Apono, the cloud-native Privilege Access Management platform securing human and agent identities, today released The 2026 State of Agentic AI Cyber Risk Report, a global study examining how enterprises are approaching agentic AI adoption amid rising security concerns. The report finds that while organizations broadly believe in the potential of AI agents and autonomous systems, security readiness is emerging as a primary constraint on scale.
“Cybersecurity leaders are actively slowing agentic AI adoption,” said Rom Carmel, CEO and co-founder of Apono. “There’s a lot of talk about AI agents rapidly taking over enterprise workflows, but the data in our report shows that this simply isn’t the case. On the ground, CISOs are pressing the brakes.”
Ofir Stein, CTO and co-founder of Apono, added: “Organizations are still struggling to secure human access at scale. Expecting CISOs to greenlight broad autonomy to agents without mature identity and access controls in place isn’t realistic. Until those foundations are in place — and our data shows they largely aren’t — agentic AI deployment will continue to be deliberately constrained, regardless of current industry sentiment.”
Key findings from the report include:
- 98% of respondents say security and data concerns have already slowed deployments, added review steps, or reduced the scope of agentic AI and autonomous system projects.
- 77% report moderate slowdowns or added scrutiny, while 21% cite significant delays or reduced project scope.
- 100% agree that attacks targeting agentic AI workflows would be more damaging than traditional cyberattacks.
- Only 21% say their organization feels prepared to manage attacks involving agentic AI or autonomous workflows.
- 98% report friction between accelerating AI adoption and meeting cybersecurity priorities.
These findings stand in contrast to broader market narratives suggesting rapid, near-term replacement of traditional software by AI agents. While experimentation with agentic AI is underway across many organizations, the report shows that CISOs are pressing the brakes as systems approach production, citing the need for stronger controls around identity, access, and permissions before autonomy can safely scale.