Report: Only 44 Percent of Organizations are Fully Equipped to Support Secure AI
Delinea recently published new research on the impact of artificial intelligence in reshaping identity security. According to the report, “AI in Identity Security Demands a New Playbook,” only 44% of organizations say their security architecture is fully equipped to support secure AI, despite widespread confidence in their current capabilities.
Based on a survey of over 1,700 IT decision-makers worldwide, the report reveals a significant gap between organizations’ confidence in securing AI tools and their actual capabilities. While 93% of respondents believe their machine identity security keeps pace with emerging threats like AI manipulation, only 61% have full visibility into all machine identities to monitor for compromise, and just 48% have identity governance for AI entities. With 66% of organizations using agentic AI, limited visibility leaves these agents vulnerable to risks such as unchecked autonomous decisions and compromise by external threat actors.
“Agentic AI demands agentic security,” said Art Gilliland, CEO of Delinea. “Organizations must rethink how they approach identity, building adaptive, risk-aware systems that verify and secure every action, whether it’s human- or machine-driven. AI agents, in particular, require more granular and dynamic identity access controls than the traditional role-based approaches. More broadly, every organization must build out a comprehensive AI governance model to ensure that it’s being used securely and as intended.”
Key findings from the report include:
AI usage in IT and security operations is widespread:
The vast majority of global companies (94%) use or pilot some form of AI in IT operations. More than half of organizations specifically use generative AI or agentic AI in IT operations. Notably, 40% use agentic AI to enhance security operations
Shadow AI is a frequent challenge:
Over half of the firms surveyed (56%) report that they face shadow AI issues at least once a month. For a third of respondents, these incidents occur multiple times per month, highlighting the challenge of unsanctioned AI usage.
AI identity security concerns:
Organizations identified their most pressing concerns around AI in identity security:
AI-generated phishing and deep fakes
AI-driven credential theft
Agentic AI systems with unchecked access
Unsanctioned use of AI tools
Poor visibility into AI access workflows
Despite broad AI adoption, the report highlights a significant gap in AI governance across organizations. Just 57% of organizations reported having an acceptable use policy for AI tools, and only 55% reported having access controls in place for AI agents. This lack of oversight leaves many organizations vulnerable to the risks posed by unsanctioned use and improperly managed AI technologies. Encouragingly, nearly half of the organizations surveyed are hopeful that their security roadmaps will bolster the security of AI deployments within the next two years.
As AI continues to transform IT and security operations, organizations must prioritize robust identity governance and adaptive security controls to address emerging risks. To learn more about AI trends in identity security, including actionable steps for securing AI, download a copy of the report here.