Zendoric
← Back to the day · July 10, 2026

One key, five agents: why 69% of companies couldn't say which of their AIs failed

🕒 Published on Zendoric: July 10, 2026 · 00:24

A VentureBeat survey of 107 companies reveals that 69% share credentials among AI agents, and that the more agents large companies deploy, the less they isolate them. While Palo Alto Networks, CrowdStrike and Cisco invest more than $22 billion in machine identity, most companies still rely on the free filters of the model provider itself.

🎧 Listen to the analysis
🎉 We're already a big community — and growing every dayJoin the readers who never miss the AI analysis that sets the momentum. Subscribe free.

We'll send you a confirmation email (double opt-in). Privacy.

By VentureBeat · July 9, 2026.

The data are concrete and come from a serious survey: the June 2026 wave of VentureBeat's Pulse Research, with 107 companies of more than 100 employees, found that 69% run AI agents sharing credentials at some point in their deployment. Only 32% give each agent its own scoped identity; another 32% operate mostly with shared API keys or borrowed human credentials. The problem is not abstract: more than half of the companies surveyed (54%) have already suffered a security incident or near-incident involving agents—18% confirmed and 36% stopped at the last moment. And the most uncomfortable figure in the report is that risk grows with company size while protection does the opposite: the share of incidents rises from 49% in mid-sized companies to 63% in those with more than 1,000 employees, but sandboxing of the most sensitive agents falls from 35% to 20% over that same jump. The more agents an organization deploys, the less contained each piece is.

The market context explains the urgency. Palo Alto Networks closed its purchase of CyberArk in February for $21.1 billion—the largest move in its history; CrowdStrike integrated the real-time authorization platform SGNL ($740 million) in less than a year and already sells its first derived product, Continuous Identity for AI Agents; Cisco announced in May the acquisition of Astrix Security, which specializes in non-human identities, for around $400 million. That is more than $22 billion wagered in less than a year on the bet that agent identity management will be the next major layer of enterprise security, just as cloud security was a decade ago. And yet, according to the survey itself, 82% of companies point to the model provider's native filters as their main control—OpenAI leads with 51% penetration, followed by Google Cloud (36%), Microsoft Azure (35%) and Anthropic (29%)—tools designed to detect malicious intent in an instruction, not to grant an agent its own identity or to isolate it. Dedicated specialists in identity and sandboxing—Prisma AIRS, CrowdStrike, Okta for AI Agents, Zenity—barely reach single-digit adoption, though twelve-month purchase intent (59% plan to add or replace tools, 29% this very quarter) suggests companies already know their current stack is provisional.

Our reading is that this report portrays, more precisely than most, the underlying problem of agentic AI in the short term: it is not that the models are not capable enough, it is that organizations are deploying them faster than they manage to govern them. An agent without its own identity is indistinguishable from four others sharing the same key; if one is compromised, the attacker inherits at a stroke the accumulated permissions of all of them, and the forensic trail goes dark at exactly the point—the credential—where the investigation should begin. This is consistent with something we have already noted at Zendoric when analyzing real agent deployments in production: the competitive advantage—and now the vulnerability as well—no longer lies in which model is used, but in the identity and traceability architecture that surrounds it. The quote from Elia Zaitsev, CrowdStrike's CTO, sums up the necessary shift in approach well: observing what an agent actually did is a solvable technical problem; guessing its intent from language is not. That is why prompt filters, free and already installed, give a false sense of coverage (companies rate their current security at a solid 4.2 out of 5) while only 35% truly believe they are ahead of the attackers.

This does not change the underlying thesis about where all this is heading. The abundance agentic AI promises—automated processes that free people from repetitive tasks to focus on what adds real value—only materializes if the trust layer keeps pace with deployment; if it does not, each incident chips away at credibility and slows adoption, delaying precisely the benefits we defend as the horizon. The gap between exposure and containment that this report documents—wider the bigger and more agentic the company—is the kind of short-term friction that must be resolved with boring engineering (scoped identities, sandboxing, budget matched to risk), not with more guardrail marketing. The acquisitions by Palo Alto Networks, CrowdStrike and Cisco bet that such engineering will be bought, not invented from scratch; the question the report itself leaves open—whether companies close this gap by their own decision or because a security breach forces them to—is, at bottom, the same dilemma every transformative technology faces: govern it in time or learn the hard way.

🔗 Related on Zendoric

Sources & references

Get the analysis by email · free

One email a day analysing the AI essentials. Free, no spam, unsubscribe anytime.

We'll send you a confirmation email (double opt-in). Privacy.