TWO thirds of organisations have suffered a cybersecurity incident related to the deployment of AI agents in the last year, according to the Cloud Security Alliance research conducted with Token Security. The CSA paper notes that 68% of respondents claim to have high visibility of AI agents on their network, while 82% have discovered previously unknown agents in the past year, with internal automation environments and large language model platforms being the most common discovery points.
AI agent incidents have already affected core enterprise functions, with 65% of organisations experiencing at least one incident and consequences including data exposure (61%), operational disruption (43%), and unintended actions in business processes (41%). Financial losses were reported by 35% of organisations, and 31% faced delays in services.
The report highlights governance gaps around decommissioning AI agents and urges stronger end-of-life controls, with recommendations to maintain visibility, define agent purpose, apply lifecycle governance, evaluate actions by risk, align monitoring, and incorporate agents into enterprise risk models. According to Cloud Security Alliance, the research was published on 21 April 2026.