IT Brief UK - Technology news for CIOs & IT decision-makers
United Kingdom

Guides

#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things

Search

Secured vs ungoverned ai server room in us uk corporations
#
Data Protection
#
DevOps
#
Physical Security

Half of corporate AI agents running without oversight

Thu, 5th Feb 2026
Author image
By Shannon Williams, News Editor

Large companies in the US and UK have deployed more than 3 million AI agents, and almost half are not actively monitored or secured, according to new research of senior technology leaders.

The survey, which polled 750 CTOs, CIOs, VPs of engineering and platform leaders, found 47% of AI agents were running without oversight. That equates to an estimated 1.5 million ungoverned agents in use across major organisations.

AI agents are software systems that carry out tasks with a degree of autonomy. They can act across internal applications and external services. Adoption has risen as firms look for automation across customer service, operations, software development and data analysis.

The research also pointed to security and privacy concerns. It found that 88% of respondents said their organisation had already experienced, or suspected, an AI agent-related security or data privacy incident in the past twelve months.

Respondents described incidents that included exposure of confidential data, actions taken on outdated or incomplete information, and deletion of databases without permission. The findings add to growing industry concern about the risks that come with deploying autonomous systems in production environments without controls on access, identity and activity.

Oversight gap

Governance of AI agents has emerged as a practical challenge for technology teams. An AI agent may call multiple APIs, trigger automated workflows and interact with event streams. Each step can create new points of access to sensitive information and critical systems.

Security teams have spent years building controls around APIs and application access. Autonomous agents introduce a different operating model because their actions can be triggered by prompts, events, or changing context. The survey results suggest that operational discipline has not kept pace with deployment.

Rory Blundell, Chief Executive of Gravitee, drew a comparison between the scale of AI agents and human workforces.

"There are now over 3 million AI agents operating within corporations, a workforce larger than the entire global employee count of Walmart," said Rory Blundell, CEO, Gravitee.

He added: "But far too often, these autonomous agents are left ungoverned and unchecked. Every day, I hear stories of catastrophic data leaks and unauthorized deletions. Without governance, these agents will stop being productivity gains and start becoming liabilities: a danger to consumers and businesses alike," said Blundell.

Market context

The research was carried out for Gravitee, which sells API management software and products focused on agentic AI. The company said the findings form part of its State of AI Agent Security 2026 report.

AI agent management has become a distinct focus within the broader API management and security market. Large organisations often run thousands of internal services and third-party integrations. This increases the number of interfaces that agents can access. It also expands the number of credentials and permissions that need to be managed.

Traditional security tooling often focuses on user identities, endpoints and known application patterns. AI agents can require more granular policy controls because they may chain multiple tools together and operate at machine speed. Governance also requires visibility, including logs of which systems were accessed, what data was retrieved, and which actions were taken.

Product moves

Gravitee is positioning its platform around the management of interactions between APIs, event streams and AI agents. It describes its approach as a unified framework for securing and observing these interactions.

The company has also been building out product features designed for agent oversight. It pointed to Gravitee 4.10, which it said sets controls for identity, access, policies and trust for agent interactions. It also referenced the A2A Summit, which it said focused on the Agent-to-Agent protocol and brought together participants working on this area.

Gravitee said it was recognised by Gartner as a Leader in the 2025 Gartner Magic Quadrant for API Management. The company is based in Denver and said it has a valuation of over USD $300 million.

How it was measured

The survey was conducted by Opinion Matters and covered 750 respondents, including 500 in the US and 250 in the UK. Participants held senior technology roles such as CIO, CTO, VP of engineering or DevOps, and Head of platform or API management. The respondent base included banks and other enterprise organisations with more than 250 employees.

With millions of agents already deployed and organisations planning further roll-outs in 2026, the data suggests that governance, monitoring and security controls will remain a central issue for technology leaders managing autonomous systems at scale.

Related stories
Mailchimp boosts eCommerce tools with wider EMEA SMS rollout
SpecterOps unveils BloodHound Scentry identity risk service
EC-Council unveils new AI risk & CISO training suite
ZeroDrift raises USD $2m to power real-time compliance
Fortinet unifies cloud risk signals in FortiCNAPP upgrade

Top stories

UiPath buys WorkFusion to boost AI crime compliance
Camunda names Chris White Chief Revenue Officer amid AI push
NG Bailey to recruit over 70 apprentices across UK
ConnectWise names Johannes Kamleitner EMEA go-to-market lead
Expereo enhances expereoOne with digital case tool