AvePoint: 88% of Organizations Report AI Agent Security Breaches as Visibility Gaps Triple

AI relevance: The largest enterprise survey of AI agent security posture to date confirms that agent deployment has massively outpaced governance — with data leakage and malicious input manipulation as the dominant failure modes.

Key Findings

  • AvePoint surveyed enterprise organizations for its 2026 State of AI report, finding 46.9% of employees now use AI agents weekly or daily
  • 88.4% of organizations experienced at least one AI agent-related security breach in the past 12 months
  • Most common incident types: data leakage (50.1%) and manipulation by malicious or untrusted inputs (49.6%)
  • AI visibility gaps have nearly tripled — from approximately 30% to 89.5% — signaling "systemic governance gaps rather than isolated failures"
  • Under 5% of organizations report no plans to adopt AI in development within a year, yet nearly half already run AI-generated code in production
  • The report covers both copilot-style assistants and autonomous agentic workflows connected to business systems

Why It Matters

This data validates what security teams have been observing anecdotally: agent adoption is outrunning security controls. The 50.1% data leakage figure aligns directly with the prompt injection and tool-poisoning attacks documented throughout 2026 — agents with access to business data (CRM, email, calendars) become exfiltration vectors when manipulated. The 49.6% "manipulation by malicious inputs" figure maps to indirect prompt injection, the attack class that OWASP placed at ASI01 in its December 2025 Agentic Top 10. The tripling of visibility gaps suggests most organizations cannot even inventory which agents have access to which data stores, let alone monitor their tool calls for anomalous behavior.

What To Do

  • Build an agent inventory: catalog which agents exist, which data sources they access, and which tools they can invoke
  • Implement DLP policies at the agent tool-call boundary — inspect outbound payloads for sensitive data before they leave the agent context
  • Treat agent tool descriptions as code: version, review, and audit metadata changes to third-party MCP servers and skill packages
  • Deploy runtime monitoring for agent execution traces — flag anomalous tool-call sequences, especially those involving data access followed by outbound network calls
  • Assign non-human identities to agents in your identity provider to enable per-agent access scoping and audit trails

Sources

  • AvePoint — State of AI 2026: Trust, Control, and the Rise of AI Agents
  • GlobeNewsWire — AvePoint Research Press Release
  • OWASP Top 10 for Agentic Applications (December 2025)