54% Had AI Agent Incidents. 86% of GPUs Run Half-Empty.

VentureBeat survey of 573 leaders reveals enterprises deployed AI agents without governance. 54% already had incidents. Here's the 5-layer control stack and readiness assessment.

By Rajesh Beri·July 11, 2026·17 min read
Share:
THE DAILY BRIEF
AI Agent GovernanceEnterprise AI SecurityGPU UtilizationAgentic AI
54% Had AI Agent Incidents. 86% of GPUs Run Half-Empty.

VentureBeat survey of 573 leaders reveals enterprises deployed AI agents without governance. 54% already had incidents. Here's the 5-layer control stack and readiness assessment.

By Rajesh Beri·July 11, 2026·17 min read

By Rajesh Beri | July 11, 2026


Enterprise companies knowingly deployed AI agents before building the controls to govern them. Now they are paying for it — and scrambling to retrofit.

That is the central finding from VentureBeat Research's June 2026 survey of 573 technical leaders at companies with 100 or more employees. The survey spanned five parallel investigations of the "agentic stack" — identity, evaluation, cost telemetry, context, and orchestration — and found the same pattern in every layer: deployment ran ahead of governance, visibility, and cost control. Fifty-four percent of companies already experienced an agent security incident or near-miss in the past 12 months. Twenty-seven percent do not learn what an agent costs until the invoice arrives.

Meanwhile, the hardware enterprises bought to power these agents sits largely unused. Eighty-six percent of GPU operators report utilization of 50% or less — the most expensive equipment in the building, running at no more than half capacity. Wall Street has spent the quarter debating whether the AI buildout is overbuilt. Enterprises just answered: it is underused.

The spending response tells the real story. Roughly six in 10 enterprises plan to switch or add vendors in each of the five control layers within the next 12 months. A third plan to move within the quarter. No layer has an established incumbent. The AI governance market, valued at roughly $492 million in 2026, is projected to exceed $1 billion by 2030. This is not a technology story. It is a $22 billion buying spree that has already begun.


The Five-Layer Agentic Control Gap

VentureBeat's research reveals that enterprises need governance across five distinct layers — and most are inadequately covered in all of them.

Layer 1: Identity — Who Is This Agent?

Sixty-nine percent of enterprises run credential sharing somewhere in their agent fleet. Multiple agents operate under one API key or service account, which means a single compromised agent inherits the reach of every workflow the key touches. The forensic trail goes cold at the credential level — five agents on one account leave no record of which agent did what.

The security math is unambiguous. Organizations with credential sharing anywhere experienced incidents at a 63.5% rate, versus 40.9% where every agent has its own scoped identity. Only 32% of enterprises give each agent a managed, scoped identity today.

The market has noticed. Palo Alto Networks completed its $25 billion acquisition of CyberArk in February 2026 and rebranded it as Idira, a next-generation identity platform for AI agent access and authorization. CrowdStrike closed its $740 million acquisition of SGNL and shipped Continuous Identity for AI Agents by June 15, using SPIFFE-based cryptographic identities that dynamically grant, deny, and revoke access based on real-time risk. Cisco acquired Astrix Security for $400 million, targeting the API keys, service accounts, and OAuth tokens that agents use to execute work at scale.

Combined: more than $26 billion in acquisitions targeting the single control layer most enterprises haven't built yet.

Layer 2: Evaluation — Is the Agent's Work Any Good?

Two-thirds of enterprises already permit agents to push changes to production on automated evaluations alone — or are engineering their pipelines to do so within 12 months. The problem: only 5% fully trust those evaluations.

Half of enterprises shipped an agent that passed internal evaluations and then caused a customer-facing failure. One in four watched it happen more than once. The most common weakness cited: "poor alignment with real-world outcomes" (29% of respondents). Once agents are live, only 23% run real-time quality checks on outputs. Another 51% monitor uptime only — the system is running, but nobody is checking whether the answers are right.

The NIST Generative AI Profile makes the same point: measurements gathered in controlled environments may not transfer to deployment because behavior changes with prompts, users, context, and operating conditions.

Layer 3: Cost Telemetry — What Does Each Agent Actually Cost?

Twenty-seven percent of enterprises exercise only reactive control of agent spend — they learn what an agent costs when the invoice arrives, with no per-agent budget or ceiling in place. Only 44% rigorously track what their AI compute actually costs and returns. Everyone else is estimating.

This measurement gap is compounded by the GPU underutilization crisis. Despite 86% of enterprises reporting GPU utilization at 50% or less, 45% say the emerging compute option they are most likely to evaluate next is an AI-specialized neocloud (CoreWeave, Lambda, Crusoe, Nebius). Under 2% actually use one today. Enterprises are shopping for more compute before measuring what they already own.

The FinOps Foundation's 2026 State of FinOps report found that 98% of FinOps teams now manage AI spend, up from 31% — but 41% of enterprises still waste 15% or more of their AI budgets on idle or poorly allocated resources.

Layer 4: Context — What Business Data Do Agents Read?

Fifty-seven percent of enterprises traced at least one confident, wrong agent answer to their own missing or inconsistent business context: wrong metrics, stale definitions, absent documents. Most saw it happen repeatedly.

The fix is a governed semantic layer — one authoritative definition of the business that every AI reads from. Only 25% of enterprises run one in production. Thirty-four percent are building one. Forty-one percent haven't started.

Microsoft's IQ platform targets exactly this layer, unifying siloed enterprise data into the single source of truth that feeds enterprise agents. ServiceNow's AI Control Tower took a similar approach, positioning its platform as the orchestration layer that ensures agents read from governed business definitions.

Layer 5: Orchestration — Who Coordinates Multi-Step Work?

Here is where the "agentwashing" problem becomes measurable. Seventy-one percent of enterprises say a quarter or fewer of their deployed "agents" can complete multi-step work on their own. Only 10% say true agents are the majority. The rest are single-prompt chatbots — what Gartner calls "agentwashing."

This matters because the label determines the bill. A chatbot with a human reading every answer needs none of the identity, evaluation, or cost controls this report covers. A true multi-step agent needs all of them. The inflated adoption figures — Zapier's survey shows 72% deploying autonomous agents, Writer's survey shows 97% — are the benchmarks boards use to pressure technical leaders into moving faster. VentureBeat's data says the real bar is far lower than headlines suggest.


Why This Matters

For CIOs and CTOs: The Vendor Lock-In Shift

The survey captured a significant shift in enterprise priorities. In spring 2026, the top concern about provider-controlled orchestration was security and permissioning limits (32%). By June, vendor lock-in led at roughly a third. The likely catalyst: the June 12 Commerce Department export order that took Anthropic's Claude Fable 5 offline for nearly three weeks, followed by open-weight releases from Z.ai's GLM-5.2 (MIT license, one-sixth the price of GPT-5.5) and Tencent's Hy3 (Apache 2.0).

The posture data reflects this: 51% now expect their primary control plane to be hybrid — provider-native plus external orchestration — by end of 2026, up from 34% in spring. Enterprises relying purely on provider-managed agent services fell from 12% to 7%.

