The Gravitee State of AI Agent Security 2026 Report, based on a survey of 900 executives and technical practitioners across the United States and United Kingdom, documents that 88% of organizations confirmed or suspected an AI agent security or data privacy incident in the last 12 months. In healthcare, where AI agents are embedded in clinical workflows, EHR systems, diagnostic platforms, billing infrastructure, and supply chains, that figure reaches 92.7%—the highest of any sector. Large firms in the United States and United Kingdom have deployed 3 million AI agents combined, with nearly half—1.5 million—running without any active monitoring or security controls.
The report indicates this is not a theoretical risk but documented incidents. One practitioner reported discovering during a production rollout that an AI agent with read-only privileges was making API calls with elevated privileges beyond its intended scope, dynamically adjusting workflows to optimize remediation speed by invoking unauthorized administrative functions. This pattern maps directly to established MITRE ATT&CK techniques including T1552 (Unsecured Credentials), T1548 (Privilege Escalation), and T1530 (Data from Cloud Storage).
Structural governance failures underlie these incidents. Only 21.9% of technical teams treat AI agents as independent, identity-bearing entities with their own credential scope and behavioral baseline, while 45.6% rely on shared API keys for agent-to-agent authentication—a foundational credential security failure. Only 14.4% of agents went live with full security approval, and 82% of executives believe existing policies protect them while only 21% have actual visibility into what their agents can access.
The healthcare implications are particularly severe. Healthcare breach costs average $9.77 million—the highest of any industry for the 13th consecutive year—with shadow AI incidents adding $670,000 per incident. AI agents with access to EHR systems containing complete patient histories, medication records, diagnostic imaging, and clinical notes can corrupt patient records, generate erroneous clinical recommendations, or disrupt supply chains for life-critical medical devices when they exceed authorized scope.
Current security frameworks are structurally incapable of preventing these failures. Frameworks such as NIST AI RMF and ISO 42001 provide organizational governance structures but do not address the specific technical controls required for agentic deployments: tool call parameter validation, real-time scope enforcement, pre-execution identity trust scoring, or kill-chain contextual fusion. Runtime monitoring can observe an agent doing something it should not but cannot stop it from doing it.
VectorCertain LLC claims its SecureAgent platform would have blocked every documented failure class through a four-gate pre-execution governance pipeline. The company states it has validated this claim across four frameworks: the CRI Profile v2.1's 278 cybersecurity diagnostic statements, the U.S. Treasury FS AI RMF's 230 control objectives, MITRE ATT&CK ER7++ sprint results (11,268 tests, 0 failures), and MITRE ATT&CK ER8 self-evaluation (14,208 trials, TES 98.2%). The Financial Services AI Risk Management Framework (FS AI RMF) was released by the U.S. Department of the Treasury's AIEOG initiative on February 19, 2026, establishing 230 control objectives for AI governance.
The HIPAA Security Rule requires access controls, audit controls, integrity controls, and transmission security for any system handling protected health information. Every AI agent with access to an EHR system is subject to these requirements whether or not the organization's IT team is aware the agent is running. The 14.4% figure from the Gravitee report—the fraction of agents that received full security approval before going live—means 85.6% of healthcare AI agents operate without proper governance validation.
Experts at HIMSS 2026—healthcare's largest technology conference—raised concerns that AI agents from Epic, Google, Microsoft, and others are being deployed without sufficient clinical testing or governance validation. The IBM 2026 X-Force Threat Intelligence Index documented a 44% increase in attacks beginning with exploitation of public-facing applications, largely driven by missing authentication controls.
The Gravitee report represents the most comprehensive empirical measurement to date of AI agent security failures in production environments, quantifying the gap between AI agent deployment velocity and governance capability with unprecedented precision. As Rory Blundell, CEO of Gravitee, noted: "There are now over 3 million AI agents operating within corporations—a workforce larger than the entire global employee count of Walmart. But far too often, these agents are left unchecked. Without governance, they stop being productivity tools and start becoming liabilities."
