82% of Execs Feel Protected. 88% Have Had Incidents.
BeyondTrust’s Phantom Labs just dropped a report on enterprise AI agent growth, and two numbers sit next to each other like a before-and-after photo nobody asked for.
82% of executives feel confident their existing policies protect them from AI agent security risks. And 88% of organizations reported confirmed or suspected AI agent security incidents in the past year.
That six-point gap is not a rounding error — it’s a worldview.
The report covers what Phantom Labs is calling a “shadow AI workforce” — AI-driven identities operating across cloud services without centralized oversight. These agents grew 466.7% year-over-year. Only 14.4% went live with full security and IT approval. And only 24.4% of organizations have full visibility into which agents are communicating with each other.
So: explosive growth, minimal approval process, limited line of sight, nearly universal incident history — and most of the people in charge think everything is fine.
This is what happens when you treat AI agents like software deployments instead of autonomous actors with their own identities, permissions, and communication channels. A software deployment sits there. An AI agent reaches out, authenticates, makes decisions, and talks to other agents. The threat surface is not comparable, and neither are the governance requirements.
The confidence gap is a category error, not ignorance. Executives are applying a mental model built for static software to systems that behave more like contractors — contractors who onboard themselves, don’t always ask permission, and have very enthusiastic colleagues.
The receipts are in. The question now is whether the 82% update their model before the 88% becomes their headline.