版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领
文档简介
AIagents:Thenewattacksurface
AglobalsurveyofsecurityandITprofessionalsandexecutives
Introduction
Thispaperpresentskeyfindingsfroma
globalprimaryresearchsurveyconductedbyindependentfirmDimensionalResearch.Throughthisresearch,SailPointaimedto
examinethecurrentuse,adoption,and
governanceofAIagents,withaparticular
focusonthedistinctriskstheiridentities
presentcomparedtothoseofhumanand
machineidentities.Itexploresissuessuch
asunintendedactions,gapsingovernance,andtheunderlyingcausesofAIagentrisk,aswellastheextenttowhichorganizationsareleveragingidentitysecuritytoolstoprovisionandmanagetheseidentities.
AIagents:Thenewattacksurface
3
Executivesummary
Researchshowsaconcerning82%ofcompaniesnowutilizeAIagents,withoverhalf
reportingtheseagentsaccesssensitivedatadaily.Alarmingly,80%oforganizationshaveexperiencedunintendedactionsfromtheirAIagents,includinginappropriatedatasharingandunauthorizedsystemaccess.SomeAIagentshaveevenbeencoercedintorevealingaccesscredentials.
Thislackofcontrolhasled96%oftechnologyprofessionalstoidentifyAIagentsasa
growingsecuritythreat—66%believethisriskisimmediate,while30%seeitemerginginthenearfuture.TheprimaryconcernsincludeinadequatedataaccessanddatasharingcontrolsandunpredictableAIagentbehaviors.Theseagentshandlediversesensitive
informationincludingcustomerdata,financialrecords,intellectualproperty,legaldocuments,andsupplychaintransactions.
96%
82%
ofcompaniesutilizeAIagents
oftechnology
professionalsidentifyAIagentsasathreat
44%
haveimplemented
AIagentgovernance
policies
While92%ofrespondentsrecognizeAIagentgovernanceascrucialtoenterprisesecurity,only44%haveimplementedrelevantpolicies.
Although71%ofITdepartmentsclaimawarenessofAIagentdataaccess,thisknowledgeextends
tocompliance,legal,orexecutiveteamsinlessthanhalfofthe
surveyedcompanies.
ThosesurveyedindicatedthatAIagentsposeagreaterriskthanbothmachineandhumanidentities.Unliketraditionalidentities,AIagentsoftenrequirebroaderprivilegesacross
moresystems,data,andservices.Theyarealsomoredifficulttogovern,withrapidaccesstypicallyprovisioneddirectlywithinIT.Despitetheseconcerns,justover60%ofcompaniesemployidentitysecuritysolutionstomanageaccess.With98%oforganizationsplanningtodeploynewAIagentswithintheyear,dataexposurerisksareescalatingrapidly.
ThebusinessvalueofAIagentsisundisputed,butthepotentialconsequences
ofcompromisedsensitivedatacouldbedevastating.Companiesurgentlyneed
comprehensivesolutionstogovernaccesspermissionsandmonitorandcontrolwhichsystemsanddataAIagentsareaccessing.
AIagents:Thenewattacksurface
4
Keyfindings
Thingsofnote:Inthesurveytheterm“AIagents”(alsoknownasAgenticAI)wasdefinedas
autonomoussystemsthatperceive,makedecisions,andtakeactiontoachievespecificgoalswithinanenvironment.AIagentsorAgenticAIoftenrequireseveraldifferentmachineidentitiestoaccessneededdata,applicationsandservices.
AIagentuseisalreadypervasivebutunintendedactionsareexposingsensitivedata
•82%ofcompaniesarealreadyusingAIagents
•53%acknowledgeAIagentsareaccessingsensitiveinformation
•80%revealAIagentshaveperformedunintendedactionsofaccessingandsharinginappropriatedata
Growingsecurityriskdrivenbydiversedataaccessandlackofgovernanceandauditability
•66%stateAIagentsareagrowingsecurityrisk
•NumerousdatacontrolissuesaredrivingAIagentsecurityrisk
•NumerousteamsalreadyusingAIagents
•92%stategoverningAIagentsisparamounttoenterprisesecurity
•Only44%currentlyhaveanygovernancepoliciesinplaceforAIagents
AIagentsleadidentityriskswithbroaderaccessandtruncatedvisibilityandapprovalprocesses
•72%stateAIagentsposeagreaterriskthanmachineidentities
•64%confirmthatAIagentsrequiremultipleidentitiestoaccessnecessarydata,applications,andsystems
•AIagentsrequirebroaderprivilegesandarehardertogovern,withfasteraccessandlimitedapprovalprocesses
AIagents:Thenewattacksurface
5
Detailedfindings
AIagentswithaccesstosensitivedataareuseddailybymostcompanies
AIadoptionisnearlyaubiquitoustopictodayamongmostorganizations,alongwith
generativeAI,largelanguagemodels(LLM),andAI-basedanalytics.However,thisresearchfindsthattheuseofAIagents,alsoknownasAgenticAIhassurged,as82%ofcompaniesstatetheyareusingAIagentstoday.
