92% of Security Professionals Are Worried About AI Agents. The Data Shows Why.
Traditional security models assume human actors making deliberate choices. An employee decides to share a file, send an email, or access a system, and security controls intercept, log, or block that action. AI agents break that assumption. They act continuously, autonomously, and often invisibly, executing sequences of actions that no individual human approved at each step.
The permissions problem is structural. Employees deploy agents using their own credentials, which means agents inherit access that was granted to a human for human-scale, human-reviewed work. That GitHub token was not provisioned for an agent that might clone repositories, read configuration files, and push changes in a single automated workflow. The cloud credentials were not granted with the expectation that an agent would query them 10,000 times per hour. A single misconfigured agent, or a single malicious interaction, can touch multiple systems at once.
There is also something worth sitting with in the cross-disciplinary character of AI security risk. A single malicious AI interaction can involve identity, cloud, application, data, and supply chain security simultaneously. No single security tool solves that. It requires a platform approach — one that enforces controls consistently across all channels through which sensitive data moves.
5 Key Takeaways
1. AI agent concern is near-unanimous — but the governance gap is widening.
The Darktrace State of AI Cybersecurity 2026 report found 92% of security professionals concerned about the enterprise security impact of AI agents — a near-consensus professional judgment. Yet only 37% of organizations have a formal AI policy, a figure that declined from the prior year. 52% are still in “discussion” mode. Security teams are worried about something they have not built AI governance for yet.
2. Agents inherit permissions they were never explicitly granted.
When employees deploy AI agents using their own credentials, agents inherit access to GitHub, cloud credentials, API tokens, and filesystem permissions — creating an attack surface that spans multiple systems at once. That access was designed for human-scale, human-reviewed work. Agents exercise it at machine scale, continuously, often without human review of individual actions. The blast radius of a compromised agent is proportional to the permissions it inherited.
3. Sensitive data exposure is the top specific concern at 61%.
56% flag data security and policy violations; 51% worry about tool misuse and abuse. Agents query databases, retrieve files, access email, and pull from API endpoints — all content that can be exfiltrated or retained in contexts the organization never intended. In regulated environments, the compliance implications apply even when the agent’s purpose is entirely benign: an agent that pulls PHI to generate a summary has processed PHI regardless of whether a human saw the output.
4. The policy gap compounds with every week of ungoverned deployment.
52% of organizations are in “discussion” mode while agents are being deployed, credentials are being inherited, and data is being accessed without governed boundaries. The Kiteworks 2026 Forecast found 63% of organizations cannot enforce purpose limitations on AI agents and 60% cannot terminate a misbehaving one. Policy declining year-over-year while deployment accelerates means the governance gap is getting worse, not better.
5. A governance policy that cannot be technically enforced is a liability.
A policy saying “AI agents should have minimum necessary access” does nothing unless a technical control enforces it at the system level. Zero-trust principles apply: access is granted explicitly, every interaction is logged, and no agent has access broader than its defined purpose. The enforcement layer — not the document — is what regulators and incident responders will examine.
You Trust Your Organization is Secure. But Can You Verify It?
What the Data Actually Shows About the AI Policy Gap
The policy gap in the Darktrace report is more alarming than the headline concern figure. 92% of professionals are worried, but only 37% of organizations have a formal AI policy — a figure that declined from the prior year. The majority know they face serious risk and have not built governance for it yet.
A formal AI policy is not compliance theater; it is the specification that makes enforcement possible. Without a defined policy, security teams cannot configure tools, set permissions boundaries, conduct access reviews, or respond coherently to incidents. They can express concern but cannot act on it systematically.
The 52% still in “discussion” mode face a compounding problem. Every week without a formal AI policy is a week during which agents are being deployed, credentials are being inherited, and data is being accessed without governed boundaries. The finding that policy adoption has declined from the prior year suggests the governance gap may be getting worse as adoption accelerates.
Sensitive Data Exposure Is the Lead Concern for a Reason
Of the specific concerns the report documents, sensitive data exposure ranks first at 61%. The most immediate harm from AI agent misuse or compromise is not a system outage — it is data leaving an organization’s control.
The problem compounds in regulated environments. An agent that pulls patient health records to generate a summary has processed PHI, regardless of whether a human ever saw the output. An agent that reads a contract to extract terms has accessed potentially privileged information. The compliance implications of AI agent data access are real, and they apply even when the agent’s purpose is entirely benign.
For organizations subject to HIPAA, CMMC 2.0, ITAR, or other regulatory frameworks, the compliance obligation does not pause when an AI agent is doing the work. A data breach traced to an AI agent operating outside governed boundaries carries the same regulatory consequences as a breach from any other cause.
