THE State of AI Cybersecurity 2026 finds that 92% of security professionals are concerned about the use of AI agents across the workforce and their security impact. The report notes that AI is already embedded in day-to-day enterprise activity, with 78% of participants in a recent survey reporting that their organisations are using generative AI in at least one business function, and autonomous agents performing multi-step workflows across departments.
It highlights that AI agents can operate with broad permissions across systems, creating new risks that security leaders must govern as identities, with least-privilege access and ongoing monitoring. The piece also points to ongoing gaps in policy, with just 37% of security leaders reporting a formal AI policy in their organisation, while 52% discuss AI policy.
Among broader threats, the post cites that in the US over 70% of incidents involved SaaS/M365 account compromise and phishing or email-based social engineering, underscoring credential abuse as a key initial access vector, and notes a continued emphasis on monitoring prompts and securing AI agent identities. According to Gartner, more than 80% of enterprises will have deployed GenAI models or APIs by the end of this year, up from 2023, illustrating the rapid uptake driving the need for secure AI at scale.