IsyourcompanyusinganyapplicationsthatutilizeAIagents?
5%
Idon’tknow
13%No
82%
Yes
AIagents:Thenewattacksurface
6
AIagentstendtobegoal-basedwhereataskisgiventotheAIagentanditmustfindtheinformationandresourcestosatisfythatrequest.Assuch,technologyprofessionalssharedthatmorethanhalf(53%)ofAIagentsareaccessingsensitiveinformation.And58%ofthoseAIagentsareaccessingthatsensitiveinformationdaily.Thechartbelowalsorevealsthat10%don’tknowifAIagentsareaccessingsensitivedata,aconcerningandreoccurringfindingthroughoutthisreport.
Inyourexperience,willAIagentshaveaccessto
sensitivecompanyinformation?
10%
Idon’tknow
37%
No
53%
Yes
7
AIagentsaccessandshareinappropriateandsensitivedata
WhilemanystudieshavefocusedonthebenefitsofAI,thisresearchstudysoughtto
understandwhetherAIagentsareperformingactionsoutsidetheirintendedscope.Inthechartbelow,thekeytakeawayisonly20%ofcompaniesstatethattheirAIagentshaveNOTperformedunintendedactions,whichdeductivelymeans80%ofcompaniesare
experiencingAIagentsperformingunintendedactions.
Leadingthelistofunintendedactions,39%ofrespondentsreportedAIagentsaccessedunauthorizedsystems,while33%saidagentsaccessedinappropriateorsensitivedata.
Althoughthesebehaviorsmayreflectattemptstofulfillatask,thenextsetofactionsismoreconcerning:32%notedthatAIagentsenabledthedownloadofsensitivedata,and31%saidthedatawasinappropriatelyshared.Additionally,AIagentshaveaccessedtheinternetinsearchofinformation,introducingunverifieddataintotheiroutputs.Perhapsmostalarming,nearlyoneinfourcompanies(23%)reportedthatAIagentswerecoaxedintorevealing
accesscredentials—potentiallyopeningthedoorforcybercriminals.
Whattypeofactionshaveyourcompany’sAIagentsperformed
thatwerebeyonditsintendedscope?
Accessedunintendedsystems(applications,services,etc.)
39%
Accessedinappropriatedata(privileged,sensitive,financial,etc.)
33%
Allowedinappropriatedata(privilege,sensitive,financial,etc.)tobedownloaded
32%
Sharedinappropriatedata(privilege,sensitive,financial,etc.)
31%
Utilizedtheinternet
26%
Revealedaccesscredentials
23%
Orderedsomething(supplychain,gotphished,etc.)
16%
Other
4%
OurAIagentshaveneverperformedanunintendedaction
20%
AIagents:Thenewattacksurface
8
AIagentsareagrowingsecurityrisk
WithAgenticAIperformingunintendedactionsfor80%ofthecompanies,itisnotsurprisingthat96%stateAIagentsareagrowingsecurityrisk,with66%statingthatriskispresent
today.
Inyourexperience,areAIagentsagrowingsecurityrisk?
4%
No,andthiswon’t
changeinthefuture
30%
No,buttheywillbeinthefuture
66%
Yes
AIagents:Thenewattacksurface
9
AIagentspresentnumerousbusinessrisksanddatacontrolissues
ThesurveyalsoexploredthespecificfactorscontributingtoAIagentsasasecurityrisk.
Thetopsixconcernswerecloselyranked,withonlyasix-pointspread.Leadingthelistis
AIagents’abilitytoaccessprivilegeddata(60%),followedbytheirpotentialtoperform
unintendedactions(58%),asdetailedearlierinthisreport.Othermajorconcernsinclude
sharingprivilegeddata(57%),makingdecisionsbasedoninaccurateorunverifieddata
(55%),andbothaccessingandsharinginappropriateinformation(54%).Additionally,49%ofrespondentscitedtheriskofAIagentsgeneratinginaccurateoutputsforusers.Notably,38%reportedincidentsinvolvingthedisclosureofsecurityinformationtointernalbadactors,while29%citedexposuretoexternalthreats.Fromabusinessstandpoint,theserisksspan
compliancefailures,dataprivacybreaches,securityvulnerabilities,andthedisseminationofincorrectinformationtoemployees,partners,andcustomers.
