CSA Study: Over Half of Organizations Face AI Agent Scope Violations
New research shows rapid AI adoption is outpacing governance, with unintended AI agent behavior becoming common across enterprises
“AI agents are already operating at scale as part of the enterprise digital workforce, but security and governance haven’t kept pace with their autonomous actions,” said Hillary Baron, AVP of Research, Cloud Security Alliance. “The findings highlight gaps in visibility, runtime controls, and action traceability, underscoring the need for organizations to evolve their governance and security strategies, designing them specifically for autonomous systems and scaling them alongside adoption.”
Recommended: AI-Powered DevOps: From CI/CD to Continuous Intelligence
Among the survey’s key findings:
- AI agent usage by organizations is widespread. Forty-three percent of organizations report that more than half of employees use AI agents regularly, with adoption spanning IT (53%), security (37%), customer service (34%), and engineering (34%).
- Shadow AI agents appear early in adoption. More than half (54%) of organizations report between 1–100 unsanctioned AI agents, with ownership often unclear. Only 15% said that 76–100% of agents have defined ownership, while 34% reported ownership visibility for just 26–50% of AI agents.
- AI agent scope violations are now routine. Only 8% of respondents said AI agents never exceed their intended permissions. Just 16% reported high confidence in their ability to detect AI agent-specific threats, while 44% reported low or no confidence.
- Compliance becomes the default without an AI-agent security strategy. While 50% of respondents report having at least partially documented governance policies for AI agent usage, only 31% have formally adopted a policy. Respondents listed HIPAA (43%), NIST AI Risk Management Framework (37%), and SOC 2 or ISO 27001 (34%) as the frameworks that most influence their AI agent governance. Only 13% reported feeling highly prepared for upcoming AI-related regulations, while 49% indicate they feel slightly or not at all prepared.
“For years, the AI security conversation has focused on prompts. What this report confirms is that the real question is different: why did the agent do that? Agents are reading emails, accessing financial data, and changing configurations inside core business workflows. Most organizations can’t say what those agents have accessed, what decisions they’ve made, or who is accountable when something goes wrong,” said Ben Kliger, co-founder and CEO of Zenity. “When scope violations are routine for 9 in 10 organizations and only 13% feel prepared for the regulatory scrutiny ahead, the problem isn’t awareness. It’s that legacy security was built to monitor what users say, not what autonomous systems do. The risk lives in runtime, in what agents actually do once they’re in motion. That’s where security has to be.”
Recommended: RAG vs Fine-Tuning vs Agents: Choosing the Right AI Approach
Zenity commissioned CSA to develop a survey to better understand the industry’s knowledge, attitudes, and opinions regarding autonomous AI agents. Zenity financed the project and co-developed the questionnaire with CSA research analysts. The survey was conducted online by CSA in September and November 2025 and received 445 responses from IT and security professionals from organizations of various sizes and locations. CSA’s research analysts performed the data analysis and interpretation for this report.
Write to us [wasim.a@demandmediaagency.com] to learn more about our exclusive editorial packages and programmes.
