Most Organizations Use AI Agents for Sensitive Security Tasks

Most Organizations Use AI Agents for Sensitive Security Tasks

https://www.infosecurity-magazine.com/news/most-organizations-ai-agents/

Publish Date: 2026-05-14 05:20:00

Source Domain: www.infosecurity-magazine.com

The majority (93%) of global organizations use or plan to use AI agents for security tasks such as password resets and VPN access despite the potential for serious breaches and data leaks, according to Semperis.

The security vendor polled 1100 organizations in the US, UK France, Germany, Spain, Italy, Singapore and Australia to produce its State of Identity Security in the AI Era study.

As well as using agents for sensitive security work, or planning to within 12 months, the majority (92%) of respondents admitted AI is installed on at least some local machines with access to SSH and encryption keys, further exposing them to security risk.

At the same time, 74% agreed that AI will increase attacks on identity infrastructure.

Read more on identity threats: Hackers Exploit Compromised Enterprise Identities at Industrial Scale, Warns SentinelOne.

Despite exposing their organization to AI-shaped risks, only a third (32%) of respondents said they were “very confident” that they could regain control after an AI-driven credential exposure.

“What is striking about the study is not just how quickly AI is being integrated into identity systems but how unprepared many organizations are to recover when things go wrong,” said Grace Cassy, partner at cybersecurity venture capital firm Ten Eleven Ventures.

“Introducing AI at the identity layer offers operational advantages, but it must be accompanied by guardrails, observability and recovery readiness. It is a new dimension of an old question, really: are you resilient enough to respond in the event of critical disruption?”

Too Many Agents, Too Many Permissions

An explosion in non-human identities (NHIs) including AI agents is complicating the task of identity governance for security teams.

The challenge is that their proliferation means plenty of abandoned “zombie” agents and shadow NHIs which threat actors could hijack. It doesn’t help that many are over-permissioned as they’re granted the same…

Source