A survey of more than 1,600 IT and security leaders, published this week by Rubrik Zero Labs, confirms what many security professionals have suspected — the gap between agentic AI adoption and the ability to secure it is not closing. It is widening.

The headline figure is striking: 86 percent of respondents expect AI agents to outpace their organisation’s security guardrails within the next twelve months. But the more telling number is this: only 23 percent of those surveyed report having full visibility into the agents operating in their own environments. Rubrik’s researchers note that even this figure is likely overstated — respondents tend to overestimate their own observability.

The report identifies three compounding failures. The first is an identity problem. Every deployed agent carries what the industry calls a non-human identity — a set of credentials, service accounts, and API keys that grant it access to systems and data. These identities are proliferating faster than organisations can track them. Unlike human employees, they do not clock off, do not require re-authentication, and often carry permissions that were never designed to be persistent. Researchers have taken to calling this accumulation a “shadow workforce” — a growing body of autonomous actors that exist largely outside normal governance frameworks. Independent research from the Cloud Security Alliance puts the current machine-to-human identity ratio in enterprise environments at approximately 100-to-1.

The second failure is operational. More than 80 percent of respondents report that their deployed agents require more manual oversight than the efficiency those agents generate. The productivity case for agentic AI is real, but it is not yet being realised at scale — at least not without significant human intervention to keep things running correctly.

The third failure may be the most consequential: 88 percent of respondents say they cannot roll back agent actions without causing wider system disruption. This is the recovery problem, and it matters because agentic systems do not simply fail — they act. A misconfigured or compromised agent does not produce an error message. It sends emails, modifies records, executes transactions, and moves data. The window to reverse that damage is often narrow and, according to this research, most organisations are not equipped to act within it.

The threat picture is accelerating in parallel. Close to half of respondents expect agentic systems to become the dominant vector for attacks within the coming year — a finding that aligns with a Dark Reading readership poll from earlier this year, in which 48 percent of cybersecurity professionals ranked agentic AI and autonomous systems as their top security concern for 2026.

The Rubrik report is vendor research, and it is worth noting that Rubrik has a direct commercial interest in the problem it is describing — the company sells both data protection and AI agent governance tools. That context does not invalidate the findings, which are consistent with independent research published by the Cloud Security Alliance, CyberArk, and others. But it is worth holding in mind.

What the data collectively describes is an enterprise sector that moved into agentic AI at speed and is now confronting the governance infrastructure it skipped. Identity management, audit trails, rollback capability, and access controls — the foundational security work that typically precedes a major technology deployment — are being retrofitted after the fact, in live environments, while the agents continue to run.

For business and technology leaders, the practical question is no longer whether to deploy agents. It is whether the organisation can answer three basic questions about the ones it has already deployed: what are they accessing, what are they authorised to do, and what happens when something goes wrong?