AI Agents
We've curated 114 cybersecurity statistics about AI agents to help you understand how automated systems are being used for threat detection and response in 2025, enhancing security practices while also introducing new vulnerabilities.
Showing 1-20 of 114 results
Roughly 80% of enterprises have deployed internal AI agents while two-thirds lack governance policies for those agents.
48% of organizations cite non-human identities (AI agents, APIs) as a top concern
67% of organizations using AI agents suspect those agents have already accessed data beyond their intended scope.
Only 7% of organizations believe their controls would prevent a compromised agent from operating.
93% of organizations already use or plan to use AI agents for sensitive security tasks such as password resets and VPN access.
Fewer than half of organizations report full visibility into where AI agent credentials are stored.
58% of cybersecurity leaders report that AI agents are already taking actions within organizational workflows.
91% believe they can rapidly contain compromised AI agents.
90% of respondents agree that AI agents should operate under least privilege principles, with bounded access and tighter controls.
99% of respondents say their organization already uses AI agents.
On average, 40% of AI agents and 40% of machine identities already have access to organizational data.
It takes an average of 14 hours to detect a compromised AI agent.
61% of organizations have revoked or rotated AI agent credentials due to suspected exposure.
Over the next 12 months, organizations expect AI agents to increase by 85% and machine identities to increase by 77%, compared to the 56% growth in human identities.
It takes nearly a week to contain and remediate a compromised AI agent.
Organizations spent more than $1 million on average in the past year responding to AI agent identity and security issues.
82% of enterprises have discovered previously unknown AI agents in the past year.
Nearly nine in ten IT and security leaders express concern about meeting recovery objectives as agent-driven threats increase.
Nearly half of IT and security leaders expect agentic systems to drive the majority of attacks in the coming year.
Only 21% of enterprises have formal decommissioning processes for AI agents.