A new report from identity security platform SailPoint reveals the disconnect between companies' desperate drive to quickly deploy AI agents, and the growing security risk posed by inadequate governance.

• Fast track to trouble: The report found that 96% of the nearly 400 IT pros admit to not having proper security in place for the newly adopted tech. Over 80% of organizations said they already use AI agents, while 98% plan to expand their use this year. Despite this rush, less than half of orgs have actual policies to manage these tools, which are already accessing sensitive corporate data from financials to customer records.

• Hard to control: The study found the vast majority of companies admit their AI agents have performed unintended actions. These aren't just quirks; nearly 40% of respondents reported agents accessing unauthorized systems, around a third saw them share inappropriate data or download sensitive content, and almost a quarter had agents tricked into revealing access credentials. Consequently, nearly three-quarters of tech professionals now consider AI agents a bigger security risk than traditional machine identities.

• Blind spot growing: This governance gap is glaring, as over 90% of IT pros agree that proper oversight is essential for enterprise security. Compounding the problem, TechRadar notes that only just over half of IT teams actually know what data their AI agents can access, leaving many organizations flying blind.

"Agentic AI is both a powerful force for innovation and a potential risk,” said Chandra Gnanasambandam, SailPoint's CTO. He stressed that organizations must govern AI agents as strictly as human users, ensuring real-time permissions and full visibility.

The AI agent market is projected for explosive growth, hitting nearly $217 billion by 2035, while executives are overwhelmingly increasing AI spending. This push is fueled by the drive to automate and personalize, even as SMBs also jump on the AI agent bandwagon.