Your AI agents probably have more access than your most senior engineers. And unlike your engineers, they never log out, never question a request, and never think twice about exfiltrating data when told to.
New research from Teleport paints a stark picture. Their 2026 State of AI in Enterprise Infrastructure Security report found that organisations with over-privileged AI systems reported a 76% security incident rate. Organisations that enforced least-privilege access for their AI? Just 17%. That is a 4.5x difference.
Let that sink in. The single biggest predictor of whether your AI deployment will cause a security incident isn't the model you chose, the vendor you picked, or even whether you have a security team. It is whether you gave your AI agents more access than they actually need.
The shadow AI problem makes it worse
Here is the thing most CISOs are missing: you cannot enforce least-privilege on AI agents you do not know about.
Microsoft's latest Cyber Pulse report found that 29% of employees are already using unauthorised AI agents at work. These are not employees being malicious. They are people trying to get work done faster, plugging in ChatGPT plugins, connecting AI assistants to company Slack, giving random tools access to internal documents.
Every one of those unauthorised agents is a potential over-privileged access point. Nobody reviewed the permissions. Nobody scoped the access. Nobody is monitoring what data flows through them.
Why AI agents are different from human users
When you give a human employee broad access to systems, you are relying on their judgement. They know not to download the entire customer database just because they technically can. They understand context, consequences, and professional norms.
AI agents have none of that. An AI agent with read access to your CRM will happily dump every record if a prompt tells it to. An agent connected to your email system will forward sensitive documents without hesitation. They operate on instructions, not judgement.
This is not a theoretical risk. The Teleport report specifically highlights that organisations are granting AI systems access comparable to, or exceeding, what human engineers receive. 62% of respondents said their AI systems have access to production infrastructure, and most admitted they had not implemented proper identity controls for those systems.
The fix is boring (and that is the point)
The solution is not exciting. It is identity management, access controls, and least-privilege enforcement applied to AI agents the same way you would apply them to human users.
Specifically:
Discover what is running. You cannot secure AI agents you do not know about. Shadow AI discovery is not optional anymore, it is the foundation of any AI security strategy.
Scope access tightly. Every AI agent should have the minimum permissions needed for its specific task. An agent that summarises meeting notes does not need access to your financial systems.
Monitor continuously. AI agents should be subject to the same audit logging and anomaly detection as human users. Ideally more, because they operate at machine speed and can cause damage far faster.
Enforce identity. AI agents need proper identity management. They need credentials that can be rotated, access that can be revoked, and activity that can be traced back to a specific system and purpose.
The bottom line
The Teleport data is clear: over-privileged AI is not a nuanced risk you can deprioritise. It is a 4.5x multiplier on your incident rate. Combined with the shadow AI problem Microsoft flagged, most enterprises are sitting on a ticking clock they cannot even see.
If you do not know what AI agents are running in your organisation, what they have access to, and whether that access is scoped appropriately, you have a problem. And the data says it is probably already costing you.
