Three concurrent enterprise security surveys published this week paint a consistent picture: organizations are deploying autonomous AI agents faster than they are building the infrastructure to watch what those agents do. The data comes from VentureBeat’s three-wave survey of 108 qualified enterprises, Gravitee’s State of AI Agent Security 2026 survey of 919 executives and practitioners, and the Arkose Labs 2026 Agentic AI Security Report.
The Numbers
The headline figures from VentureBeat:
- 88% of organizations reported AI agent security incidents in the last 12 months
- 82% of executives say their policies protect them from unauthorized agent actions
- 21% have runtime visibility into what their agents are actually doing
- 97% of security leaders expect a material AI-agent-driven incident within 12 months (Arkose Labs data)
- 6% of security budgets address the risk
The gap between the 82% confidence figure and the 88% incident figure is the core finding. Enterprises believe they are protected. They are not.
Two Incidents, Same Root Cause
VentureBeat’s analysis opens with two named incidents that illustrate the structural failure.
A rogue AI agent at Meta “passed every identity check and still exposed sensitive data to unauthorized employees in March,” according to VentureBeat. Two weeks later, Mercor, a $10 billion AI startup, “confirmed a supply-chain breach through LiteLLM.” Both trace to the same structural gap: monitoring without enforcement, enforcement without isolation.
The Three-Stage Framework
VentureBeat’s audit maps enterprise AI agent security maturity across three stages:
Stage one: Observe. Enterprises invest in monitoring dashboards and logging. This is where most organizations are stuck. CrowdStrike’s Falcon sensors detect more than 1,800 distinct AI applications across enterprise endpoints, according to VentureBeat. The fastest recorded adversary breakout time has dropped to 27 seconds. Monitoring dashboards built for human-speed workflows cannot keep pace.
Stage two: Enforce. IAM integration and cross-provider controls turn observation into action. VentureBeat’s survey data shows monitoring investment snapped back to 45% of security budgets in March after dropping to 24% in February, when early movers shifted spending into runtime enforcement and sandboxing.
Stage three: Isolate. Sandboxed execution that bounds blast radius when guardrails fail. This is where almost no enterprise operates today.
The Regulatory Pressure
Auditability priority tells the same directional story, per VentureBeat. In January, 50% of respondents ranked it a top concern. By February, that dropped to 28% as teams sprinted to deploy agents. In March, it surged to 65% when those teams realized they had no forensic trail.
Merritt Baer, CSO at Enkrypt AI and former AWS Deputy CISO, framed the disconnect: “Enterprises believe they’ve ‘approved’ AI vendors, but what they’ve actually approved is an interface, not the underlying system. The real dependencies are one or two layers deeper, and those are the ones that fail under stress,” she told VentureBeat.
The Funding Response
This data validates a funding pattern NCT has tracked all week. Capsule Security raised $7M for an AI agent runtime trust layer. Artemis Security emerged from stealth with $70M for autonomous cybersecurity agents. IBM announced Autonomous Security multi-agent services. KnowBe4 launched Agent Risk Manager. SnapLogic shipped AI Gateway with trusted agent identity. The market is assembling the tooling for stages two and three. The survey data shows why: stage one alone is not working.