For CFOs: The $26 Billion Signal

The security vendors are spending $26 billion on acquisitions because the enterprises haven't spent enough on controls. According to Gartner, spending on dedicated AI governance platforms will reach $492 million in 2026, growing to more than $1 billion by 2030. But the real spending is in the adjacent categories: agent identity, evaluation tooling, cost telemetry, and semantic layer infrastructure. Combined, the AI agent market is projected to grow from $10.9 billion in 2026 to $182.9 billion by 2033, a 49.6% CAGR.

The GPU underutilization alone represents billions in wasted capital. An NVIDIA H100 SXM5 8-GPU server costs $250,000–$350,000. At 50% utilization, enterprises are burning $125,000–$175,000 per server per year in idle capacity. Multiply across fleet sizes and the write-down risk is enormous.

For Business Leaders: The Cancellation Cliff

Gartner predicts more than 40% of agentic AI projects will be canceled by 2027. The causes: escalating costs, unclear business value, and inadequate risk controls. Forbes contributor Robert Szczerba argues the coming cancellation wave is "a management problem wearing a technology costume." Gartner estimates only about 130 of the thousands of vendors claiming agentic AI capabilities are genuine.

Deloitte's 2026 State of AI in the Enterprise report found that 74% of companies plan to deploy sophisticated AI agents within two years — but deployment is no longer the hardest part. Redesigning work, defining governance for autonomy, and measuring value clearly are where projects die.


Framework 1: Agentic Control Stack Readiness Assessment

Score your organization across all five layers (1–5 points each, max 25):

Identity Layer (1–5 points)

Score Criteria
1 Agents share API keys or human credentials. No inventory of agent identities.
2 Partial inventory exists. Some agents have dedicated service accounts, many share.
3 Majority of agents have scoped identities. Credential rotation is manual.
4 All production agents have scoped, managed identities. Automated rotation in place.
5 Cryptographic (SPIFFE-based) identities per agent. Real-time dynamic authorization. Zero standing privileges.

Evaluation Layer (1–5 points)

Score Criteria
1 No automated evaluation. Ship based on manual spot-checking.
2 Pre-deployment evals exist but not tested against production outcomes.
3 Pre-deployment evals validated against production data. No real-time monitoring.
4 Real-time quality monitoring on agent outputs. Production incidents feed back into eval suite.
5 Continuous regression testing against production outcomes. Every failure becomes a permanent test case. Repeatability measured as a first-class metric.

Cost Telemetry Layer (1–5 points)

Score Criteria
1 Learn agent costs when invoice arrives. No per-agent budget tracking.
2 Aggregate AI spend tracked. No per-agent or per-workload attribution.
3 Per-workload cost tracking in place. No automated budget ceilings.
4 Per-agent cost attribution with automated alerts. GPU utilization tracked at workload level.
5 Real-time per-agent cost dashboards. Automated budget ceilings with kill switches. GPU utilization rigorously tracked and optimized above 70%.

Context Layer (1–5 points)

Score Criteria
1 No governed definitions. Agents pull from whatever data they can reach.
2 Some key metrics and entities defined, but not enforced across all agents.
3 Governed semantic layer under construction. Core metrics unified.
4 Semantic layer in production. All agents read from governed definitions. Periodic audits.
5 Real-time governed semantic layer. Automated drift detection. Version-controlled business definitions with change management.

Orchestration Layer (1–5 points)

Score Criteria
1 No orchestration. Individual agents deployed ad hoc. No multi-step coordination.
2 Basic workflow tooling. Agents primarily single-prompt with human-in-the-loop.
3 Multi-step agent workflows in production for some use cases. Hybrid control plane (provider + external).
4 Centralized control plane. Agent portability across providers. Rollback capabilities.
5 Full hybrid orchestration. Multi-provider agent portability. Real-time monitoring with automated intervention. Disaster recovery tested.

Scoring Interpretation

Total Score Readiness Level Recommended Action
5–10 Critical Gap Stop deploying new agents. Audit existing fleet for shared credentials and unmonitored access.
11–15 Below Baseline Prioritize identity and cost layers. Establish per-agent budgets. Begin semantic layer buildout.
16–19 Progressing Close evaluation and orchestration gaps. Test evals against production outcomes. Build hybrid control plane.
20–22 Advanced Optimize GPU utilization. Implement real-time dynamic authorization. Add continuous regression testing.
23–25 Production-Grade Focus on portability and multi-provider resilience. Benchmark against VB Transform Q3 survey data.

Based on VentureBeat's data, the median enterprise likely scores 8–12 — firmly in the "Below Baseline" range.


Framework 2: 90-Day Agentic Control Retrofit Plan

For enterprises that deployed agents ahead of controls (which is most of them), here is a phased remediation plan:

Phase 1: Weeks 1–4 — Inventory and Triage

Goal: Know what you have and where the biggest risks are.

Week Action Success Criteria
1 Inventory all deployed agents — type (true agent vs. chatbot), credentials, data access, production status Complete agent registry with credential mapping
2 Classify agents by autonomy level: single-prompt, human-in-loop, multi-step autonomous Clear tier labels on each agent
3 Audit credential sharing. Identify all agents running on shared API keys or human credentials Shared credential map with blast-radius assessment
4 Measure GPU utilization per workload. Calculate idle cost per server Utilization report with dollar waste quantified

Expected outcome: A clear picture of how many "agents" are actually chatbots (likely 75%+), which credentials are shared (likely 69%), and how much GPU capacity is wasted (likely 50%+).

Phase 2: Weeks 5–8 — Close the Identity and Cost Gaps

Goal: Eliminate the two highest-risk attack surfaces.

Week Action Success Criteria
5–6 Assign scoped, managed identities to every production agent, starting with agents that touch customer data or financial systems Zero shared credentials on high-risk agents
7 Implement per-agent cost tracking with automated budget ceilings Per-agent cost dashboards live
8 Consolidate or decommission GPUs running below 30% utilization. Migrate bursty workloads to serverless/neocloud Utilization above 50% on all retained hardware

Expected outcome: Incident rate drops from ~63% (credential sharing) toward ~41% (scoped identities). GPU waste reduced by 30–50%.

Phase 3: Weeks 9–12 — Evaluation and Context Governance

Goal: Ensure agent outputs are correct, not just operational.

Week Action Success Criteria
9 Test existing automated evaluations against production outcomes. Identify gaps between eval scores and customer-facing failures Eval-to-production alignment report
10 Convert every production incident and customer escalation into a permanent regression test Incident-driven test suite established
11 Begin governed semantic layer buildout: unify core metrics and entity definitions Core metrics catalog published
12 Implement real-time output quality monitoring (not just uptime) on top-priority agents Quality dashboards live on 3+ agents

Expected outcome: Eval trust improves from 5% baseline. Context-driven hallucinations reduced as agents read from governed definitions.


Market Context: The $26 Billion Control Stack Arms Race

The enterprise security industry is consolidating around agent governance at unprecedented speed:

Acquirer Target Deal Value Control Layer Status
Palo Alto Networks CyberArk (now Idira) $25B Identity Completed Feb 2026, GA May 2026
CrowdStrike SGNL $740M Identity Completed, product shipped June 2026
Cisco Astrix Security $400M Identity (NHI) Announced May 2026

These acquisitions total more than $26 billion — and they target just one of the five control layers. The evaluation, cost telemetry, context, and orchestration layers remain wide open, with no established incumbents. VentureBeat's data shows 57%–64% of enterprises plan to add or switch vendors across all five layers within 12 months.

