Navigating AI Security Risks: Findings from the 2026 State of AI in Enterprise Infrastructure Security
As businesses increasingly integrate artificial intelligence (AI) into their operations, the security implications of this technology have never been more pressing. A pivotal report by Teleport, titled The 2026 State of AI in Enterprise Infrastructure Security, reveals alarming statistics about security incidents tied to AI systems. Notably, enterprises granting excessive access permissions to AI experience 4.5 times as many security incidents as those that implement stricter access controls.
Key Insights from the Report
In December 2025, Teleport conducted an extensive survey involving 205 Chief Information Security Officers (CISOs), security architects, and platform leaders across organizations with 500 to 10,000 employees. The findings highlight that 92% of these organizations already have AI systems running in production environments. However, the security risks associated with these systems are a significant concern—85% of security leaders expressed apprehension about these risks, and 59% reported experiencing an AI-related security incident or suspecting such events.
The Importance of Granular Access Control
A central theme emerging from the report is the critical importance of granular access attributes for AI systems. Organizations granting broad permissions to their AI entities reported a staggering 76% incident rate, compared to just 17% for those providing limited, task-specific access. This substantial difference suggests that how organizations manage AI permissions directly influences their security outcomes.
“It’s not the AI that’s unsafe. It’s the access we’re giving it.”
— Ev Kontsevoy, CEO, Teleport
The Structural Challenges of Identity Management
The report underscores a structural issue that predates the rise of AI. Ev Kontsevoy notes how the increasing complexity of computing infrastructures has outpaced traditional identity management systems. Many organizations today have more user groups and roles than employees, leading to disorganization. The deployment of AI, which can behave unpredictably, exacerbates these challenges, resulting in greater security risks.
Risks Linked to Static Credentials
One of the report’s crucial findings is that 67% of organizations still rely on static credentials for their AI systems, a practice that correlates with a 20% increase in security incidents. AI agents often inherit the permissions of these credentials and operate across various tools and environments continuously. This means that any misconfiguration or compromise can lead to significant vulnerabilities and, consequently, a broader “blast radius” for security breaches.
The Paradox of Confidence in AI Deployments
Interestingly, the report reveals a paradox: organizations expressing high confidence in their AI deployments face more than double the incident rate compared to those less confident. While the report does not delve into the reasons behind this trend, it suggests a need for a more cautious approach to AI integration.
Moreover, visibility into AI activities is alarmingly low. About 43% of respondents indicated that AI systems make changes to infrastructure without human oversight at least monthly. Worryingly, 7% admitted to having no clue about how often such autonomous changes occur.
The Emergence of Agentic AI
The rise of agentic AI—systems capable of making decisions and taking actions without direct human control—introduces further security layers. Although 79% of organizations are exploring or already deploying such systems, only 13% feel adequately prepared for the associated security implications. As highlighted by security experts, identity management is becoming the primary control mechanism not just for humans, but for autonomous AI agents in critical systems.
The Calls for Better Governance and Control
The report also draws attention to the need for improved governance structures around AI. A separate survey by Lumos Identity corroborates these concerns, revealing that 96% of organizations faced identity-related incidents over the previous year. Among these incidents, 55% were tied to excessive privilege.
It is recommended that businesses implement a unified identity layer to ensure a more holistic view of identity management. Additionally, organizations should replace static credentials with short-lived, scoped credentials for both human and AI actors. Governance controls must function at machine speed to adapt to the fast-paced changes associated with AI behaviors. Alarmingly, the report indicates that 43% of respondents currently lack formal AI governance controls, and 21% have none at all.
Steps Toward Securing AI Deployments
Organizations must take proactive measures to align their identity management practices with the modern landscape of AI technology. This includes auditing current access permissions, enhancing visibility of AI actions, adopting dynamic credentialing, and establishing robust governance protocols. By doing so, enterprises can mitigate the security risks posed by their AI implementations, ultimately fostering a more secure operational environment.
For a deeper dive into the study’s findings and recommendations, readers are encouraged to visit Teleport’s official website.
Inspired by: Source

