2025AI智能体：企业网络安全新型攻击面调查报告

A global survey of security andIT professionals and executives Introduction This paper presents key findings from aglobal primary research survey conductedby independent firm Dimensional Research.Through this research, SailPoint aimed toexamine the current use, adoption, andgovernance of AI agents, with a particularfocus on the distinct risks their identitiespresent compared to those of human andmachine identities. It explores issues suchas unintended actions, gaps in governance,and the underlying causes of AI agent risk, aswell as the extent to which organizations areleveraging identity security tools to provisionand manage these identities. Executive summary Research shows a concerning 82% of companies now utilize AI agents, with over halfreporting these agents access sensitive data daily. Alarmingly, 80% of organizations haveexperienced unintended actions from their AI agents, including inappropriate data sharingand unauthorized system access. Some AI agents have even been coerced into revealingaccess credentials. This lack of control has led 96% of technology professionals to identify AI agents as agrowing security threat—66% believe this risk is immediate, while 30% see it emerging inthe near future. The primary concerns include inadequate data access and data sharingcontrols and unpredictable AI agent behaviors. These agents handle diverse sensitiveinformation including customer data, financial records, intellectual property, legaldocuments, and supply chain transactions. While 92% of respondents recognizeAI agent governance as crucial toenterprise security, only 44% haveimplemented relevant policies.Although 71% of IT departmentsclaim awareness of AI agent dataaccess, this knowledge extendsto compliance, legal, or executiveteams in less than half of thesurveyed companies. Those surveyed indicated that AI agents pose a greater risk than both machine and humanidentities. Unlike traditional identities, AI agents often require broader privileges acrossmore systems, data, and services. They are also more difficult to govern, with rapid accesstypically provisioned directly within IT. Despite these concerns, just over 60% of companiesemploy identity security solutions to manage access. With 98% of organizations planning todeploy new AI agents within the year, data exposure risks are escalating rapidly. The business value of AI agents is undisputed, but the potential consequencesof compromised sensitive data could be devastating. Companies urgently needcomprehensive solutions to govern access permissions and monitor and control whichsystems and data AI agents are accessing. Key findings Things of note:In the survey the term “AI agents” (also known asAgentic AI) was defined asautonomous systems that perceive, make decisions, and take action to achieve specific goals within anenvironment. AI agents or Agentic AI often require several different machine identities to access neededdata, applications and services. AI agent use is already pervasive but unintended actions are exposing sensitive data •82% of companies are already using AI agents•53% acknowledge AI agents are accessing sensitive information•80% reveal AI agents have performed unintended actions of accessing and sharinginappropriate data Growing security risk driven by diverse data access and lack of governance and auditability •66% state AI agents are a growing security risk•Numerous data control issues are driving AI agent security risk•Numerous teams already using AI agents•92% state governing AI agents is paramount to enterprise security•Only 44% currently have any governance policies in place for AI agents AI agents lead identity risks with broader access and truncated visibility and approvalprocesses •72% state AI agents pose a greater risk than machine identities•64% confirm that AI agents require multiple identities to access necessary data,applications, and systems•AI agents require broader privileges and are harder to govern, with faster access and limitedapproval processes Detailed findings AI agents with access to sensitive data are used daily bymost companies AI adoption is nearly a ubiquitous topic today among most organizations, along withgenerative AI, large language models (LLM), and AI-based analytics. However, this researchfinds that the use of AI agents, also known as Agentic AI has surged, as 82% of companiesstate they are using AI agents today. AI agents tend to be goal-based where a task is given to the AI agent and it must findthe information and resources to satisfy that request. As such, technology professionalsshared that more than half (53%) of AI agents are accessing sensitive information. And58% of those AI agents are accessing that sensitive information daily. The chart belowalso reveals that 10% don’t know if AI agents are accessing sensitive data, a concerningand reoccurring finding throughout this report. AI agents access and share inappropriate and sensitivedata While many studies have focused on