Inyourexperience,whatmakesanAgenticAIasecurityrisk?
Accessesprivilegeddata
Unintendedactions(applicationfailures,alertstorms,etc.)
Sharingprivilegeddata
Makingdecisionsbasedoninaccuratedata(erroneous,incomplete,etc.)
Accessinginappropriatedata
Sharinginappropriatedata
Providinginaccuratedata(erroneous,incomplete,etc.)
Canbeusedbyaninternalbadactor
Canbehackedbyexternalentity
AIagentsarenotasecurityrisk
60%
58%
57%
55%
54%
54%
49%
38%
29%
1%
AIagents:Thenewattacksurface
10
AIagentshaveaccesstokeydataacrosstheenterprise
TobetterunderstandAIagentadoptionandtheintrinsicrisks,theresearchidentifiedwhichteamsarecurrentlyusingAI.Asexpected,ITleadsthewayat52%,followedbycustomer
service(46%),cybersecurity(44%),supportdesk(44%),andsoftwaredevelopment(39%).Notably,AIagentsarealsobeingutilizedbyproductmanagement(26%),sales(25%),
compliance(24%),aswellasmarketingandHR(bothat23%).ThisdatahighlightsnotonlythebreadthofenterpriseadoptionbutalsothewiderangeofsensitivebusinessdataandinformationAIagentsarenowaccessing.
Atyourcompany,whatteamsarecurrently
usingsolutionsthatutilizedAIagents?
52%
IT(nonsecurity)
CustomerService
46%
Cybersecurity
SupportDesk
SoftwareDevelopment
ProductManagement
44%
44%
39%
26%
Sales
25%
Compliance
Marketing
24%
23%
HumanResources
23%
SupplyChain
Legal
Manufacturing(line,QA,etc.)
15%
10%
7%
2%
2%
Other
OurAIagentsolutionsarenotdeplolyedyed
11
AIagentgovernancecriticaltoenterprisesecurity
GiventhebroadscopeofdataAIagentscanaccess,thepreviouslycitedrisks,andthefrequencyofunintendedactions,anoverwhelming92%oftechnologyprofessionals
indicatedthatgoverningAIagentsiscriticaltoenterprisesecurity.
Inyouropinion,isgoverningAIagentscriticaltoensuring
enterprisesecurity?
8%
No
92%
Yes
AIagents:Thenewattacksurface
12
Despitewidespreadrecognitionoftherisksamongthesurveyrespondents,only44%of
organizationscurrentlyhavegovernancepoliciesinplacetomanageAIagentsandthedatatheyaccessandshare.While53%areintheprocessofdevelopingsuchpolicies,therealityisthatmostremainexposedtoday.Notably,just3%ofrespondentsreportedhavingnoplanstoimplementAIagentgovernanceatall.
Doesyourcompanycurrentlyhavegovernancepolicies
specificallyforAIagents?
14%
Notcurrently,butwe
3%
No,andwehave
noplansto
expecttomorethan
6monthsfromnow
44%
Yes
39%
Notcurrently,butweexpecttooverthenext
6months
AIagents:Thenewattacksurface
13
Executives,compliance,legal:UninformedaboutdataAIagentsaccess
EffectivegovernanceofAIagentsbeginswithaclearunderstandingofthedatathey
can—andshould—access.Thisinformationmustbesharedwithteamsresponsiblefor
complianceanddataprotection.Asshowninthechartbelow,ITisthemostinformedteamregardingAIagentdataaccess,giventheirroleinimplementingthetechnology,managingconfigurations,andprovisioningcredentials.However,awarenessdropssignificantlyamongothercriticalstakeholders:compliance(47%),legal(39%),executives(34%),andother
departments—despitetheiressentialroleinidentifyingsensitivedata,safeguardingtheorganization,andminimizingrisk.
Whichteamshavebeenadvisedofallofthedatathat
AIagentshaveaccessto?
IT(security,operations,etc.)
