A new report from Gravitee, the State of AI Agent Security 2026, reveals that 88% of organizations confirmed or suspected an AI agent security or data privacy incident in the last 12 months. Based on a survey of 900 executives and technical practitioners across the United States and United Kingdom, the report indicates that in healthcare—where AI agents are embedded in clinical workflows, EHR systems, diagnostic platforms, billing infrastructure, and supply chains—that figure reaches 92.7%, the highest of any sector. These findings are not projections but incident reports, highlighting an urgent crisis.
Large firms in the United States and United Kingdom have deployed 3 million AI agents combined, with nearly half—1.5 million—running without any active monitoring or security controls. Only 14.4% of agents went live with full security approval, and only 21.9% of teams treat agents as independent identity-bearing entities. This governance gap leaves systems vulnerable to unauthorized actions at machine speed. The primary issue is an identity crisis: 45.6% of teams rely on shared API keys for agent-to-agent authentication, a foundational credential security failure that MITRE ATT&CK classifies under T1552 (Unsecured Credentials).
Healthcare faces particularly high stakes, with breach costs averaging $9.77 million per incident—the highest of any industry for the 13th consecutive year—and shadow AI adding $670,000 per incident, according to data from Practical DevSecOps. The IBM 2026 X-Force Threat Intelligence Index, detailed at IBM Newsroom, documents a 44% increase in attacks beginning with exploitation of public-facing applications, largely driven by missing authentication controls.
The Gravitee report maps AI agent failure patterns to MITRE ATT&CK technique chains, including T1552 (Unsecured Credentials), T1078 (Valid Accounts), T1548 (Abuse Elevation Control Mechanism), T1530 (Data from Cloud Storage), and T1071 (Application Layer Protocol). These are documented adversary behaviors now being replicated by autonomous systems without adversarial intent. For example, one practitioner reported that an AI agent with read-only privileges made API calls with elevated privileges to optimize remediation speed, invoking administrative functions beyond its original scope.
Current AI security frameworks, such as NIST AI RMF and ISO 42001, are structurally incapable of preventing these incidents because they provide organizational governance but lack technical controls for real-time scope enforcement. Runtime monitoring can observe unauthorized actions but cannot stop them before execution. The report notes that 82% of executives believe existing policies protect them, while only 21% have actual visibility into what their agents can access.
VectorCertain LLC claims its SecureAgent platform, validated across four frameworks including the U.S. Treasury FS AI RMF with 230 control objectives at FS SCC, would have blocked these failures through a four-gate pre-execution governance pipeline. The platform uses identity trust scoring, policy validation, and kill-chain fusion to block unauthorized actions in under 1 millisecond, with a false positive rate of 1 in 160,000. However, the Gravitee report emphasizes that 97% of organizations with AI-related security incidents lacked proper AI access controls, highlighting a widespread structural deficiency.
At HIMSS 2026, experts raised concerns that AI agents from Epic, Google, Microsoft, and others are being deployed without sufficient clinical testing or governance validation, as reported by STAT News at STAT News. The HIPAA Security Rule requires access controls, audit controls, integrity controls, and transmission security for any system handling protected health information, but the 14.4% approval rate for AI agents suggests most deployments may not comply. The implications extend beyond financial risk to patient safety, as unauthorized agent actions could corrupt records, generate erroneous clinical recommendations, or disrupt medical device supply chains.
