Skip to main content
Springvanta
All posts
AI Security & GovernanceMay 18, 2026 · 5 min read

95% of Enterprises Won't Scale AI Agents. Security Hasn't Caught Up.

Three May 2026 surveys converge on the same finding: AI agents are running in enterprise production systems while security governance trails far behind.

By SpringVanta

AI agents are running inside enterprise production systems right now. Most of them were not approved by security. Two-thirds of IT leaders suspect those agents have already accessed data they were not supposed to touch. And 95% of enterprises are holding back from scaling their agentic AI programs , not because the technology doesn't work, but because they cannot verify it's secure.

Those numbers come from three independent reports published within two weeks of each other in May 2026: the Akeyless State of AI Agent Identity Security (May 12), the AWS AI Security Framework (May 15), and the Jitterbit 2026 AI Automation Benchmark Report (May 6). Together they paint a clear picture: the bottleneck for enterprise AI has shifted from capability to accountability.

The numbers behind the governance gap

The Akeyless survey of 400 IT and security leaders across the US and UK found that 67% of organizations using AI agents suspect those agents have already accessed data beyond their intended scope. The average time to detect a compromised agent: 14 hours. Only 7% believe their existing controls would prevent a compromised agent from operating.

AI Agent Governance Gap: Adoption vs Control

The Gravitee State of AI Agent Security report (February 2026, surveying 919 executives and practitioners) confirmed the structural dimension of this problem: 80.9% of technical teams have moved past planning and are running agents in live environments, yet only 14.4% report that all their AI agents went live with full security and IT approval. Most agents still rely on shared API keys rather than independent identities.

Jitterbit's survey of 1,500+ global IT leaders added the demand-side perspective: 78% of AI projects now deliver measurable business value, but 95% of enterprises are holding back from scaling. The obstacle is not budget , only 15% cited cost as a constraint. The real blocker is security governance. Nearly half (47%) named "AI accountability" , auditability, guardrails, and enforcement , as the single most important factor when evaluating new AI tools.

What changed: agents act, they don't just answer

AWS's new AI Security Framework, published on May 15, frames the shift precisely. Traditional AI governance was built around model outputs: accuracy, bias, hallucination. Agentic AI breaks that model because agents don't just generate text , they call APIs, modify databases, trigger workflows, and coordinate with other agents. The governance question shifts from "is this output correct?" to "should this agent be allowed to do this, right now, with these consequences?"

AWS structures its framework around three use cases with cumulative security requirements:

  1. AI that answers , chatbots and summarizers with no external data connections. Security focus: identity, access control, encryption, content filtering.
  2. AI that connects : RAG systems that access enterprise data but don't take actions. Adds data classification, fine-grained access control, output validation.
  3. AI that acts , autonomous agents that process transactions, modify records, execute code. Adds agent identity, least-privilege authorization, human-in-the-loop controls, and behavioral monitoring.

The key principle: you're not adding security to AI. You're building AI on top of security. Organizations that skip foundational controls at the prototype phase spend significantly more time and money retrofitting them later , assuming they catch the gaps before an incident forces their hand.

The identity crisis at the center

The Akeyless data points to a specific structural failure: most AI agents operate with persistent credentials , static API keys and shared secrets embedded in workflows. More than four in five organizations say a single compromised credential could affect multiple major systems. Fewer than half report full visibility into where those credentials are stored.

This is the same pattern that enabled the Microsoft corporate email breach in January 2024, where a legacy OAuth application with raise rights and no MFA became the entry point for a state-sponsored attacker. Replace "legacy OAuth app" with "autonomous AI agent given a shared admin token to query Salesforce," and you have the same incident scaled across every enterprise running agents today.

AWS's framework addresses this head-on: every agent needs its own identity with scoped credentials , not a copy of an existing human user's identity. Agents should receive temporary, scoped credentials, not persistent access. Every request must be authenticated and authorized independently, and every action needs a traceable authorization chain.

The data readiness dimension

Security governance and data readiness are the same problem viewed from different angles. A Fivetran/Redpoint Ventures study published May 5 found that 60% of enterprises are investing millions in agentic AI, while only 15% have the data foundation to run it at scale. That 85/15 gap explains why so many pilot projects fail to reach production: agents hallucinate queries against datasets they shouldn't touch, propagate errors downstream, and consume corrupted data without recognizing the degradation.

The Precisely/Drexel 2026 State of Data Integrity report reinforced this: 71% of organizations with governance programs report high trust in their data, compared to 50% without. The organizations that outperformed were those that expanded existing data governance to include AI governance , not those that created separate AI governance programs or reduced data governance to focus on AI.

What this means for service businesses deploying AI

For organizations building AI-powered intake, voice agents, or automated lead qualification, the governance gap is not hypothetical. Every customer-facing AI system that accesses CRM data, processes personal information, or makes routing decisions is subject to the same risks documented in these reports.

Three concrete steps emerge from the data:

  1. Give every agent its own identity. Shared API keys are the single most common point of failure. Scope credentials to the minimum access required for each specific task and rotate them on short cycles.
  2. Build observability before capability. If you cannot see what your agents are doing in real time , every tool call, every data access, every action , you cannot detect a compromise until after the damage is done.
  3. Treat governance as an accelerator, not a brake. Organizations with proper AI governance deploy 12x more AI projects successfully, according to iEnable's analysis of enterprise deployment data. Governance is what makes scaling possible.

The regulatory clock is ticking

The EU AI Act becomes enforceable on August 2, 2026, with penalties reaching €35 million or 7% of global annual turnover. NIST launched its AI Agent Standards Initiative in February 2026, receiving 932 comments on its request for information , a clear signal that enforceable, agent-specific security standards are coming.

Enterprises that wait for regulations to tell them what to do will be retrofitting controls under time pressure and audit scrutiny. Those that build governance into their agent infrastructure now , identity, observability, authorization, and audit trails , will be the ones that scale when the enforcement window opens.

Sources:

Continue reading

← Previous

When AI Agents Need Their Own AI Agent: Fin Operator Changes the Game

Next →

Vertical AI Intake Gets Funded, Connected, and Shipped

Read more

Like this kind of writing?

One email when something good ships — usually once or twice a month.

SubscribeAll posts