Akeyless: two‑thirds suspect agent access

AI agents are turning into a plain old identity-security problem — but faster, messier, and harder to see. The big issue is not some sci-fi jailbreak. It’s that companies are giving agents real credentials, broad permissions, and live access to business systems, then discovering they can’t really tell what those agents did once they got in. That’s the backdrop for Akeyless’ new survey, released May 12, which says 67% of organizations using AI agents suspect those agents have already accessed data beyond their intended scope. ### What exactly is the news here? Akeyless published its 2026 State of AI Agent Identity Security report based on a survey of 400 IT and security leaders in the U.S. and U.K. The headline number is blunt: two-thirds suspect agent overreach has already happened inside their organizations. The same survey says 61% have already revoked or rotated AI-agent credentials because of suspected exposure. (prnewswire.com) ### Why is “suspect” still a big deal? Because the word tells you visibility is weak. If companies knew exactly what happened, this would be an incident-response story. Instead, a lot of them seem stuck in the worse middle ground — enough evidence to worry, not enough control to prove or disprove what the agent touched. Only 7% said their controls would actually prevent a compromised agent from operating. (prnewswire.com) ### Why are AI agents different from normal software? Regular software usually does a narrow, predictable thing. AI agents don’t. They can choose tools, chain actions, and move across systems based on context. That means an agent can stay “authorized” at every step and still create a result nobody intended. One security writeup frames the problem neatly: the risk is often not an unauthorized action, but an authorized sequence of actions across systems that were never meant to be combined. (prnewswire.com) ### Where does the exposure come from? Mostly from old identity habits. Akeyless says many organizations still rely on static secrets, API keys, and persistent credentials embedded in code or workflows. Those credentials often have broad permissions, and more than four in five respondents said one compromised credential could affect multiple major systems. Fewer than half said they have full visibility into where those credentials are stored. (securitytoday.com) ### How slow is the response gap? Way too slow for machine-speed systems. The survey says it takes an average of 14 hours to detect a compromised AI agent, then nearly a week to contain and remediate the issue. Meanwhile the agent can act in milliseconds. That gap is basically the whole story — human review cycles trying to govern software that can make thousands of decisions before anyone opens a dashboard. (prnewswire.com) ### What are security teams asking for instead? The fix is starting to look pretty consistent. Give each agent its own identity. Keep privileges narrow. Issue access just in time instead of leaving standing credentials around. Then log actions in a way that ties them back to the original prompt or task. Akeyless has been pushing exactly that model in its newer product launches — runtime enforcement, zero standing privilege, and forensic traceability for each action. (prnewswire.com) ### Why does this matter beyond security teams? Because this is becoming a deal-cycle problem, not just a breach problem. Security buyers now want answers to simple questions: whose identity is this agent using, what can it touch, and can you prove what it did on our data? If a vendor can’t answer those, deployment slows down. One recent playbook on agent identity management argues that these governance questions are now showing up directly in enterprise procurement. (prnewswire.com) ### So what’s the bottom line? The industry is moving past “can AI agents be useful?” and into “can they be governed like real actors inside the company?” Akeyless’ survey matters because it puts a hard number on the trust gap. Enterprises are not mainly worried about rogue magic. They’re worried about agents doing exactly what their credentials allow — and that turning out to be far too much. (prnewswire.com) (securityboulevard.com)