Seventy-eight percent of enterprises using AI have either suffered an AI-related security incident or found an AI-related vulnerability, a figure that turns enterprise AI security from a planning concern into an active control failure.

AI Agents Trip Alarms in Enterprise AI Security Rush
XOOMAR Intelligence
Analyst Take
That number comes from DigiCert, which surveyed 1,001 IT and cybersecurity leaders in the US, UK, and Australia, according to The Register Security. The sharper reading is not that AI code is breaking production everywhere. The reported incidents were tied to unauthorized or misconfigured AI agents, not flaws from AI-generated code.
That distinction matters. The enterprise AI security problem is less about magic models going rogue and more about familiar governance failures moving into faster, harder-to-audit systems.
Enterprise AI security has outrun the controls meant to contain it
DigiCert’s survey suggests companies moved AI systems into real workflows before identity, permissions, traceability, and governance were mature enough to support them. That is the core tension beneath the headline.
The survey found that 90 percent of organizations had discussed AI governance at the board level. Yet only 50 percent had dedicated AI governance budgets and formal governance programs. Board awareness is not the same as operating discipline.
DigiCert CEO Amit Sinha framed the issue as an identity problem:
“We wouldn’t allow an employee to operate without a verified identity. AI agents should be no different.”
That line is doing real work. If an AI agent can act inside a company, pull from systems, trigger workflows, or interact with data, then treating it like a vague software feature is a mistake. It needs identity, scope, logging, and revocation.
XOOMAR analysis: the survey points to a gap between AI ambition and AI administration. Enterprises appear to be approving the idea of AI faster than they are building the machinery to govern it.
The numbers expose a messy middle between incidents and vulnerabilities
The 78 percent headline includes both confirmed incidents and identified weaknesses. DigiCert’s spokesperson gave The Register a more useful split:
| Category | Share of respondents |
|---|---|
| Experienced one AI-related incident | 27.7 percent |
| Experienced multiple AI-related incidents | 21.9 percent |
| Had no incidents but identified vulnerabilities | 28.4 percent |
That breakdown matters because executives often blur three separate things: confirmed incidents, vulnerabilities, and governance gaps. Each demands a different response.
A confirmed incident means something already went wrong. A vulnerability means the organization found a weakness before, or without, a known incident. A governance gap means the company may not even know which category it is in.
DigiCert did not disclose incident details. That limits how far the evidence can go. The survey does not support claims about specific categories such as prompt leakage, model poisoning, exposed training data, or insecure plugins as measured outcomes here.
Still, the reported cause is specific enough: unauthorized or misconfigured AI agents. That points toward control-plane failures: who can create agents, what they can access, how they authenticate, and whether anyone can trace what they did.
Misconfigured AI agents are becoming the enterprise blind spot
The Register notes that bot badging infrastructure remains a work in progress. Several initiatives are underway, including Private Access Control Tokens (PACTs), Estonia's digital IDs for agents, and Microsoft's Agent ID.
Those efforts all circle the same problem: software agents need a way to prove what they are, who authorized them, and what they are allowed to do. Without that, organizations risk building workflows around actors they cannot cleanly identify.
This is where the phrase “AI governance” can become too soft. The practical question is harder: can the company tell the difference between an approved AI agent, a forgotten experiment, and a misconfigured tool with access it should not have?
For readers tracking this broader agent-management theme, XOOMAR’s related coverage includes Enterprise AI Agents Turn Safe Pilots Into Cost Traps and Slackbot Drags Salesforce CRM Into Enterprise AI Fight. The common thread is not that every AI workflow fails. It is that agentic systems create new operational dependencies before many companies have mature controls for them.
Boards are talking about AI governance, but traceability is lagging
The most revealing number in DigiCert’s findings may be 53 percent. That is the share of respondents who said their organization could trace AI decisions back to the models and source data that produced them.
The report puts the risk plainly:
“That becomes a problem the moment an AI system produces an unexpected or controversial result. Customers, executives, and regulators will all ask, 'Why did it do that?'”
That is not a philosophical concern. It is an accountability problem. If an AI system produces a result that affects a customer, a workflow, a compliance process, or an internal decision, “the model said so” is not an answer.
XOOMAR analysis: traceability is where AI governance stops being policy language and starts becoming evidence. If a company cannot reconstruct which model, which data, and which configuration produced an output, then its AI program has a weak audit trail even if no breach has occurred.
This is also where DigiCert’s framing aligns with its business focus. The company is a digital identity business, so it naturally emphasizes verified identity for AI agents. That does not invalidate the finding, but it should shape how readers interpret the prescription.
Nvidia's optimism clashes with security teams' lived reality
DigiCert’s report lands against a more upbeat industry message. The Register contrasts it with Nvidia's State of AI 2026 report, which says:
“Across every industry, AI is helping increase annual revenue and drive down annual costs while boosting productivity.”
Both claims can be true at once. AI can lift productivity in some settings while also creating security and governance problems when deployed without enough control. The conflict is about timing and burden.
The productivity story rewards fast rollout. The security story demands verification before scale. Enterprises trying to do both are discovering that governance is not a final checklist after deployment, it is part of the deployment architecture.