The current default across all layers is the model provider's built-in tools — OpenAI's guardrails lead at 51%, followed by Google Cloud (36%), Microsoft Azure (35%), and Anthropic (29%). These defaults are winning on convenience, but they do not provide scoped identity or isolation, the two controls most correlated with lower incident rates.

The parallels to cloud security a decade ago are striking. Palo Alto Networks, CrowdStrike, and Wiz built multi-billion-dollar businesses on the gaps that native cloud controls left open. Agent security is tracking the same path — faster. As CrowdStrike CTO Elia Zaitsev put it at RSAC 2026: "Observing actual kinetic actions is a structured, solvable problem. Intent is not."

Forrester's 2026 agentic AI assessment, titled "Companies Are Chasing, Few Are Catching," found roughly three-quarters of enterprises adopting agentic AI but only a sliver running it in production. Forty-nine percent of security decision-makers flagged agentic AI as a concern. An academic study of agentic AI adoption across industrial firms placed most companies at the lowest rungs of an agent-maturity scale, with exactly one company reaching genuine multi-agent orchestration.


Case Study: From Credential Sharing to Scoped Identity at Scale

The VentureBeat data provides a natural experiment. Organizations that eliminated credential sharing everywhere in their agent fleet experienced a 40.9% incident rate. Those with credential sharing anywhere operated at 63.5% — a 55% higher risk.

One concrete example of the remediation path: CrowdStrike's Continuous Identity for AI Agents, shipped June 15, 2026, uses the SPIFFE open standard to assign every agent a cryptographically verifiable identity. Instead of sharing API keys, each agent gets a short-lived certificate that dynamically grants, denies, and revokes access based on the agent's owner, its calling context, and the device's real-time risk posture.

The practical lesson is straightforward. A financial services firm running 200 agents with 50 shared API keys faces exposure across every workflow those keys touch. Migrating to per-agent scoped identities — whether through CrowdStrike's SGNL-based solution, Palo Alto's Idira platform, or an in-house implementation — reduces the blast radius from "entire fleet" to "single agent." VentureBeat's data suggests this one change could cut incident rates by roughly 35%.

The UK's AI Safety Institute analyzed more than 177,000 agent tools built between late 2024 and early 2026 and found that "action" tools — those that send emails, change files, or move money rather than just describe it — rose from 24% to 65% of usage in 16 months. Agents are crossing from suggestion to action faster than controls can keep up. The credential-sharing problem is not static; it is compounding.


What to Do About It

For CIOs: Technical Next Steps

  1. Audit agent identities this quarter. The data is clear: credential sharing is the highest-correlation risk factor. Give every production agent a scoped, managed identity before adding new agents.
  2. Measure GPU utilization per workload, not per cluster. Eighty-six percent utilization below 50% means most enterprises should optimize existing compute before buying more — whether from neoclouds, AMD, or new NVIDIA hardware.
  3. Build a hybrid control plane. The majority (51%) expects hybrid orchestration by year-end. Start evaluating external orchestration tools that work across providers.

For CFOs: Financial Next Steps

  1. Quantify GPU waste in dollars. At current H100 prices, 50% idle capacity on a 10-server fleet burns $1.25–$1.75 million per year. This is a board-level write-down risk.
  2. Require per-agent cost attribution. Twenty-seven percent of enterprises lack it entirely. No agent should deploy without a budget ceiling and cost tracking.
  3. Watch the vendor switching wave. 57%–64% of enterprises plan to change vendors across five control layers. Your procurement team will be inundated. Build an evaluation framework now.

For Business Leaders: Strategic Next Steps

  1. Challenge "agentwashing" in your org. Ask the hard question: of deployed "agents," how many complete multi-step work autonomously? VentureBeat's data says it's probably fewer than 25%.
  2. Set success metrics before greenlighting pilots. Forbes' Robert Szczerba identifies three questions every executive should answer before funding an agent project: What is the success metric? What data does it need? When it fails, who owns the outcome?
  3. Plan for the retrofit, not just the rollout. Deloitte's data shows deployment is no longer the hardest part. Governance, value measurement, and rollback controls are where the next 18 months will be won or lost.

Continue Reading

THE DAILY BRIEF

Enterprise AI insights for technology and business leaders, twice weekly.

beri.net

Subscribe at beri.net/subscribe for twice-weekly AI insights delivered to your inbox.

LinkedIn: linkedin.com/in/rberi  |  X: x.com/rajeshberi

© 2026 Rajesh Beri. All rights reserved.

54% Had AI Agent Incidents. 86% of GPUs Run Half-Empty.

Photo by Panumas Nikhomkhai on Pexels

By Rajesh Beri | July 11, 2026


Enterprise companies knowingly deployed AI agents before building the controls to govern them. Now they are paying for it — and scrambling to retrofit.

That is the central finding from VentureBeat Research's June 2026 survey of 573 technical leaders at companies with 100 or more employees. The survey spanned five parallel investigations of the "agentic stack" — identity, evaluation, cost telemetry, context, and orchestration — and found the same pattern in every layer: deployment ran ahead of governance, visibility, and cost control. Fifty-four percent of companies already experienced an agent security incident or near-miss in the past 12 months. Twenty-seven percent do not learn what an agent costs until the invoice arrives.

Meanwhile, the hardware enterprises bought to power these agents sits largely unused. Eighty-six percent of GPU operators report utilization of 50% or less — the most expensive equipment in the building, running at no more than half capacity. Wall Street has spent the quarter debating whether the AI buildout is overbuilt. Enterprises just answered: it is underused.

The spending response tells the real story. Roughly six in 10 enterprises plan to switch or add vendors in each of the five control layers within the next 12 months. A third plan to move within the quarter. No layer has an established incumbent. The AI governance market, valued at roughly $492 million in 2026, is projected to exceed $1 billion by 2030. This is not a technology story. It is a $22 billion buying spree that has already begun.


The Five-Layer Agentic Control Gap

VentureBeat's research reveals that enterprises need governance across five distinct layers — and most are inadequately covered in all of them.

Layer 1: Identity — Who Is This Agent?

Sixty-nine percent of enterprises run credential sharing somewhere in their agent fleet. Multiple agents operate under one API key or service account, which means a single compromised agent inherits the reach of every workflow the key touches. The forensic trail goes cold at the credential level — five agents on one account leave no record of which agent did what.

The security math is unambiguous. Organizations with credential sharing anywhere experienced incidents at a 63.5% rate, versus 40.9% where every agent has its own scoped identity. Only 32% of enterprises give each agent a managed, scoped identity today.

The market has noticed. Palo Alto Networks completed its $25 billion acquisition of CyberArk in February 2026 and rebranded it as Idira, a next-generation identity platform for AI agent access and authorization. CrowdStrike closed its $740 million acquisition of SGNL and shipped Continuous Identity for AI Agents by June 15, using SPIFFE-based cryptographic identities that dynamically grant, deny, and revoke access based on real-time risk. Cisco acquired Astrix Security for $400 million, targeting the API keys, service accounts, and OAuth tokens that agents use to execute work at scale.

