More than half have already been hit

A recent review of 107 large enterprises, reported by VentureBeat, reveals a serious security gap in the way organisations manage AI agents. While agents are being granted real access to systems, data, and business processes, the control mechanisms are lagging behind at a pace that alarms security experts.

Fully 54 percent of the surveyed organisations report either a confirmed security incident or a dangerous near-miss directly linked to AI agents. Despite this, the most common practice is still to let agents share access credentials — making it extremely difficult to trace what happened if something goes wrong.

Agents have been handed power — without matching controls

AI agents differ fundamentally from traditional software applications. They make autonomous decisions, execute actions, and in many cases operate without ongoing human supervision. According to background analyses on AI-specific identity and access management (IAM), 80 percent of organisations have already seen AI agents perform actions outside their intended scope.

There is a critical distinction from traditional systems: a human user logs in, does something, and logs out. An AI agent can operate continuously, at machine speed, and coordinate with other agents — all without any human actively watching.

80 percent of organisations have experienced AI agents acting outside their intended scope
54% of enterprises hit by AI agent incidents — and still sharing passwords - Bilde 1

Security tools aren't built for the job

One of the most critical findings is that the security infrastructure most enterprises rely on was not developed specifically for AI agents. According to VentureBeat's review, the security tooling is drawn primarily from model vendors and major cloud providers — not tailored to the unique risks agents present.

Traditional role-based access control (RBAC) is too coarse-grained to handle the dynamic, context-dependent access that agents require. What is needed, according to practitioners, are solutions that grant agents short-lived, tightly scoped permissions — ideally through principles such as just-in-time access and zero standing privilege, where an agent never holds permanent rights but must request access anew for each operation.

Standards such as OAuth 2.0 token exchange and workload identity federation are technical tools that can establish a cryptographic chain of trust — ensuring that any action can always be traced back to an accountable human or organisation.

'Shadow AI' is an underestimated threat

One dimension that tends to be underestimated is what is known as "shadow AI": agents that employees set up themselves using no-code and low-code platforms, without informing the IT department. These agents may have access to sensitive business information and forward data without any explicit user action being recorded.

Bank BNY has already deployed 130 so-called "digital workers" managed by human employees — an example of large-scale agentic operations already underway, though enterprises vary widely in how mature their security frameworks around them are.

54%
Enterprises with a confirmed agent incident
80%
Agents that have acted outside their intended scope

Regulatory pressure is mounting

The EU AI Act, which entered into force in August 2025, imposes stricter accountability requirements on AI systems. This means that organisations operating in the EU can no longer ignore the question of who — or what — has actually done something in their systems. Auditability and traceability are no longer optional.

For Norwegian and Nordic enterprises that have deployed AI agents in CRM systems, ERP solutions, or customer service, this should serve as a clear warning: it is not enough to verify that the agent delivers results. You must also be able to document exactly what it has done, and with what level of access.

What should be done?

Security experts point to several clear minimum measures organisations should implement immediately:

  • Unique identity per agent: Each agent must have its own verifiable digital identity, linked to an accountable human or organisational unit
  • Scoped, short-lived access: Use JIT access rather than permanent privileges
  • Continuous monitoring: Logging and behavioural analytics to detect deviations from authorised use
  • Zero trust by default: No agent should be trusted automatically — continuous verification is required
  • Visibility over shadow AI: IT departments must have tools to discover agents set up outside official channels

The gap between agents' capabilities and organisations' actual control over them is not a hypothetical future problem. According to the figures VentureBeat presents, it is a problem that has already affected more than half of those who have adopted the technology.