85% of Enterprises Are Deploying AI Agents. 5% Know How to Secure Them.
March 28, 2026
Cisco just dropped an open-source security framework for AI agents at RSA Conference on March 23. It includes an Agent Runtime SDK that embeds policy enforcement directly into agent workflows, a DefenseClaw toolkit with skills scanning, MCP scanning, and an AI Bill of Materials, and integration with AWS Bedrock AgentCore, Google Vertex Agent Builder, Azure AI Foundry, and LangChain.
That's not a product launch. That's an admission. The biggest networking company on the planet just told us that the way enterprises are deploying AI agents right now is fundamentally insecure.
And the numbers back it up.
The Gap Is Not Theoretical
According to Gravitee.io's State of AI Agent Security 2026 report, 81% of teams are past the planning phase on AI agents. But only 14.4% have full security approval for what they've built. Microsoft's security research says 80% of Fortune 500 companies are running active AI agents, with the average organization managing 37 deployed agents.
Thirty-seven agents. Running in production. And here's what their security posture looks like.
Only 21.9% of teams treat AI agents as independent, identity-bearing entities. That means nearly 80% of organizations are running autonomous systems that don't have their own identity in the security stack. They're ghosts. They operate under shared credentials, inherited permissions, or worse, no access controls at all.
45.6% rely on shared API keys for agent-to-agent authentication. 43% use shared or generic service accounts. Only 24.4% have full visibility into agent-to-agent communication. And 57.4% of builders say the primary obstacle is a lack of logging and audit trails.
Read that again. More than half of the people building these systems can't see what they're doing after deployment.
This Is Already Going Wrong
This isn't a hypothetical risk. Gravitee's report found 88% of organizations reported confirmed or suspected AI agent security incidents in the last year. In healthcare, that number is 92.7%.
The incidents are real. Moltbook, an agent platform acquired by Meta on March 10, had an unsecured database that allowed hijacking of any agent on the platform. Check Point Research disclosed remote code execution through poisoned repository config files in Claude Code. Antiy CERT confirmed 1,184 malicious skills across the ClawHub marketplace. Trend Micro found 492 MCP servers exposed to the internet with zero authentication.
And here's the disconnect that should worry every technology leader: 82% of executives believe their existing policies protect them from unauthorized agent actions. But only 21% have actual visibility into what those agents can access, what tools they call, or what data they touch.
That's not confidence. That's blindness.
What Production Actually Looks Like
Global AI Inc. announced on March 26 that they deployed an agentic platform with a major European insurer for automated invoice processing. The system runs on a scheduled basis with multiple daily processing cycles, handling full-cycle invoice workflows from ingestion to system integration. Full auditability of each processing run was a requirement, not an afterthought.
That's what production looks like in a regulated environment. Audit trails are table stakes. Identity is defined. Access is scoped. Every run is logged.
But most organizations aren't building like that. They're building agents on shared API keys with no logging, shipping them to production, and calling it innovation.
The Identity Problem Is the Whole Problem
Gartner identified AI agents as introducing new challenges to traditional identity and access management strategies. Their February 2026 cybersecurity trends report flagged issues with identity registration, credential automation, and policy-driven authorization for machine actors. If you don't solve the identity problem, Gartner says, you're creating access-related cybersecurity incidents.
This is the same problem we solved for humans 20 years ago with RBAC and least-privilege access. We know how to do this. We're just not doing it for agents because the deployment timeline is faster than the governance timeline.
Gartner also projected that over 40% of AI initiatives could be abandoned by 2027 if companies don't get governance fundamentals right. That's not a security warning. That's a business warning. You can't scale what you can't govern.
Here's What You Do Monday Morning
Inventory your agents. If you can't tell me how many AI agents are running in your environment right now, what they have access to, and who deployed them, you have a shadow AI problem. Microsoft's data says the average organization has 37. Start counting.
Give every agent an identity. Not a shared service account. Not a generic API key. A discrete, auditable identity with defined permissions. If it acts autonomously, it gets treated like an employee in your IAM system.
Build audit trails before you build features. If you can't log what an agent did, when it did it, what data it touched, and what tools it called, you don't have a production system. You have a liability.
Scope access by task, not by convenience. An agent that processes invoices doesn't need access to your HR database. Least privilege isn't a suggestion. It's the only thing standing between you and the 88% who already had an incident.
Evaluate Cisco's framework. DefenseClaw is open source. The Agent Runtime SDK works with the major cloud providers. You don't have to build this from scratch. But you do have to build it.
The Clock on This Is Short
Gartner projects AI governance spending will hit $492 million this year and surpass $1 billion by 2030. That money is going somewhere because the cost of not spending it is higher. Shadow AI breaches already cost an average of $670,000 more than standard security incidents, according to Help Net Security.
Every agent you deploy without identity, access controls, and audit trails is a bet that nothing will go wrong. 88% of organizations already lost that bet.
Stop shipping agents you can't see. Start building the boring stuff first.