Combined: more than $26 billion in acquisitions targeting the single control layer most enterprises haven't built yet.

Layer 2: Evaluation — Is the Agent's Work Any Good?

Two-thirds of enterprises already permit agents to push changes to production on automated evaluations alone — or are engineering their pipelines to do so within 12 months. The problem: only 5% fully trust those evaluations.

Half of enterprises shipped an agent that passed internal evaluations and then caused a customer-facing failure. One in four watched it happen more than once. The most common weakness cited: "poor alignment with real-world outcomes" (29% of respondents). Once agents are live, only 23% run real-time quality checks on outputs. Another 51% monitor uptime only — the system is running, but nobody is checking whether the answers are right.

The NIST Generative AI Profile makes the same point: measurements gathered in controlled environments may not transfer to deployment because behavior changes with prompts, users, context, and operating conditions.

Layer 3: Cost Telemetry — What Does Each Agent Actually Cost?

Twenty-seven percent of enterprises exercise only reactive control of agent spend — they learn what an agent costs when the invoice arrives, with no per-agent budget or ceiling in place. Only 44% rigorously track what their AI compute actually costs and returns. Everyone else is estimating.

This measurement gap is compounded by the GPU underutilization crisis. Despite 86% of enterprises reporting GPU utilization at 50% or less, 45% say the emerging compute option they are most likely to evaluate next is an AI-specialized neocloud (CoreWeave, Lambda, Crusoe, Nebius). Under 2% actually use one today. Enterprises are shopping for more compute before measuring what they already own.

The FinOps Foundation's 2026 State of FinOps report found that 98% of FinOps teams now manage AI spend, up from 31% — but 41% of enterprises still waste 15% or more of their AI budgets on idle or poorly allocated resources.

Layer 4: Context — What Business Data Do Agents Read?

Fifty-seven percent of enterprises traced at least one confident, wrong agent answer to their own missing or inconsistent business context: wrong metrics, stale definitions, absent documents. Most saw it happen repeatedly.

The fix is a governed semantic layer — one authoritative definition of the business that every AI reads from. Only 25% of enterprises run one in production. Thirty-four percent are building one. Forty-one percent haven't started.

Microsoft's IQ platform targets exactly this layer, unifying siloed enterprise data into the single source of truth that feeds enterprise agents. ServiceNow's AI Control Tower took a similar approach, positioning its platform as the orchestration layer that ensures agents read from governed business definitions.

Layer 5: Orchestration — Who Coordinates Multi-Step Work?

Here is where the "agentwashing" problem becomes measurable. Seventy-one percent of enterprises say a quarter or fewer of their deployed "agents" can complete multi-step work on their own. Only 10% say true agents are the majority. The rest are single-prompt chatbots — what Gartner calls "agentwashing."

This matters because the label determines the bill. A chatbot with a human reading every answer needs none of the identity, evaluation, or cost controls this report covers. A true multi-step agent needs all of them. The inflated adoption figures — Zapier's survey shows 72% deploying autonomous agents, Writer's survey shows 97% — are the benchmarks boards use to pressure technical leaders into moving faster. VentureBeat's data says the real bar is far lower than headlines suggest.


Why This Matters

For CIOs and CTOs: The Vendor Lock-In Shift

The survey captured a significant shift in enterprise priorities. In spring 2026, the top concern about provider-controlled orchestration was security and permissioning limits (32%). By June, vendor lock-in led at roughly a third. The likely catalyst: the June 12 Commerce Department export order that took Anthropic's Claude Fable 5 offline for nearly three weeks, followed by open-weight releases from Z.ai's GLM-5.2 (MIT license, one-sixth the price of GPT-5.5) and Tencent's Hy3 (Apache 2.0).

The posture data reflects this: 51% now expect their primary control plane to be hybrid — provider-native plus external orchestration — by end of 2026, up from 34% in spring. Enterprises relying purely on provider-managed agent services fell from 12% to 7%.

For CFOs: The $26 Billion Signal

The security vendors are spending $26 billion on acquisitions because the enterprises haven't spent enough on controls. According to Gartner, spending on dedicated AI governance platforms will reach $492 million in 2026, growing to more than $1 billion by 2030. But the real spending is in the adjacent categories: agent identity, evaluation tooling, cost telemetry, and semantic layer infrastructure. Combined, the AI agent market is projected to grow from $10.9 billion in 2026 to $182.9 billion by 2033, a 49.6% CAGR.

The GPU underutilization alone represents billions in wasted capital. An NVIDIA H100 SXM5 8-GPU server costs $250,000–$350,000. At 50% utilization, enterprises are burning $125,000–$175,000 per server per year in idle capacity. Multiply across fleet sizes and the write-down risk is enormous.

For Business Leaders: The Cancellation Cliff

Gartner predicts more than 40% of agentic AI projects will be canceled by 2027. The causes: escalating costs, unclear business value, and inadequate risk controls. Forbes contributor Robert Szczerba argues the coming cancellation wave is "a management problem wearing a technology costume." Gartner estimates only about 130 of the thousands of vendors claiming agentic AI capabilities are genuine.

Deloitte's 2026 State of AI in the Enterprise report found that 74% of companies plan to deploy sophisticated AI agents within two years — but deployment is no longer the hardest part. Redesigning work, defining governance for autonomy, and measuring value clearly are where projects die.


Framework 1: Agentic Control Stack Readiness Assessment

Score your organization across all five layers (1–5 points each, max 25):

Identity Layer (1–5 points)

Score Criteria
1 Agents share API keys or human credentials. No inventory of agent identities.
2 Partial inventory exists. Some agents have dedicated service accounts, many share.
3 Majority of agents have scoped identities. Credential rotation is manual.
4 All production agents have scoped, managed identities. Automated rotation in place.
5 Cryptographic (SPIFFE-based) identities per agent. Real-time dynamic authorization. Zero standing privileges.

Evaluation Layer (1–5 points)

Score Criteria
1 No automated evaluation. Ship based on manual spot-checking.
2 Pre-deployment evals exist but not tested against production outcomes.
3 Pre-deployment evals validated against production data. No real-time monitoring.
4 Real-time quality monitoring on agent outputs. Production incidents feed back into eval suite.
5 Continuous regression testing against production outcomes. Every failure becomes a permanent test case. Repeatability measured as a first-class metric.

Cost Telemetry Layer (1–5 points)

Score Criteria
1 Learn agent costs when invoice arrives. No per-agent budget tracking.
2 Aggregate AI spend tracked. No per-agent or per-workload attribution.
3 Per-workload cost tracking in place. No automated budget ceilings.
4 Per-agent cost attribution with automated alerts. GPU utilization tracked at workload level.
5 Real-time per-agent cost dashboards. Automated budget ceilings with kill switches. GPU utilization rigorously tracked and optimized above 70%.

