AI agent security incidents hit two-thirds of businesses in 2025
TL;DR
Two-thirds of organisations experienced at least one cybersecurity incident caused by their own AI agents in the past twelve months, according to the Cloud Security Alliance report "Autonomous but Not Controlled." The tools you deployed to boost productivity are now your biggest internal security liability. Only 20 percent of organisations have a formal process for decommissioning agents, and 88 percent cannot roll back agent actions once executed. This is not a future threat, it is already inside your network.
Why is your AI agent a security threat?
Most business leaders still think of AI agents as productivity tools. Deploy them, let them run, watch the efficiency gains roll in. The Cloud Security Alliance's 2026 report "Autonomous but Not Controlled" dismantles that assumption with one figure: 65 percent of organisations have suffered at least one AI agent-related incident in the past year.
The artificial intelligence you deployed to make your business faster is actively creating security breaches, exposing data, and disrupting operations.
This is not an external threat. There are no hackers in black hoodies. The breach is coming from inside the house, from the autonomous systems you sanctioned, funded, and deployed yourself.
How confident are organisations in their visibility over AI agents?
Here is where the data gets alarming. Despite 65 percent of organisations reporting incidents, 68 percent of respondents in the same Cloud Security Alliance survey claimed high confidence in their visibility over their AI agents.
That confidence is not just misplaced, it is directly contradicted by the respondents themselves. In the same survey, 82 percent admitted to discovering previously unknown AI agents operating on their own networks in the past year.
You cannot claim high visibility and simultaneously be discovering unknown autonomous systems on your own infrastructure. These are mutually exclusive positions, and right now most businesses are living in the gap between them.
What is the measurable damage?
The OutSystems 2026 Enterprise AI Report puts the scale in context: 96 percent of enterprises are now using AI agents in some capacity, 94 percent are concerned about uncontrolled agent sprawl, and only 12 percent have centralised governance over their agent deployments. We have gone from experimentation to enterprise-wide deployment in under two years, and the security infrastructure has not kept pace.
Among organisations that experienced an AI agent incident, the consequences were real and quantifiable:
- 61% reported data exposure
- 43% experienced operational disruption
- 41% experienced unintended business process actions
- 35% reported financial losses
- 31% experienced service delays
Agents are pulling data from databases, summarising it, and sharing it with unauthorised users or external platforms. They are adjusting inventory levels based on flawed data, altering customer records, and sending incorrect invoices, without any human in the loop, and often getting it catastrophically wrong.
How does the external AI threat compound the internal one?
The IBM X-Force Threat Index 2026 adds a compounding dimension: AI-driven cyberattacks surged 44 percent year-over-year, and AI-generated phishing emails are now virtually indistinguishable from genuine communications.
The signal that should stop every business leader cold: Anthropic, the company behind Claude and one of the most advanced AI research organisations in the world, was breached by AI-assisted hackers. If the company building frontier AI models cannot protect itself from AI-powered attacks, the question every mid-sized business needs to answer honestly is: what is your plan?
IBM's 2025 data provides the financial frame: the average cost of a data breach reached $4.88 million globally, with breaches involving AI tools or AI-generated attacks trending significantly higher. For a small or medium-sized business, a single incident at that scale is not a setback, it is existential.
See where AI fits in your business. Free.
A 45-minute audit. We map the highest-value automations and what they're worth in time and money. No pitch, no pressure.
Why is AI governance failing so badly?
The root cause is not technology, it is process. Businesses are deploying AI agents the way they deployed SaaS tools a decade ago: quickly, widely, and with almost no formal lifecycle management.
The Cloud Security Alliance is precise on this: only 20 percent of organisations have formal decommissioning processes for their AI agents. When a project ends, the agent keeps running. It retains its credentials, its access permissions, its ability to interact with your systems. It becomes a digital ghost, dormant, forgotten, and exploitable.
Rubrik Zero Labs reinforces this with three numbers that should concern every IT leader:
- 86% of security leaders say AI agents are outpacing their existing guardrails
- 23% have full visibility into what their agents are actually doing
- 88% cannot roll back agent actions once they have been executed
You are deploying systems you cannot monitor, cannot control, and cannot undo. That is not an AI strategy, that is an unmanaged liability.
What is the shadow AI economy doing to your security perimeter?
Employees are not waiting for IT approval. They are deploying their own AI agents, connecting them to company data, and creating invisible attack surfaces that security teams do not know exist.
A Harvard Business Review study found that hidden demand for AI inside companies is far outstripping what leadership has sanctioned, creating a parallel infrastructure of ungoverned, unsecured autonomous systems running quietly alongside the official stack.
This is the shadow AI economy. It thrives on secrecy. If your staff are afraid to tell you they are using ChatGPT to draft client emails or Claude to analyse financial data, you have already lost control of your security perimeter. The usage is not the problem, the invisibility is.
