Deloitte Report Warns of AI Agent Security Risks as Enterprise Adoption Grows
A report from the Deloitte AI Institute indicates that 74% of organizations intend to implement agentic AI within the next two years, although merely 21% possess well-established governance frameworks for these autonomous technologies. Andrew Rafla, a principal at Deloitte Cyber Practice, warns that without a centralized control mechanism, companies may encounter unmanaged execution and heightened risks. Executives primarily worry about data privacy and security (73%), followed by legal and regulatory compliance (50%) and governance oversight (46%). The rise of non-human identities within businesses introduces new vulnerabilities, allowing insecure agents to potentially access sensitive information. Effective governance is essential for converting AI initiatives into secure, scalable automation. The report highlights the urgent need for strong governance structures to ensure transparency and reproducibility in agent operations.
Key facts
- 74% of companies plan to deploy agentic AI within two years
- Only 21% of companies report having mature governance models for autonomous agents
- 73% of executives are most concerned with data privacy and security
- 50% of executives are concerned with legal, intellectual property, and regulatory compliance
- 46% of executives are concerned with governance capabilities and oversight
- Non-human identities are outpacing human identities in some modern enterprises
- Andrew Rafla is principal at Deloitte Cyber Practice
- A control plane is defined as a shared, centralized layer governing agent permissions and policies
Entities
Institutions
- Deloitte AI Institute
- Deloitte Cyber Practice
- MIT Technology Review
- Insights