Context Layer (1–5 points)

Score Criteria
1 No governed definitions. Agents pull from whatever data they can reach.
2 Some key metrics and entities defined, but not enforced across all agents.
3 Governed semantic layer under construction. Core metrics unified.
4 Semantic layer in production. All agents read from governed definitions. Periodic audits.
5 Real-time governed semantic layer. Automated drift detection. Version-controlled business definitions with change management.

Orchestration Layer (1–5 points)

Score Criteria
1 No orchestration. Individual agents deployed ad hoc. No multi-step coordination.
2 Basic workflow tooling. Agents primarily single-prompt with human-in-the-loop.
3 Multi-step agent workflows in production for some use cases. Hybrid control plane (provider + external).
4 Centralized control plane. Agent portability across providers. Rollback capabilities.
5 Full hybrid orchestration. Multi-provider agent portability. Real-time monitoring with automated intervention. Disaster recovery tested.

Scoring Interpretation

Total Score Readiness Level Recommended Action
5–10 Critical Gap Stop deploying new agents. Audit existing fleet for shared credentials and unmonitored access.
11–15 Below Baseline Prioritize identity and cost layers. Establish per-agent budgets. Begin semantic layer buildout.
16–19 Progressing Close evaluation and orchestration gaps. Test evals against production outcomes. Build hybrid control plane.
20–22 Advanced Optimize GPU utilization. Implement real-time dynamic authorization. Add continuous regression testing.
23–25 Production-Grade Focus on portability and multi-provider resilience. Benchmark against VB Transform Q3 survey data.

Based on VentureBeat's data, the median enterprise likely scores 8–12 — firmly in the "Below Baseline" range.


Framework 2: 90-Day Agentic Control Retrofit Plan

For enterprises that deployed agents ahead of controls (which is most of them), here is a phased remediation plan:

Phase 1: Weeks 1–4 — Inventory and Triage

Goal: Know what you have and where the biggest risks are.

Week Action Success Criteria
1 Inventory all deployed agents — type (true agent vs. chatbot), credentials, data access, production status Complete agent registry with credential mapping
2 Classify agents by autonomy level: single-prompt, human-in-loop, multi-step autonomous Clear tier labels on each agent
3 Audit credential sharing. Identify all agents running on shared API keys or human credentials Shared credential map with blast-radius assessment
4 Measure GPU utilization per workload. Calculate idle cost per server Utilization report with dollar waste quantified

Expected outcome: A clear picture of how many "agents" are actually chatbots (likely 75%+), which credentials are shared (likely 69%), and how much GPU capacity is wasted (likely 50%+).

Phase 2: Weeks 5–8 — Close the Identity and Cost Gaps

Goal: Eliminate the two highest-risk attack surfaces.

Week Action Success Criteria
5–6 Assign scoped, managed identities to every production agent, starting with agents that touch customer data or financial systems Zero shared credentials on high-risk agents
7 Implement per-agent cost tracking with automated budget ceilings Per-agent cost dashboards live
8 Consolidate or decommission GPUs running below 30% utilization. Migrate bursty workloads to serverless/neocloud Utilization above 50% on all retained hardware

Expected outcome: Incident rate drops from ~63% (credential sharing) toward ~41% (scoped identities). GPU waste reduced by 30–50%.

Phase 3: Weeks 9–12 — Evaluation and Context Governance

Goal: Ensure agent outputs are correct, not just operational.

Week Action Success Criteria
9 Test existing automated evaluations against production outcomes. Identify gaps between eval scores and customer-facing failures Eval-to-production alignment report
10 Convert every production incident and customer escalation into a permanent regression test Incident-driven test suite established
11 Begin governed semantic layer buildout: unify core metrics and entity definitions Core metrics catalog published
12 Implement real-time output quality monitoring (not just uptime) on top-priority agents Quality dashboards live on 3+ agents

Expected outcome: Eval trust improves from 5% baseline. Context-driven hallucinations reduced as agents read from governed definitions.


Market Context: The $26 Billion Control Stack Arms Race

The enterprise security industry is consolidating around agent governance at unprecedented speed:

Acquirer Target Deal Value Control Layer Status
Palo Alto Networks CyberArk (now Idira) $25B Identity Completed Feb 2026, GA May 2026
CrowdStrike SGNL $740M Identity Completed, product shipped June 2026
Cisco Astrix Security $400M Identity (NHI) Announced May 2026

These acquisitions total more than $26 billion — and they target just one of the five control layers. The evaluation, cost telemetry, context, and orchestration layers remain wide open, with no established incumbents. VentureBeat's data shows 57%–64% of enterprises plan to add or switch vendors across all five layers within 12 months.

The current default across all layers is the model provider's built-in tools — OpenAI's guardrails lead at 51%, followed by Google Cloud (36%), Microsoft Azure (35%), and Anthropic (29%). These defaults are winning on convenience, but they do not provide scoped identity or isolation, the two controls most correlated with lower incident rates.

The parallels to cloud security a decade ago are striking. Palo Alto Networks, CrowdStrike, and Wiz built multi-billion-dollar businesses on the gaps that native cloud controls left open. Agent security is tracking the same path — faster. As CrowdStrike CTO Elia Zaitsev put it at RSAC 2026: "Observing actual kinetic actions is a structured, solvable problem. Intent is not."

Forrester's 2026 agentic AI assessment, titled "Companies Are Chasing, Few Are Catching," found roughly three-quarters of enterprises adopting agentic AI but only a sliver running it in production. Forty-nine percent of security decision-makers flagged agentic AI as a concern. An academic study of agentic AI adoption across industrial firms placed most companies at the lowest rungs of an agent-maturity scale, with exactly one company reaching genuine multi-agent orchestration.


Case Study: From Credential Sharing to Scoped Identity at Scale

The VentureBeat data provides a natural experiment. Organizations that eliminated credential sharing everywhere in their agent fleet experienced a 40.9% incident rate. Those with credential sharing anywhere operated at 63.5% — a 55% higher risk.

One concrete example of the remediation path: CrowdStrike's Continuous Identity for AI Agents, shipped June 15, 2026, uses the SPIFFE open standard to assign every agent a cryptographically verifiable identity. Instead of sharing API keys, each agent gets a short-lived certificate that dynamically grants, denies, and revokes access based on the agent's owner, its calling context, and the device's real-time risk posture.

The practical lesson is straightforward. A financial services firm running 200 agents with 50 shared API keys faces exposure across every workflow those keys touch. Migrating to per-agent scoped identities — whether through CrowdStrike's SGNL-based solution, Palo Alto's Idira platform, or an in-house implementation — reduces the blast radius from "entire fleet" to "single agent." VentureBeat's data suggests this one change could cut incident rates by roughly 35%.

The UK's AI Safety Institute analyzed more than 177,000 agent tools built between late 2024 and early 2026 and found that "action" tools — those that send emails, change files, or move money rather than just describe it — rose from 24% to 65% of usage in 16 months. Agents are crossing from suggestion to action faster than controls can keep up. The credential-sharing problem is not static; it is compounding.


