CSA Survey — 82% of Enterprises Have Unknown AI Agents in Their Environments

AI relevance: The Cloud Security Alliance's latest survey quantifies the shadow AI agent problem — undiscovered agents retaining stale permissions create a persistent, growing attack surface that traditional IAM controls are not designed to manage.

• 82% of enterprises have unknown AI agents running in their IT infrastructure, and 41% of respondents discovered previously unknown agents multiple times in the past year.
• 65% of organizations experienced at least one AI agent-related incident in the past 12 months — with 61% reporting data exposure, 43% operational disruption, and 35% financial losses.
• Shadow agents proliferate primarily in internal automation/scripting (51%), LLM platforms with custom tools and plugins (47%), and SaaS tools with built-in automation (40%).
• Only 21% of respondents have formal AI agent decommissioning processes — agents linger past their intended use, retaining permissions and credentials that create what the report calls “retirement debt.”
• Despite 68% of organizations claiming strong visibility into their AI agents, the 82% unknown-agent rate reveals a significant perception gap between assumed and actual coverage.
• Governance models are emerging: 63% govern agent behavior by action risk, 53% require human authorization, and 79% expect context-aware controls to be important within two years.
• Only 11% of organizations will automatically block an agent action that exceeds its scope — most (38%) require human approval, creating a window for damage.
• The survey covered 418 IT and security professionals across various organization sizes and locations, conducted in January 2026 and commissioned by Token Security.

Why it matters

AI agents are a fundamentally new class of identity — they authenticate, hold credentials, call APIs, and act autonomously. Unlike human users or service accounts, agents can spawn sub-agents, install plugins, and integrate with MCP servers, each expanding the permission surface. When organizations don't even know which agents exist in their environment, least-privilege controls become impossible to enforce. The combination of shadow deployment, absent decommissioning, and stale permissions means every undiscovered agent is a potential lateral-movement vector.

What to do

• Inventory all AI agents across your environment — include internal scripts, LLM platforms, SaaS automations, and developer workflows. Treat “unknown agents” as a continuous discovery problem, not a one-time audit.
• Implement agent lifecycle management: formal provisioning, scoping, monitoring, and decommissioning procedures. Every agent should have a defined purpose, expiry, and revocation path.
• Adopt intent-based identity controls — scope each agent to its specific purpose and continuously validate that its actions remain within that boundary.
• Prioritize automatic blocking for scope-exceeding actions rather than relying on human approval chains that introduce dangerous latency.