SailPoint Research Highlights Rapid AI Agent Adoption, Driving Urgent Need for Evolved Security
Key findings:
-
96% of tech professionals view AI agents as a growing security risk, yet98% of organizations plan to expand adoption - AI agents are viewed as a greater security risk than traditional machine identities
- Lack of governance and visibility over AI agents is putting sensitive enterprise data at risk
- Experts urge AI agents be managed like human identities, with clear access controls and accountability
According to the report,
The terms “AI agent” or “agentic AI” broadly encompass autonomous systems that perceive, make decisions, and take action to achieve specific goals within an environment. These agents often require several different machine identities to access needed data, applications and services, and they introduce additional complexities like self-modification and the potential to generate sub-agents. Notably,
-
AI agents’ ability to access privileged data (
60% ) -
Their potential to perform unintended actions (
58% ) -
Sharing privileged data (
57% ) -
Making decisions based on inaccurate or unverified data (
55% ) -
Accessing and sharing inappropriate information (
54% )
“Agentic AI is both a powerful force for innovation and a potential risk,” said Chandra Gnanasambandam, EVP of Product and CTO at SailPoint. “These autonomous agents are transforming how work gets done, but they also introduce a new attack surface. They often operate with broad access to sensitive systems and data, yet have limited oversight. That combination of high privilege and low visibility creates a prime target for attackers. As organizations expand their use of AI agents, they must take an identity-first approach to ensure these agents are governed as strictly as human users, with real-time permissions, least privilege and full visibility into their actions.”
Today, AI agents have access to customer information, financial data, intellectual property, legal documents, supply chain transactions, and other highly sensitive data. Yet respondents reported deep concerns over the ability to control the data AI agents can access and share, with an overwhelming
-
Accessing unauthorized systems or resources (
39% ) -
Accessing or sharing sensitive or inappropriate data (
31% and33% ) -
Downloading sensitive content (
32% )
AI agents are not just part of systems; they are a distinct identity type. With nearly universal plans (
Read the full ‘AI agents: The new attack surface. A global survey of security, IT professionals and executives’ report.
Methodology
IT professionals responsible for AI, security, identity management, compliance, and operations at enterprise companies representing all seniority levels were invited to participate in a survey on their company’s use of AI agents. A total of 353 qualified participants completed the survey, which was conducted by Dimensional Research, an independent third-party. All participants had enterprise security responsibilities. Participants were from 5 continents, providing a global perspective.
About SailPoint
At SailPoint, we believe enterprise security must start with identity at the foundation. Today’s enterprise runs on a diverse workforce of not just human but also digital identities—and securing them all is critical. Through the lens of identity, SailPoint empowers organizations to seamlessly manage and secure access to applications and data at speed and scale. Our unified, intelligent, and extensible platform delivers identity-first security, helping enterprises defend against dynamic threats while driving productivity and transformation. Trusted by many of the world’s most complex organizations, SailPoint secures the modern enterprise.
View source version on businesswire.com: https://www.businesswire.com/news/home/20250528829358/en/
Media Relations for SailPoint
Samantha Person
Senior Manager, PR & Corporate Communications
512-923-4053
Samantha.Person@SailPoint.com
Source: SailPoint, Inc.
