As enterprises accelerate the adoption of Artificial Intelligence (AI) agents to streamline operations, a significant security gap has emerged. According to a recent survey by identity security leader SailPoint, a staggering 80% of companies using AI agents have reported cases where these autonomous systems performed unintended or unauthorized actions.

The Rise of Unintended Behaviors
The report, titled "AI Agents: The New Security Attack Surface," conducted in partnership with Dimensional Research, reveals that while 82% of enterprises have already integrated AI agents, they are struggling to control them. The most common anomalies reported include:

Unauthorized system access (39%)
Accessing sensitive data (33%)
Unauthorized data downloads (32%)
Inappropriate data sharing (31%)

Speaking with ETNews, Chern-Yue Boey, Senior Vice President of Solutions Engineering for APAC at SailPoint, explained that the very nature of AI agents creates these risks. "AI agents are designed to navigate various systems and datasets to achieve specific goals. In this process, they often trigger unintended data access that traditional account-centric security models cannot effectively monitor," Boey stated.

A Governance Gap
The survey highlights a stark disconnect between risk perception and actual defense. While 96% of respondents view AI agents as a growing security threat, and 66% consider the danger "immediate," only 44% have implemented formal governance policies. Furthermore, only about half of the companies (52%) possess the capability to track or audit the data accessed by these agents.

The reality of these threats is underscored by recent high-profile breaches. Last year, a vulnerability in McDonald's AI-driven recruitment system led to the exposure of 64 million personal records. Similar data and code leakages have been reported at McKinsey and Anthropic, signaling that even tech-forward firms are vulnerable.

The Shift to Unified Identity Security
To address these challenges, SailPoint launched its AI Agent Identity Security (AIS) solution last October. Leveraging over 20 years of experience in human identity governance, the platform is designed to track data flows and manage access privileges specifically for non-human autonomous entities.

Boey emphasized that the current "siloed" approach—where human accounts, cloud permissions, and AI agents are managed separately—is a recipe for disaster. "Managing these elements in isolation makes it impossible to gain full visibility into the security landscape," he warned.

He concluded by advising enterprises to match their AI deployment speed with robust governance frameworks. "By integrating scattered AI agents into a single platform, companies can minimize risk and ensure that their AI innovation does not come at the cost of data integrity."