35% of enterprises report financial losses from AI agent-related incidents.

68% of enterprises report high confidence in their visibility into AI agents.

82% of enterprises have discovered previously unknown AI agents in the past year.

40% of unknown AI agents emerge in developer-created workflows.

24% of enterprises rely on human-in-the-loop models for most AI agent tasks.

11% of enterprises automatically block actions when AI agents exceed their scope.

63% of enterprises use action risk as a primary signal for governing AI agent behavior.

66% of enterprises have clear guardrails for defining AI agent boundaries.

52% of IT and security leaders have doubts about whether their recovery plans cover agentic AI scenarios.

32% of AI/LLM findings are rated as high risk, nearly 2.7x the overall high-risk rate of 12%.

61% of security professionals want a "strategic pause" to calibrate defenses against AI-driven threats, up from 48% last year.

97% of security professionals state they are adding AI capabilities to their software and services.

In 2025, AI generated 82.6% of phishing content.

In 2025, nearly 50,000 new vulnerabilities were disclosed with an average CVSS score of 6.6.

In 2025, total ransomware payments fell 23%.

Two-thirds of CIOs say employee training on AI risk management is insufficient.

8% of enterprises say AI agents never exceed their intended permissions.

HIPAA (43%), the NIST AI Risk Management Framework (37%), and SOC 2 or ISO 27001 (34%) are the frameworks that most influence enterprises' AI agent governance.

Akira ransom demands averaged $1.2M, which is 50% higher than the non-Akira average.

Two-thirds of Akira attacks in 2025 occurred on nights or weekends.