Why Compliant AI Requires Infrastructure, Not Just Policy
The Darktrace report’s framing — that AI security requires a cross-disciplinary approach spanning identity, cloud, application, data, and supply chain security simultaneously — points toward a conclusion Kiteworks reaches from a different direction: this is an infrastructure problem, not a policy problem.
A policy that prohibits AI agents from accessing sensitive data without authorization is only as good as the technical controls that enforce it. Most enterprise environments today have AI agents operating across tools, systems, and data stores that were never designed to be governed as a unified system. The data layer — the actual content agents are reading, writing, and transmitting — often has no enforcement mechanism specific to AI agent access.
The Kiteworks Secure MCP Server creates a governed interface between AI agents and sensitive content. The AI Data Gateway extends the same governance to RAG pipelines and automated workflows. Every agent interaction is authenticated, evaluated against attribute-based access controls, and logged in a tamper-evident audit trail with FIPS 140-3 validated encryption. The Kiteworks Private Data Network extends this across email, file sharing, MFT, SFTP, web forms, and APIs — one policy engine, one consolidated audit log.
Practical Steps for Organizations Building AI Governance
First, audit existing agent deployments. Many organizations have AI agents in production that were deployed before governance frameworks existed. Auditing those deployments — what credentials they hold, what data they can access, what logging exists — is the starting point for understanding actual risk exposure. A new AI policy does nothing for risk that already exists.
Second, get a formal AI policy in place. Not a comprehensive document that takes months to finalize, but a working policy that defines what agents are permitted to access, under what conditions, and who is accountable for reviewing that access.
Third, implement technical controls that enforce the policy. Zero-trust data principles apply: access is granted explicitly, every interaction is logged, and no agent has access broader than its defined purpose. An AI governance policy that cannot be technically enforced is a liability.
Fourth, ensure employees understand they extend their own permissions when deploying an agent. The organization’s data privacy and governance policies apply to agent actions just as they apply to human actions. That is not yet a widely understood concept.
For regulated industries — healthcare, defense, financial services, government — the technical enforcement step is not optional. A data breach traced to an AI agent operating outside governed boundaries carries the same regulatory consequences as a breach from any other cause.
To learn more about protecting sensitive data in an organization increasingly adopting AI, schedule a custom demo today.
Frequently Asked Questions
92% of security professionals are concerned about AI agent enterprise security impact. 61% of security leaders cite sensitive data exposure as their primary worry; 56% flag data security and policy violations; 51% flag tool misuse and abuse. Only 37% of organizations have a formal AI policy — a figure that declined from the prior year — and more than half remain in “discussion” mode. Concern is near-universal. Governance is not.
Agents deployed using employee credentials inherit that employee’s GitHub tokens, cloud credentials, API access, and filesystem permissions — then operate at machine scale, continuously, without human review of individual actions. Access designed for human-scale work is exercised by an autonomous system without rate limits or oversight. The Secure MCP Server addresses this by providing scoped, governed access rather than inherited broad permissions.
A policy defines what agents are permitted to do but does not enforce it at the system level. As deployments scale, policy relying on human configuration and review processes will fail. The Darktrace finding that 52% of organizations are in “discussion” mode shows how policy intent stalls at the document level. Zero-trust principles require technical enforcement: always verify, always log, always enforce. The AI Data Gateway and audit logs provide that enforcement and evidence layer.
All of them. HIPAA, CMMC 2.0, ITAR, and other frameworks do not pause because an AI agent performed the work. An agent that pulls PHI to generate a summary has processed PHI with full compliance implications. Governed AI access with ABAC enforcement and tamper-evident audit trails is not optional for regulated industries — it is the same standard applied to human data access.
Three steps: audit existing agent deployments to understand actual credentials held and data accessible; get a working AI policy in place defining permitted access and accountability; implement technical controls enforcing that policy with explicit access grants, comprehensive logging, and purpose-limited agent scope. The Kiteworks AI Data Gateway is a practical entry point for organizations building that enforcement layer — particularly for regulated environments where technical enforcement is non-negotiable.
Additional Resources
- Blog Post
Zero‑Trust Strategies for Affordable AI Privacy Protection - Blog Post
How 77% of Organizations Are Failing at AI Data Security - eBook
AI Governance Gap: Why 91% of Small Companies Are Playing Russian Roulette with Data Security in 2025 - Blog Post
There’s No “–dangerously-skip-permissions” for Your Data - Blog Post
Regulators Are Done Asking Whether You Have an AI Policy. They Want Proof It Works.