DigiCert’s findings also echo a Spacelift report from two weeks earlier, cited by The Register, which found 93 percent of organizations experienced AI-caused infrastructure incidents while only 19 percent had a governance plan in place. The two surveys are not identical, but they point in the same direction: AI systems are already creating operational consequences, while formal governance remains uneven.
Enterprise buyers need proof, not AI promises
For enterprise buyers, the practical takeaway is clear: AI procurement now needs to test the control layer, not just the model demo.
The questions should be concrete:
- Identity: Can every AI agent be uniquely identified and revoked?
- Permissions: What systems and data can the agent access?
- Logging: Can the company reconstruct agent actions after the fact?
- Traceability: Can outputs be tied back to source data and model configuration?
- Governance: Is there a funded program, or just board-level discussion?
For IT and security teams, DigiCert’s numbers support a tighter operating model around approved tools, agent registration, access limits, and review of high-impact AI actions. The source does not prove which specific technical controls work best, but it does show that informal deployment is already producing reported incidents and vulnerabilities.
Investors should read the same data as execution risk. Vendors selling “enterprise-ready” AI will increasingly need to prove governance, identity, and auditability. Productivity claims without control evidence will age badly.
Trusted AI platforms will separate from risky shortcuts
The next split in enterprise AI will likely be between systems that can prove identity, traceability, and governance, and tools that move faster because they avoid those controls.
That is XOOMAR analysis, grounded in the gap DigiCert measured: 90 percent board discussion, 50 percent formal governance and budget, and only 53 percent traceability. The companies that close those gaps can keep scaling AI with fewer unknowns. The ones that treat governance as paperwork will keep finding vulnerabilities after deployment.
The watch item is evidence. If future surveys show higher governance budgets, better traceability, and fewer incidents tied to unauthorized or misconfigured agents, the thesis weakens. If the incident share stays high while agent identity remains unfinished, the message from this report gets harder to dismiss: enterprise AI did not fail because companies asked too many questions. It is hurting because many asked too few before switching it on.
Impact Analysis
- AI security failures are already affecting enterprises, not just posing future risks.
- The biggest weakness appears to be governance of AI agents, not AI-generated code itself.
- Board awareness has not yet translated into consistent budgets, controls, and operating discipline.
Enterprise AI Governance Gap
| Governance Indicator | Share of Organizations |
|---|---|
| Discussed AI governance at board level | 90% |
| Have dedicated AI governance budgets and formal programs | 50% |
| Reported an AI-related security incident or vulnerability | 78% |
Enterprise AI Security and Governance Metrics
Sources
Written by
XOOMAR Insights Team
Research and Editorial Desk
The XOOMAR Insights Team pairs automated research with human editorial judgment. We track hundreds of sources across technology, fintech, trading, SaaS, and cybersecurity, cross-check the facts, and explain what happened, why it matters, and what to watch next. We do not just rewrite headlines. Every article is fact-checked and scored for reliability before it goes live, and we link back to the original sources so you can verify anything yourself.
Explore More Topics
Related Articles
Cybersecurity$66M Bet Throws NewCore Into AI Identity Security Fight
NewCore exits stealth with $66M to secure human, machine and AI agent identities from one enterprise control plane.
CybersecurityHacktivists Deface US Army Websites to Taunt Trump
Hacktivists defaced two US Army tech sites’ error pages with pro-Kurdish messages and insults aimed at Trump. No data theft was confirmed.
CybersecurityGitLost Turns GitHub Agentic Workflows Against Private Repos
GitLost shows one malicious public GitHub Issue can hijack AI workflows and reach private repo data without stolen credentials.
Cybersecurity6.9M Drivers Face Scams After AssuranceAmerica Data Breach
Hackers stole data tied to 6.9M AssuranceAmerica drivers, including licenses, policy details and claims data.
CybersecurityUS Slaps $10M Bounty on Russian Signal, WhatsApp Hackers
$10M is on the table for tips on Russia-linked groups accused of hijacking Signal and WhatsApp accounts used by officials and journalists.
Future FictionThe Sentinels Free Stream Locks Out Most Countries
The Sentinels streams free on BBC iPlayer and SBS On Demand, but access depends on where you are.
Global TrendsRemains Discovery Triggers Jana Armstrong Murder Charge
Police charged a 48-year-old man with murder after remains believed to be Jana Armstrong's were found near Toowoomba.
Technology$499 Trump Phone Flops as Buyers Get a Costly Souvenir
The $499 Trump Mobile T1 got a brutal 3 Verge Score, exposing a political souvenir trying to pass as a serious Android phone.
TechnologyAsus ProArt KD300 Exposes the Productivity App Trap
The Asus ProArt KD300 argues that the best productivity upgrade isn't another app, but one compact keyboard that makes five devices easier to use.
FintechTether Stake Sale Could Crack Its $500B Valuation Test
A former Tether CIO’s planned stake sale could give investors the rare price check they’ve wanted on the private USDT giant.
Don't miss the signal
Get our weekly roundup of the stories that matter across tech, fintech, and trading. No noise, just signal.
Free forever. No spam. Unsubscribe anytime.