AI agent vulnerabilities seen as greater threat than human misuse, study finds
Keyfactor survey reveals widespread concern over identity and governance gaps in autonomous systems
Nearly seven in ten cybersecurity professionals believe vulnerabilities in artificial intelligence agents and autonomous systems pose a greater threat than malicious human actors, according to a study by digital identity security company Keyfactor.
The Digital Trust Digest: AI Identity Edition, based on a survey of 450 cybersecurity professionals in North America and Europe, found that 69% of respondents ranked AI-agent vulnerabilities as the more serious risk.
A further 86% said AI agents cannot be trusted without unique, dynamic digital identities, while 85% predicted that such identities would become as widespread as those for humans and machines within five years.
Jordan Rackie, chief executive of Keyfactor, said, “As businesses race to deploy autonomous AI systems, the security infrastructure to protect them is falling dangerously behind.”
Despite the concern, only half of respondents said their security teams had governance frameworks in place for agentic AI systems. Just 28% believed they could prevent a rogue AI agent from causing damage, and 55% of security leaders said their executive teams were not treating agentic AI risks with sufficient seriousness.
On software supply chain risk, 68% of organisations admitted lacking full visibility or governance over AI-generated code contributions.
Related reading
- Demis Hassabis: why AGI is closer than it looks, and further away than the hype suggests
- Apple’s rumoured January event: Refresh, or reset?
- Elon Musk in full at Davos. Tech titan lays out a future built on robots, solar power and space infrastructure
Ellen Boehm, senior vice-president of Internet of Things and AI Identity Innovation at Keyfactor, said, “Vibe coding offers tremendous benefits for DevSecOps teams, but also significant risk if not secured appropriately.”
The survey was conducted by research firm Wakefield Research and targeted companies with at least 1,000 employees. Keyfactor has published the full findings on its website.
The Recap
- Keyfactor finds two-thirds view AI agents as larger security risk.
- Eighty-six percent say unique dynamic identities are required.
- Report cites survey of 450 cybersecurity professionals in North America.
