VFF - The signal in the noise
News

69% of Enterprises Deploy AI Agents With Shared Credentials

Read original
Share
69% of Enterprises Deploy AI Agents With Shared Credentials

VentureBeat research of 107 enterprises found that 69% run AI agents with shared API keys, a critical security gap where a single compromised agent gains access to all permissions tied to that credential. The finding has triggered a $22 billion acquisition spree by Palo Alto Networks, CrowdStrike, and Cisco targeting non-human identity management. Only 32% of enterprises give each AI agent its own scoped identity, leaving the majority exposed to lateral movement and forensic blind spots.

  • 69% of enterprises deploy AI agents with shared credentials, exposing multiple workflows to single-point compromise
  • Only 32% of enterprises assign scoped, managed identities to individual AI agents
  • 54% of respondents have experienced an agent security incident or near-incident, with 18% confirming actual breaches
  • Palo Alto Networks, CrowdStrike, and Cisco have invested over $22 billion in acquisitions targeting non-human identity and runtime authorization layers

Shared API keys create a compounding risk where compromising one AI agent immediately grants attackers the accumulated permissions of every workflow using that credential. This eliminates forensic visibility into which agent performed which action, making incident response and attribution nearly impossible. The scale of the problem, affecting nearly 7 in 10 enterprises, indicates a fundamental gap in how organizations are deploying autonomous systems.

Security teams are currently catching most credential-sharing incidents at the last control point, but the margin is thin. Organizations without scoped identities for agents face higher breach risk, potential compliance violations, and operational blind spots that could delay incident detection and response. The acquisition activity signals that vendors view this as a critical market gap, likely to drive security spending and tool consolidation.

  • Credential sharing converts a single compromised agent into a multi-agent attack vector, amplifying blast radius and attacker reach across workflows
  • Lack of individual agent identities prevents security teams from determining which agent performed which action, breaking forensic chains and complicating breach investigations
  • The 69% figure suggests most enterprises are still in early stages of agent deployment and have not yet implemented identity and access controls designed for non-human actors

Monitor whether the recent acquisitions by Palo Alto Networks, CrowdStrike, and Cisco result in integrated products that enterprises actually adopt for agent identity management. Track whether incident rates among the 54% of respondents who have experienced agent security events increase or stabilize as more agents are deployed. Watch for emerging standards or frameworks around scoped identities for AI agents, as the current 32% adoption rate suggests the market is still defining best practices.

Share

Subscribe to the newsletter

The latest stories and analysis, delivered to your inbox.

Free. No spam. Unsubscribe any time.

Related stories

Meta's Muse Image Uses Public Instagram Photos Without Consent
TrendingNews

Meta's Muse Image Uses Public Instagram Photos Without Consent

Meta's Muse Image tool allows users to generate AI images by tagging public Instagram accounts, effectively using those accounts' photos as training material without explicit consent. Any Instagram user with a public profile can have their images incorporated into AI-generated creations by other users. The feature raises questions about image rights, consent, and Meta's approach to AI training data sourcing.

by Lauren Forristal· TechCrunch AI
OpenAI launches GPT-5.6 with cybersecurity focus
TrendingNews

OpenAI launches GPT-5.6 with cybersecurity focus

OpenAI has launched a new family of models anchored by GPT-5.6, which the company says delivers improvements across multiple areas including cybersecurity capabilities. The announcement marks the latest iteration in OpenAI's model development roadmap.

by Lucas Ropek· TechCrunch AI
Google Deepfake Detector Debunks McConnell Hospital Hoax

Google Deepfake Detector Debunks McConnell Hospital Hoax

A fabricated image purporting to show Senator Mitch McConnell in distress in a hospital bed circulated online this week before being identified as AI-generated. Google's deepfake detection system was used to debunk the hoax. The incident underscores both the growing prevalence of synthetic media and the potential utility of detection tools in combating misinformation.

by Russell Brandom· TechCrunch AI
HubSpot Reverses AI Data Plan After Customer Revolt

HubSpot Reverses AI Data Plan After Customer Revolt

HubSpot announced on July 1 that it would use customer data stored in its CRM platform to power a new AI-powered lead discovery feature, collecting data by default and sharing it with other customers unless they opted out. The decision triggered significant customer backlash, and HubSpot reversed course four days later. The episode illustrates how sensitive businesses are to data use for AI purposes and demonstrates the leverage large customers now hold over traditional software vendors.

by Kevin McLaughlin· The Information