What to Do About It

For CIOs: Technical Next Steps

  1. Audit agent identities this quarter. The data is clear: credential sharing is the highest-correlation risk factor. Give every production agent a scoped, managed identity before adding new agents.
  2. Measure GPU utilization per workload, not per cluster. Eighty-six percent utilization below 50% means most enterprises should optimize existing compute before buying more — whether from neoclouds, AMD, or new NVIDIA hardware.
  3. Build a hybrid control plane. The majority (51%) expects hybrid orchestration by year-end. Start evaluating external orchestration tools that work across providers.

For CFOs: Financial Next Steps

  1. Quantify GPU waste in dollars. At current H100 prices, 50% idle capacity on a 10-server fleet burns $1.25–$1.75 million per year. This is a board-level write-down risk.
  2. Require per-agent cost attribution. Twenty-seven percent of enterprises lack it entirely. No agent should deploy without a budget ceiling and cost tracking.
  3. Watch the vendor switching wave. 57%–64% of enterprises plan to change vendors across five control layers. Your procurement team will be inundated. Build an evaluation framework now.

For Business Leaders: Strategic Next Steps

  1. Challenge "agentwashing" in your org. Ask the hard question: of deployed "agents," how many complete multi-step work autonomously? VentureBeat's data says it's probably fewer than 25%.
  2. Set success metrics before greenlighting pilots. Forbes' Robert Szczerba identifies three questions every executive should answer before funding an agent project: What is the success metric? What data does it need? When it fails, who owns the outcome?
  3. Plan for the retrofit, not just the rollout. Deloitte's data shows deployment is no longer the hardest part. Governance, value measurement, and rollback controls are where the next 18 months will be won or lost.

Continue Reading

Share:
THE DAILY BRIEF
AI Agent GovernanceEnterprise AI SecurityGPU UtilizationAgentic AI
54% Had AI Agent Incidents. 86% of GPUs Run Half-Empty.

VentureBeat survey of 573 leaders reveals enterprises deployed AI agents without governance. 54% already had incidents. Here's the 5-layer control stack and readiness assessment.

By Rajesh Beri·July 11, 2026·17 min read

By Rajesh Beri | July 11, 2026


Enterprise companies knowingly deployed AI agents before building the controls to govern them. Now they are paying for it — and scrambling to retrofit.

That is the central finding from VentureBeat Research's June 2026 survey of 573 technical leaders at companies with 100 or more employees. The survey spanned five parallel investigations of the "agentic stack" — identity, evaluation, cost telemetry, context, and orchestration — and found the same pattern in every layer: deployment ran ahead of governance, visibility, and cost control. Fifty-four percent of companies already experienced an agent security incident or near-miss in the past 12 months. Twenty-seven percent do not learn what an agent costs until the invoice arrives.

Meanwhile, the hardware enterprises bought to power these agents sits largely unused. Eighty-six percent of GPU operators report utilization of 50% or less — the most expensive equipment in the building, running at no more than half capacity. Wall Street has spent the quarter debating whether the AI buildout is overbuilt. Enterprises just answered: it is underused.

The spending response tells the real story. Roughly six in 10 enterprises plan to switch or add vendors in each of the five control layers within the next 12 months. A third plan to move within the quarter. No layer has an established incumbent. The AI governance market, valued at roughly $492 million in 2026, is projected to exceed $1 billion by 2030. This is not a technology story. It is a $22 billion buying spree that has already begun.


The Five-Layer Agentic Control Gap

VentureBeat's research reveals that enterprises need governance across five distinct layers — and most are inadequately covered in all of them.

Layer 1: Identity — Who Is This Agent?

Sixty-nine percent of enterprises run credential sharing somewhere in their agent fleet. Multiple agents operate under one API key or service account, which means a single compromised agent inherits the reach of every workflow the key touches. The forensic trail goes cold at the credential level — five agents on one account leave no record of which agent did what.

The security math is unambiguous. Organizations with credential sharing anywhere experienced incidents at a 63.5% rate, versus 40.9% where every agent has its own scoped identity. Only 32% of enterprises give each agent a managed, scoped identity today.

The market has noticed. Palo Alto Networks completed its $25 billion acquisition of CyberArk in February 2026 and rebranded it as Idira, a next-generation identity platform for AI agent access and authorization. CrowdStrike closed its $740 million acquisition of SGNL and shipped Continuous Identity for AI Agents by June 15, using SPIFFE-based cryptographic identities that dynamically grant, deny, and revoke access based on real-time risk. Cisco acquired Astrix Security for $400 million, targeting the API keys, service accounts, and OAuth tokens that agents use to execute work at scale.

Combined: more than $26 billion in acquisitions targeting the single control layer most enterprises haven't built yet.

Layer 2: Evaluation — Is the Agent's Work Any Good?

Two-thirds of enterprises already permit agents to push changes to production on automated evaluations alone — or are engineering their pipelines to do so within 12 months. The problem: only 5% fully trust those evaluations.

Half of enterprises shipped an agent that passed internal evaluations and then caused a customer-facing failure. One in four watched it happen more than once. The most common weakness cited: "poor alignment with real-world outcomes" (29% of respondents). Once agents are live, only 23% run real-time quality checks on outputs. Another 51% monitor uptime only — the system is running, but nobody is checking whether the answers are right.

The NIST Generative AI Profile makes the same point: measurements gathered in controlled environments may not transfer to deployment because behavior changes with prompts, users, context, and operating conditions.

Layer 3: Cost Telemetry — What Does Each Agent Actually Cost?

Twenty-seven percent of enterprises exercise only reactive control of agent spend — they learn what an agent costs when the invoice arrives, with no per-agent budget or ceiling in place. Only 44% rigorously track what their AI compute actually costs and returns. Everyone else is estimating.

This measurement gap is compounded by the GPU underutilization crisis. Despite 86% of enterprises reporting GPU utilization at 50% or less, 45% say the emerging compute option they are most likely to evaluate next is an AI-specialized neocloud (CoreWeave, Lambda, Crusoe, Nebius). Under 2% actually use one today. Enterprises are shopping for more compute before measuring what they already own.

The FinOps Foundation's 2026 State of FinOps report found that 98% of FinOps teams now manage AI spend, up from 31% — but 41% of enterprises still waste 15% or more of their AI budgets on idle or poorly allocated resources.

Layer 4: Context — What Business Data Do Agents Read?

Fifty-seven percent of enterprises traced at least one confident, wrong agent answer to their own missing or inconsistent business context: wrong metrics, stale definitions, absent documents. Most saw it happen repeatedly.

The fix is a governed semantic layer — one authoritative definition of the business that every AI reads from. Only 25% of enterprises run one in production. Thirty-four percent are building one. Forty-one percent haven't started.

Microsoft's IQ platform targets exactly this layer, unifying siloed enterprise data into the single source of truth that feeds enterprise agents. ServiceNow's AI Control Tower took a similar approach, positioning its platform as the orchestration layer that ensures agents read from governed business definitions.

Layer 5: Orchestration — Who Coordinates Multi-Step Work?

Here is where the "agentwashing" problem becomes measurable. Seventy-one percent of enterprises say a quarter or fewer of their deployed "agents" can complete multi-step work on their own. Only 10% say true agents are the majority. The rest are single-prompt chatbots — what Gartner calls "agentwashing."