How are regulators responding?
Regulators are moving faster than most businesses realise. In Singapore, the Monetary Authority launched its Phase 2 MAS AI Risk Management Toolkit, developed specifically with 24 financial institutions to address the governance of traditional, generative, and agentic AI.
In Australia, KPMG's latest research shows that while 95 percent of businesses have an AI strategy, only 8 percent of those using AI agents have any form of centralised orchestration. The UK government issued an emergency open letter to all business leaders warning that frontier AI capabilities are now doubling every four months and that businesses must urgently review their cyber defences.
The regulatory pressure is real and accelerating. Businesses treating AI governance as a compliance afterthought will find themselves caught between agents causing incidents and regulators who expected controls to already be in place.
What does the Anthropic Mythos situation tell us about the trajectory?
The World Economic Forum's analysis of the Anthropic Mythos situation delivers one of the most sobering conclusions in the entire space: we are entering an era where AI systems can find vulnerabilities faster than any human team can patch them. Ninety-nine percent of the flaws discovered by Mythos remain unpatched.
The defensive opportunity is enormous for businesses that get ahead of this curve, but the window is closing rapidly.
The companies that build security into their AI strategy from day one will be the ones that survive. The ones that bolt it on as an afterthought will be the ones making headlines for all the wrong reasons.
What to do this week
Four concrete steps, in order of urgency:
1. Audit every AI agent on your network. Map what is running, what data it touches, who deployed it, and why. If you cannot answer those questions, you are already exposed. Build a centralised registry tracking purpose, permissions, and lifecycle status for every agent, including ones you did not officially sanction.
2. Apply the principle of least privilege. Every agent should only have access to the data and systems it absolutely needs to perform its specific function. Nothing more. Revoke any permissions that cannot be justified with a clear business reason today.
3. Build a formal decommissioning process. When a project ends, the agent must end with it, credentials revoked, access removed, agent permanently shut down. Only 20 percent of organisations have this process. Be one of them before you become a statistic.
4. Bring shadow AI into the open. Create an environment where employees feel safe declaring the AI tools they are using rather than hiding them. The risk is not in the usage, it is in the invisibility. Govern it properly, channel it into secure and sanctioned workflows, and you turn your biggest unknown liability into a visible, manageable asset.
The two-thirds of businesses already hit by their own agents learned these lessons under pressure. You do not have to.
Where to from here
Book a free 60-minute AI audit, we'll explore exactly what workflows are worth augmenting with AI.
Live with passion & AI,
Brett
Want this installed in your business?
Bespoke AI implementation across your operations: strategy, build, rollout, and ongoing drift maintenance.
Frequently asked questions
How many businesses have experienced a cybersecurity incident caused by their own AI agents?
+
According to the Cloud Security Alliance report "Autonomous but Not Controlled, " 65 percent of organisations have suffered at least one AI agent-related security incident in the past twelve months.
What is the most common consequence of an AI agent security incident?
+
Data exposure is the most common consequence, reported by 61 percent of organisations that experienced an incident. Operational disruption (43%) and unintended business process actions (41%) follow closely behind.
What percentage of organisations have a formal process for decommissioning AI agents?
+
Only 20 percent of organisations have formal decommissioning processes for their AI agents, according to the Cloud Security Alliance. The remainder leave agents running indefinitely, retaining credentials and access permissions long after they are needed.
What is shadow AI and why does it create security risks?
+
Shadow AI refers to AI tools and agents deployed by employees without IT oversight or authorisation. A Harvard Business Review study found that hidden AI demand inside companies far outstrips what leadership has sanctioned, creating a parallel infrastructure of ungoverned, unsecured autonomous systems that security teams cannot see or control.
How much does an AI-related data breach cost on average?
+
According to IBM, the average cost of a data breach in 2025 reached $4.88 million globally, with breaches involving AI tools or AI-generated attacks trending significantly higher than that figure.
Can organisations roll back actions taken by a rogue AI agent?
+
No, 88 percent of organisations cannot roll back agent actions once they have been executed, according to Rubrik Zero Labs. This makes proactive AI agent governance a critical priority before incidents occur, not after.
How are regulators responding to AI agent security risks?
+
Singapore's Monetary Authority launched its Phase 2 MAS AI Risk Management Toolkit with 24 financial institutions. The UK government issued an emergency open letter warning that frontier AI capabilities are doubling every four months and urging all businesses to urgently review their cyber defences.
Brett is a four-time founder (Darra Tyres, Gladfish, EzyTrac, Anaboo) and the operator behind AIOS, Anaboo's AI Operating System. He writes from inside the build, installing AI in his own businesses first and reporting back what actually moves the numbers. Based between Singapore, the UK and Australia.
