage generative AI risks. (nist.gov 1) (nist.gov 2) The gap Nokod is describing is basic inventory: companies cannot govern tools they cannot find. In a workplace where nondevelopers can assemble agents from off-the-shelf platforms, that inventory problem is turning into a security problem. (prnewswire.com) (mckinsey.com)