This matters because the label determines the bill. A chatbot with a human reading every answer needs none of the identity, evaluation, or cost controls this report covers. A true multi-step agent needs all of them. The inflated adoption figures — Zapier's survey shows 72% deploying autonomous agents, Writer's survey shows 97% — are the benchmarks boards use to pressure technical leaders into moving faster. VentureBeat's data says the real bar is far lower than headlines suggest.


Why This Matters

For CIOs and CTOs: The Vendor Lock-In Shift

The survey captured a significant shift in enterprise priorities. In spring 2026, the top concern about provider-controlled orchestration was security and permissioning limits (32%). By June, vendor lock-in led at roughly a third. The likely catalyst: the June 12 Commerce Department export order that took Anthropic's Claude Fable 5 offline for nearly three weeks, followed by open-weight releases from Z.ai's GLM-5.2 (MIT license, one-sixth the price of GPT-5.5) and Tencent's Hy3 (Apache 2.0).

The posture data reflects this: 51% now expect their primary control plane to be hybrid — provider-native plus external orchestration — by end of 2026, up from 34% in spring. Enterprises relying purely on provider-managed agent services fell from 12% to 7%.

For CFOs: The $26 Billion Signal

The security vendors are spending $26 billion on acquisitions because the enterprises haven't spent enough on controls. According to Gartner, spending on dedicated AI governance platforms will reach $492 million in 2026, growing to more than $1 billion by 2030. But the real spending is in the adjacent categories: agent identity, evaluation tooling, cost telemetry, and semantic layer infrastructure. Combined, the AI agent market is projected to grow from $10.9 billion in 2026 to $182.9 billion by 2033, a 49.6% CAGR.

The GPU underutilization alone represents billions in wasted capital. An NVIDIA H100 SXM5 8-GPU server costs $250,000–$350,000. At 50% utilization, enterprises are burning $125,000–$175,000 per server per year in idle capacity. Multiply across fleet sizes and the write-down risk is enormous.

For Business Leaders: The Cancellation Cliff

Gartner predicts more than 40% of agentic AI projects will be canceled by 2027. The causes: escalating costs, unclear business value, and inadequate risk controls. Forbes contributor Robert Szczerba argues the coming cancellation wave is "a management problem wearing a technology costume." Gartner estimates only about 130 of the thousands of vendors claiming agentic AI capabilities are genuine.

Deloitte's 2026 State of AI in the Enterprise report found that 74% of companies plan to deploy sophisticated AI agents within two years — but deployment is no longer the hardest part. Redesigning work, defining governance for autonomy, and measuring value clearly are where projects die.


Framework 1: Agentic Control Stack Readiness Assessment

Score your organization across all five layers (1–5 points each, max 25):

Identity Layer (1–5 points)

Score Criteria
1 Agents share API keys or human credentials. No inventory of agent identities.
2 Partial inventory exists. Some agents have dedicated service accounts, many share.
3 Majority of agents have scoped identities. Credential rotation is manual.
4 All production agents have scoped, managed identities. Automated rotation in place.
5 Cryptographic (SPIFFE-based) identities per agent. Real-time dynamic authorization. Zero standing privileges.

Evaluation Layer (1–5 points)

Score Criteria
1 No automated evaluation. Ship based on manual spot-checking.
2 Pre-deployment evals exist but not tested against production outcomes.
3 Pre-deployment evals validated against production data. No real-time monitoring.
4 Real-time quality monitoring on agent outputs. Production incidents feed back into eval suite.
5 Continuous regression testing against production outcomes. Every failure becomes a permanent test case. Repeatability measured as a first-class metric.

Cost Telemetry Layer (1–5 points)

Score Criteria
1 Learn agent costs when invoice arrives. No per-agent budget tracking.
2 Aggregate AI spend tracked. No per-agent or per-workload attribution.
3 Per-workload cost tracking in place. No automated budget ceilings.
4 Per-agent cost attribution with automated alerts. GPU utilization tracked at workload level.
5 Real-time per-agent cost dashboards. Automated budget ceilings with kill switches. GPU utilization rigorously tracked and optimized above 70%.

Context Layer (1–5 points)

Score Criteria
1 No governed definitions. Agents pull from whatever data they can reach.
2 Some key metrics and entities defined, but not enforced across all agents.
3 Governed semantic layer under construction. Core metrics unified.
4 Semantic layer in production. All agents read from governed definitions. Periodic audits.
5 Real-time governed semantic layer. Automated drift detection. Version-controlled business definitions with change management.

Orchestration Layer (1–5 points)

Score Criteria
1 No orchestration. Individual agents deployed ad hoc. No multi-step coordination.
2 Basic workflow tooling. Agents primarily single-prompt with human-in-the-loop.
3 Multi-step agent workflows in production for some use cases. Hybrid control plane (provider + external).
4 Centralized control plane. Agent portability across providers. Rollback capabilities.
5 Full hybrid orchestration. Multi-provider agent portability. Real-time monitoring with automated intervention. Disaster recovery tested.

Scoring Interpretation

Total Score Readiness Level Recommended Action
5–10 Critical Gap Stop deploying new agents. Audit existing fleet for shared credentials and unmonitored access.
11–15 Below Baseline Prioritize identity and cost layers. Establish per-agent budgets. Begin semantic layer buildout.
16–19 Progressing Close evaluation and orchestration gaps. Test evals against production outcomes. Build hybrid control plane.
20–22 Advanced Optimize GPU utilization. Implement real-time dynamic authorization. Add continuous regression testing.
23–25 Production-Grade Focus on portability and multi-provider resilience. Benchmark against VB Transform Q3 survey data.

Based on VentureBeat's data, the median enterprise likely scores 8–12 — firmly in the "Below Baseline" range.


Framework 2: 90-Day Agentic Control Retrofit Plan

For enterprises that deployed agents ahead of controls (which is most of them), here is a phased remediation plan:

Phase 1: Weeks 1–4 — Inventory and Triage

Goal: Know what you have and where the biggest risks are.

Week Action Success Criteria
1 Inventory all deployed agents — type (true agent vs. chatbot), credentials, data access, production status Complete agent registry with credential mapping
2 Classify agents by autonomy level: single-prompt, human-in-loop, multi-step autonomous Clear tier labels on each agent
3 Audit credential sharing. Identify all agents running on shared API keys or human credentials Shared credential map with blast-radius assessment
4 Measure GPU utilization per workload. Calculate idle cost per server Utilization report with dollar waste quantified

Expected outcome: A clear picture of how many "agents" are actually chatbots (likely 75%+), which credentials are shared (likely 69%), and how much GPU capacity is wasted (likely 50%+).

Phase 2: Weeks 5–8 — Close the Identity and Cost Gaps

Goal: Eliminate the two highest-risk attack surfaces.

Week Action Success Criteria
5–6 Assign scoped, managed identities to every production agent, starting with agents that touch customer data or financial systems Zero shared credentials on high-risk agents
7 Implement per-agent cost tracking with automated budget ceilings Per-agent cost dashboards live
8 Consolidate or decommission GPUs running below 30% utilization. Migrate bursty workloads to serverless/neocloud Utilization above 50% on all retained hardware

Expected outcome: Incident rate drops from ~63% (credential sharing) toward ~41% (scoped identities). GPU waste reduced by 30–50%.

