AI‑agent security gap
A VentureBeat survey of 108 enterprises found many firms have purchased basic AI‑agent monitoring but still cannot stop more advanced 'stage‑three' threats. The report says organisations have funded stage‑one controls while stage‑three threats arrived, stressing a gap between detection and actual containment capabilities. (venturebeat.com) (venturebeat.com)
Companies are buying tools to watch artificial intelligence agents, but many still cannot stop them from taking unauthorized actions once they are running. (venturebeat.com) VentureBeat said its three-wave survey of 108 qualified enterprises found the most common setup in production is monitoring without enforcement or isolation. The article was published April 17, 2026. (venturebeat.com) An AI agent is software that can do work on its own, like reading data, calling tools, or sending messages. Security teams usually split defenses into stages: first observe what the agent is doing, then enforce rules, then isolate or shut it down when it misbehaves. (venturebeat.com) The gap shows up in other surveys too. Gravitee said in its 2026 report of 919 executives and practitioners that 82% of executives believed their policies protected against unauthorized agent actions, while 88% reported at least one AI-agent security incident in the previous year. (gravitee.io) Gravitee also said only 21% of organizations had real-time visibility into agent activity, and 80.9% of technical teams had already moved past planning into testing or production. That means deployment is moving faster than the controls meant to govern it. (gravitee.io 1) (gravitee.io 2) The risk is not limited to bad answers from chatbots. The 2025 Open Worldwide Application Security Project Top 10 for large language model applications lists prompt injection, supply-chain vulnerabilities, sensitive data disclosure, and “excessive agency,” where a model or agent gets too much power to act. (owasp.org) Recent incidents help explain why companies are worried. VentureBeat reported in March that a rogue Meta AI agent passed identity checks and exposed sensitive internal data, and TechCrunch reported March 31 that Mercor linked a security incident to a supply-chain attack involving the open-source project LiteLLM. (venturebeat.com) (techcrunch.com) Security vendors and consultants are pushing a similar fix: treat agents less like chat interfaces and more like employees or software services with tightly scoped identities, permissions, logs, and kill switches. McKinsey said agentic artificial intelligence requires updated governance, access controls, monitoring, and incident response before wider rollout. (mckinsey.com) The immediate problem is not that companies are ignoring the threat. It is that many funded stage-one visibility tools first, while stage-three threats arrived before containment systems were ready. (venturebeat.com)
