SecurityBrief US - Technology news for CISOs & cybersecurity decision-makers
United States
International Women’s Day
392 opinions Read now

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Cinematic data center ai brain security exec hitting stop btn
#
Data Protection
#
Digital Transformation
#
PAM

Security chiefs hit brakes on risky agentic AI roll-out

Thu, 26th Feb 2026
Author image
By Sean Mitchell, Publisher

Apono has published survey findings suggesting most security leaders are slowing agentic AI projects as organisations weigh the risks of granting autonomous systems access to corporate data and workflows.

The 2026 State of Agentic AI Cyber Risk Report is based on a survey of 250 senior cybersecurity professionals at organisations with 250 or more employees across North America, Europe, and the Middle East and Africa. An independent market research firm conducted the research in December 2025.

The report focuses on agentic AI-systems that can take actions across tools and services with limited human input. Interest has grown as large language models become more widely deployed in enterprises. Many organisations have started experiments and pilots, but the survey points to a more cautious path as projects near production.

Security brakes

According to the survey, 98% of respondents said security and data concerns had already affected agentic AI and autonomous system projects, slowing deployments, adding review steps, or narrowing scope.

Within that group, 77% reported moderate slowdowns or additional scrutiny, while 21% cited significant delays or reduced scope. The survey also found that 98% reported friction between efforts to accelerate AI adoption and cybersecurity priorities.

Rom Carmel, Apono's CEO and co-founder, said the results show security teams increasingly constraining adoption as systems become more autonomous.

"Cybersecurity leaders are actively slowing agentic AI adoption," said Rom Carmel, CEO and co-founder of Apono. "There's a lot of talk about AI agents rapidly taking over enterprise workflows, but the data in our report shows that this simply isn't the case. On the ground, CISOs are pressing the brakes."

Damage expectations

The report says all respondents agreed that attacks targeting agentic AI workflows would be more damaging than traditional cyberattacks. It did not detail the types of attacks respondents had in mind, but the results suggest a broad expectation that autonomous workflows could increase the scale or speed of an incident.

Despite those concerns, only 21% of respondents said their organisation felt prepared to manage attacks involving agentic AI or autonomous workflows. The gap between perceived impact and preparedness is a central theme in the findings.

Apono argues the results show many organisations need to mature basic controls before expanding autonomous access. In the context of agentic AI, that includes defining what an agent is allowed to do, which systems it can access, and under what conditions.

Accountability shift

The report highlights a tension between executive enthusiasm for agentic AI and day-to-day responsibility for cyber risk. It says executives and technical leaders often promote AI agents as a route to efficiency and advantage, while accountability for AI-related cyber risk remains concentrated with CISOs and security teams.

That division can cast security leaders as gatekeepers as systems move from experimentation to production. The report suggests the dynamic contributes to added review layers and narrower deployments.

Ofir Stein, Apono's CTO and co-founder, said organisations are still working through identity and access issues for human users, making autonomy a difficult next step.

"Organisations are still struggling to secure human access at scale. Expecting CISOs to greenlight broad autonomy to agents without mature identity and access controls in place isn't realistic. Until those foundations are in place - and our data shows they largely aren't - agentic AI deployment will continue to be deliberately constrained, regardless of current industry sentiment," said Ofir Stein, CTO and co-founder of Apono.

Identity controls

Apono operates in the privileged access management market and describes its platform as cloud-native, focused on securing both human and agent identities. It also offers "Zero Standing Privilege access" across cloud infrastructure, databases, Kubernetes, SaaS, and operational resources.

Privileged access management is a longstanding part of enterprise security, focused on limiting and monitoring access to high-risk systems and data. As agentic AI tools begin taking actions such as retrieving information, changing configurations, or running operational tasks, questions about permissions and accountability become more prominent.

The report argues that gaps in identity governance, privileged access, and visibility become more consequential as autonomous workflows move toward production. It adds that organisations are not rejecting AI agents, but are demanding stronger security foundations before expanding deployments.

Apono counts Intel, HPE, and Workday among its customers. It says its approach automates identity provisioning based on intent, risk, and operational context.

As agentic AI moves from pilots into business systems, the report suggests many organisations will tie broader roll-outs to progress on identity and access controls, along with clearer operational ownership of risk.

Related stories
DNSFilter adds DNS PreCheck to protect roaming staff
MIND unveils Autonomous DLP Analyst to cut alert noise
Sweep wins cybersecurity firms for Salesforce control
Xiid secures EV charging, healthcare AI & multi-cloud
AI-fuelled crime drives illicit funds to $4.4 trillion

Top stories

Schneider Electric unveils open software-defined DCS
GTIA honours 2026 North America IT channel leaders
Manifest tool boosts SBOMs for critical C & C++ code
Stryker probes global cyber attack via MDM systems
Global CISO Council launched to steer AI governance