Phase 3: Weeks 9–12 — Evaluation and Context Governance

Goal: Ensure agent outputs are correct, not just operational.

Week Action Success Criteria
9 Test existing automated evaluations against production outcomes. Identify gaps between eval scores and customer-facing failures Eval-to-production alignment report
10 Convert every production incident and customer escalation into a permanent regression test Incident-driven test suite established
11 Begin governed semantic layer buildout: unify core metrics and entity definitions Core metrics catalog published
12 Implement real-time output quality monitoring (not just uptime) on top-priority agents Quality dashboards live on 3+ agents

Expected outcome: Eval trust improves from 5% baseline. Context-driven hallucinations reduced as agents read from governed definitions.


Market Context: The $26 Billion Control Stack Arms Race

The enterprise security industry is consolidating around agent governance at unprecedented speed:

Acquirer Target Deal Value Control Layer Status
Palo Alto Networks CyberArk (now Idira) $25B Identity Completed Feb 2026, GA May 2026
CrowdStrike SGNL $740M Identity Completed, product shipped June 2026
Cisco Astrix Security $400M Identity (NHI) Announced May 2026

These acquisitions total more than $26 billion — and they target just one of the five control layers. The evaluation, cost telemetry, context, and orchestration layers remain wide open, with no established incumbents. VentureBeat's data shows 57%–64% of enterprises plan to add or switch vendors across all five layers within 12 months.

The current default across all layers is the model provider's built-in tools — OpenAI's guardrails lead at 51%, followed by Google Cloud (36%), Microsoft Azure (35%), and Anthropic (29%). These defaults are winning on convenience, but they do not provide scoped identity or isolation, the two controls most correlated with lower incident rates.

The parallels to cloud security a decade ago are striking. Palo Alto Networks, CrowdStrike, and Wiz built multi-billion-dollar businesses on the gaps that native cloud controls left open. Agent security is tracking the same path — faster. As CrowdStrike CTO Elia Zaitsev put it at RSAC 2026: "Observing actual kinetic actions is a structured, solvable problem. Intent is not."

Forrester's 2026 agentic AI assessment, titled "Companies Are Chasing, Few Are Catching," found roughly three-quarters of enterprises adopting agentic AI but only a sliver running it in production. Forty-nine percent of security decision-makers flagged agentic AI as a concern. An academic study of agentic AI adoption across industrial firms placed most companies at the lowest rungs of an agent-maturity scale, with exactly one company reaching genuine multi-agent orchestration.


Case Study: From Credential Sharing to Scoped Identity at Scale

The VentureBeat data provides a natural experiment. Organizations that eliminated credential sharing everywhere in their agent fleet experienced a 40.9% incident rate. Those with credential sharing anywhere operated at 63.5% — a 55% higher risk.

One concrete example of the remediation path: CrowdStrike's Continuous Identity for AI Agents, shipped June 15, 2026, uses the SPIFFE open standard to assign every agent a cryptographically verifiable identity. Instead of sharing API keys, each agent gets a short-lived certificate that dynamically grants, denies, and revokes access based on the agent's owner, its calling context, and the device's real-time risk posture.

The practical lesson is straightforward. A financial services firm running 200 agents with 50 shared API keys faces exposure across every workflow those keys touch. Migrating to per-agent scoped identities — whether through CrowdStrike's SGNL-based solution, Palo Alto's Idira platform, or an in-house implementation — reduces the blast radius from "entire fleet" to "single agent." VentureBeat's data suggests this one change could cut incident rates by roughly 35%.

The UK's AI Safety Institute analyzed more than 177,000 agent tools built between late 2024 and early 2026 and found that "action" tools — those that send emails, change files, or move money rather than just describe it — rose from 24% to 65% of usage in 16 months. Agents are crossing from suggestion to action faster than controls can keep up. The credential-sharing problem is not static; it is compounding.


What to Do About It

For CIOs: Technical Next Steps

  1. Audit agent identities this quarter. The data is clear: credential sharing is the highest-correlation risk factor. Give every production agent a scoped, managed identity before adding new agents.
  2. Measure GPU utilization per workload, not per cluster. Eighty-six percent utilization below 50% means most enterprises should optimize existing compute before buying more — whether from neoclouds, AMD, or new NVIDIA hardware.
  3. Build a hybrid control plane. The majority (51%) expects hybrid orchestration by year-end. Start evaluating external orchestration tools that work across providers.

For CFOs: Financial Next Steps

  1. Quantify GPU waste in dollars. At current H100 prices, 50% idle capacity on a 10-server fleet burns $1.25–$1.75 million per year. This is a board-level write-down risk.
  2. Require per-agent cost attribution. Twenty-seven percent of enterprises lack it entirely. No agent should deploy without a budget ceiling and cost tracking.
  3. Watch the vendor switching wave. 57%–64% of enterprises plan to change vendors across five control layers. Your procurement team will be inundated. Build an evaluation framework now.

For Business Leaders: Strategic Next Steps

  1. Challenge "agentwashing" in your org. Ask the hard question: of deployed "agents," how many complete multi-step work autonomously? VentureBeat's data says it's probably fewer than 25%.
  2. Set success metrics before greenlighting pilots. Forbes' Robert Szczerba identifies three questions every executive should answer before funding an agent project: What is the success metric? What data does it need? When it fails, who owns the outcome?
  3. Plan for the retrofit, not just the rollout. Deloitte's data shows deployment is no longer the hardest part. Governance, value measurement, and rollback controls are where the next 18 months will be won or lost.

Continue Reading

THE DAILY BRIEF

Enterprise AI insights for technology and business leaders, twice weekly.

beri.net

Subscribe at beri.net/subscribe for twice-weekly AI insights delivered to your inbox.

LinkedIn: linkedin.com/in/rberi  |  X: x.com/rajeshberi

© 2026 Rajesh Beri. All rights reserved.

Frequently Asked Questions

What did VentureBeat's 2026 survey of 573 leaders find about AI agent governance?

VentureBeat Research surveyed 573 technical leaders at companies with 100+ employees in June 2026 and found deployment ran ahead of controls across all five layers of the agentic stack. 54% had an agent security incident or near-miss in the past 12 months, and 86% of GPU operators reported utilization of 50% or less.

What are the five layers of the agentic control stack?

The five layers are: identity (giving each agent a scoped, managed identity instead of shared API keys), evaluation (verifying agent output quality, not just uptime), cost telemetry (per-agent budgets and ceilings), context (a governed semantic layer of authoritative business definitions), and orchestration (coordinating multi-step work across providers).

Why are 86% of enterprise GPUs running at half capacity or less?

Enterprises bought GPU hardware ahead of the workloads and cost telemetry to use it efficiently. Only 44% rigorously track what their AI compute costs and returns, so idle capacity goes unmeasured. At H100 prices of $250,000-$350,000 per 8-GPU server, 50% utilization can burn $125,000-$175,000 per server per year in wasted capital.

Newsletter

Stay Ahead of the Curve

Weekly enterprise AI insights for technology leaders. No spam, no vendor pitches—unsubscribe anytime.

Subscribe