AI Agents
We've curated 114 cybersecurity statistics about AI agents to help you understand how automated systems are being used for threat detection and response in 2025, enhancing security practices while also introducing new vulnerabilities.
Showing 1-20 of 114 results
Roughly 80% of enterprises have deployed internal AI agents while two-thirds lack governance policies for those agents.
48% of organizations cite non-human identities (AI agents, APIs) as a top concern
93% of organizations already use or plan to use AI agents for sensitive security tasks such as password resets and VPN access.
67% of organizations using AI agents suspect those agents have already accessed data beyond their intended scope.
61% of organizations have revoked or rotated AI agent credentials due to suspected exposure.
It takes an average of 14 hours to detect a compromised AI agent.
99% of respondents say their organization already uses AI agents.
On average, 40% of AI agents and 40% of machine identities already have access to organizational data.
90% of respondents agree that AI agents should operate under least privilege principles, with bounded access and tighter controls.
91% believe they can rapidly contain compromised AI agents.
58% of cybersecurity leaders report that AI agents are already taking actions within organizational workflows.
Fewer than half of organizations report full visibility into where AI agent credentials are stored.
Only 7% of organizations believe their controls would prevent a compromised agent from operating.
Organizations spent more than $1 million on average in the past year responding to AI agent identity and security issues.
It takes nearly a week to contain and remediate a compromised AI agent.
Over the next 12 months, organizations expect AI agents to increase by 85% and machine identities to increase by 77%, compared to the 56% growth in human identities.
More than 80% of IT and security leaders report AI agents require more manual oversight than they save in efficiency.
53% of enterprises operate AI agents autonomously for low-risk tasks while applying human review for higher-risk actions.
29% of enterprises prioritize risk management, 28% prioritize monitoring, and 19% prioritize permission control for AI agents.
41% of enterprises say discovery of unknown AI agents happened multiple times in the past year.