Compliance
Legal
Executives
Softwaredevelopment
Customersupport
HR
Marketing
Sales
NooneteamisawareofallofthedataAgenticAIcanaccess
71%
47%
39%
34%
31%
20%
18%
16%
13%
7%
14
Thislackofvisibilityintodataaccesshasresultedinonly52%ofcompaniesreportingthattheycantrackandauditalldatausedorsharedbyAIagents.Consequently,nearlyhalfoforganizationsremainunawareofwhatdataisbeingaccessedorexposed—oftenputtingthematriskofviolatingdataprotectionregulations.
Isyourcompanyabletotrackandauditevery
pieceofdataanAIagentaccesses?
14%
Idon’tknow
34%
No
52%
Yes
15
AccessgovernancecriticallyimportanttomanageAIagentrisk
ThelackofcontrolandvisibilityoverthedataAIagentsaccessandshare,asoutlinedin
theprecedingsections,appearstohavepromptedthe62%ofrespondentsinthechart
belowtoidentifyaccessgovernanceformanagingriskofAIagentsascriticallyimportant.Notably,norespondentsselected“lowimportance”or“notatallimportant,”resultingin
unanimousagreement—100%ofparticipantsviewAIagentaccessgovernanceasessentialtomanagingassociatedrisks.
Inyourexperience,howimportantisaccessgovernancefor
managingtherisksofAIagents?
62%23%15%
0
20
406080100
Extremelyimportant
SomewhatimportantImportant
AIagents:Thenewattacksurface
16
AIagentidentitiescreatemoreriskthanmachineandhumanidentities
IThaslongfaceddataandgovernancechallengeswithapplicationsandservicesthat
accessandshareinformation—typicallymanagedthroughmachineidentities.However,
72%oftechnologyprofessionalsnowbelieveAIagentspresentagreaterrisktothebusinessthantraditionalmachineidentities.
Inyouropinion,doAIagentspresentagreaterrisk
thanothermachineidentities?
28%
No
72%
Yes
AIagents:Thenewattacksurface
17
Asshowninthechartbelow,90%ofparticipantsindicatedthatAIagentidentitiesdiffer
significantlyfromhumanidentities.TobetterunderstandtheuniquerisksAIagentspose
attheidentitylevel,respondentswereaskedhowtheseagentscomparetowhathas
traditionallybeenviewedasthehighest-riskidentity:humans.Thetopconcerncitedwas
thatAIagentsoftenhavebroaderaccesstoapplicationsanddata(54%)thantypical
humanusers.Additionally,40%notedthatAIagentsaremoredifficulttogovern—likelyduetolimitedvisibilityandtheirpotentialforunpredictableactions.Whilehumanidentities
typicallyundergostructuredaccessapprovalsinvolvingmanagersorexecutives,AIagentaccessisoftenprovisionedsolelybyIT(35%)andapprovedmorequickly(34%).Asa
result,ITmaylackfullawarenessofthespecifictypesofdatabeingaccessed—suchas
customerinformation,intellectualproperty,oremployeerecords—makingitdifficulttoapplyappropriatecomplianceorsensitivitycontrols.
HowareAIagentidentitiesdifferentfromhumanidentities?
AIagentsoftenrequireaccesstomoresystemsanddata
AIagentsarehardertogovern
AIagentsaccessdoesn’trequireapprovalfromteamsoutsideIT(marketing,HR,etc.)
AIagentsaregivenaccessfaster(fewer
steps,etc.)
AIagentshavefewercompliancerequirements(governance,reporting,etc.)
Other
AIagentsidentitiesarenotdifferentfromhumanidentities
54%
40%
35%
34%
23%
3%
10%
AIagents:Thenewattacksurface
18
AIagentsutilizemultipleidentitiestoaccessneededinformation
ToexplorewhyAIagentsmaybemoredifficulttogovern,participantswereaskedwhetheratypical
AIagentrequiresmultipleidentitiestoaccessthesystems,applications,anddataitneeds.Sixty-four
percentconfirmedthatAIagentsoftenrelyonseveralaccessidentities,complicatingeffortstotrack
andcorrelatedatausageandsharing.Despitethiscomplexity,only62%oforganizationsreportedusinganidentitysecuritysolutiontomanageAIagentsandtheirmultipleidentities.
Atyourcompany,doAIagents
requiremultipleidentitiestoaccess
necessarysystems,applications,
anddata?
Atyourcompany,isaccessforAI
agentsprovisionedandgoverned
byidentitysecuritysolutions?
