Autonomous artificial intelligence has shifted from experimentation to everyday operations inside major enterprises far faster than security teams can adjust — with agentic AI creating a widening exposure that industry leaders say will define security priorities in 2026.
A new global report from Akto finds that organizations have rapidly embedded autonomous agents into business workflows that touch data, tools and customer-facing systems. These systems can now interpret information, make decisions and execute actions traditionally performed by human users. And often, they can do so without the governance normally required for new technology entering a production environment. Akto is a San Francisco-based cybersecurity company focused on securing agentic AI and MCP (Managed Compute Platform) environments.
It based its study on responses from hundreds of CISOs and security leaders across finance, telecom, health care, insurance, ecommerce and technology sectors. The findings offer the first quantitative look at how deeply agentic systems have penetrated enterprise operations:
- 38.6% of organizations have deployed AI agents at department or enterprise scale.
- 23.8% have agents in active pilots affecting real workflows.
- 31.7% are conducting hands-on experimentation.
- 70% overall are using agentic AI in some form.
How executives view security gaps from agentic AI
Even as agents proliferate, most leaders report they cannot fully see what the new systems are doing. Only 21% said they have complete visibility across agent behaviors, permissions, tool usage or data access. That’s a blind spot security executives call deeply concerning.
“Agentic AI is being adopted far faster than security teams can assess or secure the risks,” said Bala Thripura Akasam, an application security manager at Tapestry.
He and other respondents described an accelerating adoption curve led by development and product teams eager to automate tasks, while security teams race to catch up.
The divide is most evident in governance and oversight. Many organizations lack even a basic inventory of autonomous agents and the systems they can reach — a foundational requirement for enforcing identity, privilege and compliance boundaries. With deployments happening across multiple business units, untracked autonomy has become a multiplying risk factor, according to the report.
“AI agents didn’t enter the enterprise quietly; they arrived at full force in 2025,” said Ankita Gupta, Akto’s CEO and co-founder. “Developers have embraced agents as part of daily workflows, but security teams lack the tools and visibility to keep pace. That mismatch is now the biggest enterprise risk of 2026.”
Deploying guardrails for agentic AI
Although 65% of respondents view real-time enforcement — such as action-level guardrails — as critical, fewer than half have implemented it. Only 38% monitor agent decisions end-to-end, including when instructions chain across systems. One in five organizations acknowledge they have deployed agents with no guardrails or monitoring at all.
Executives say that posture is particularly risky because agentic AI changes the nature of enterprise security. In the model-driven era, protection focused on outputs. Now, security must understand and intervene in actions — preventing misuse, misinterpretation or malicious redirection before harm occurs.
The report signals a major pivot ahead. Enterprises expect the next year to bring stronger rules around how autonomy operates inside business systems. Anticipated changes include:
- Shared ownership between application security and platform engineering.
- Standardized permission boundaries.
- Mandatory action-logging for every agent invocation.
- Continuous red-teaming to uncover unsafe behavior.
- Risk classification tied to access scope and operational impact.
Throughout the survey, leaders repeated a consistent theme: autonomy must not outrun control. Its value depends on whether organizations can oversee and, when needed, override the decisions agents make.
As adoption continues to accelerate across business functions, the report warns that a fundamental shift has already happened. The security architecture required to protect autonomy is still being built.
Sign up
Sign up for a complimentary subscription to Digital Commerce 360 B2B News. It covers technology and business trends in the growing B2B ecommerce industry. Contact Mark Brohan, senior vice president of B2B and Market Research, at mark@digitalcommerce360.com. Follow him on Twitter @markbrohan. Follow us on LinkedIn, X (formerly Twitter), Facebook and YouTube.
Favorite