31%
No,AIagentstypicallyrequireasingle
accessidentity
5%
Idon’tknow
35%
No,ourcurrentidentity
securitysolutiondoes
notmanageaccessfor
AIagents
64%
Yes,AIagentstypically
requiremultipleaccess
identities
3%
Wedon’thaveanidentity
securitysolution
62%
Yes,ourcurrentidentity
solutionmanagesaccess
forAIagents
AIagents:Thenewattacksurface
19
AIagentsonarapidenterprise-widerolloutplan
GiventhewidespreadadoptionofAIagentsacrossteamsandgrowingawarenessoftheassociatedrisks,theresearchaimedtodeterminewhetherorganizationsarepausing
deploymentstostrengthensecurityandidentitycontrolsfortheirAIagents.Thefindingssuggestotherwise—anoverwhelming98%ofcompaniesplantoexpandtheiruseofAIagent–drivensolutionswithinthenext12months,spanningnearlyeveryteamacross
theenterprise.WhileAIholdsthepromiseofgreatervalue,italsosignificantlyamplifiesexposureandrisk.
Overthenext12months,whichteamswilldeploynew
solutionsthatutilizeAIagents?
Cybersecurity38%
SupportDesk38%
SoftwareDevelopment36%
CustomerService34%
IT(nonsecurity)30%
Humanresources28%
Compliance26%
ProductManagement25%
Marketing24%
Sales22%
Legal17%
SupplyChain17%
M(,ft,rg)16%
neortt2%
AIagents:Thenewattacksurface
20
Conclusion
AIagentshaverapidlybecomeintegralacrossorganizations,with98%ofcompanies
planningtoexpandtheirAIagentdeploymentsinthenextyear.Thiswidespreadadoptionpromisesefficiencyandinnovationastheseagentsaccessandprocessdatathroughouttheenterprise.
However,thisprogresscomeswithsignificantrisk—80%oforganizationsreporttheirAI
agentshavealreadyperformedunauthorizedactions,includingaccessingandsharing
sensitiveinformation.Beyondregulatorycomplianceissues,thiscreatesvulnerabilities
affectingemployees,partners,andcustomerswhomayreceiveinaccurateinformationor,moredangerously,exposeaccesscredentialstomaliciousactors.
Thisrealityexplainswhyanoverwhelming96%ofrespondentsidentifyAIagentsasan
escalatingsecuritythreat.WhileestablishinggovernanceoverAIagentaccessiswidelyrecognizedasessential,fewerthanhalfofsurveyedcompanieshaveimplemented
anygovernancepolicies.MostorganizationsfailtotrackorauditthedataAIagents
access,leavinglegalteams,complianceofficers,andexecutiveswithoutvisibilityintotheinformationthesesystemscanreach.
Thesecuritychallengeismagni
温馨提示
- 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
- 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
- 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
- 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
- 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
- 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
- 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。
最新文档
- 2026下半年教师资格《中学综合素质》真题及答案完整版
- 2026年淄博市沂源县教师招聘笔试真题及答案
- 2026年云南公开遴选公务员考试(法治建设类)综合能力测试题及答案
- 公关服务公司客户品牌档案管理制度
- 2026年下半年教师资格证考试《综合素质》(小学)真题及详细答案
- 2026年国企保密员(涉密项目)保密技能考核试题及答案(全优)
- 2026年第2期广西住房城乡建设领域施工现场专业人员岗位资格培训考试(土建质量员)试题解析及核心考点
- 2025年注册测绘师考试测绘综合能力题库及答案(荆门)
- 2025年中级经济师工商管理实务模拟卷(含答案)
- 2025年唐山住房和城乡建设领域现场专业人员培训考试(设备安装施工员专业基础知识)题库及答案
- 2026江苏徐州市新盛集团下属城商集团招聘12人笔试备考试题及答案详解
- ICU患者突发呼吸衰竭应急预案演练脚本
- 山东科技大学2026年综合评价招生《笔试+面试》模拟试题及参考答案
- 2025年《材料加工和成型工艺》考试复习题(含答案)
- 2025年江苏省扬州市八年级地生会考真题试卷+答案
- 2026年世界环境日环保知识线上挑战赛题库
- 2025中远海运集装箱运输有限公司所属公司招聘4人笔试历年参考题库附带答案详解
- 小学党支部书记思政第一课教学设计:听党话跟党走做新时代好少年
- 耳部全息铜砭刮痧法
- 住宅小区年度物业服务满意度调查表
- 食品运输车辆管理制度
评论
0/150
提交评论