Microsoft's Cyber Pulse report reveals that over 80% of Fortune 500 companies now use AI agents, with rapid adoption creating new risks around visibility, governance, and security that organizations must address to safely scale their AI transformation.
Organizations are deploying AI agents at unprecedented speed, with over 80% of Fortune 500 companies now using active agents built with low-code/no-code tools, according to Microsoft's new Cyber Pulse report. This rapid adoption is transforming workflows across sales, finance, security, customer service, and product innovation—but it's also creating a critical visibility gap that security leaders cannot ignore.
{{IMAGE:2}}
The agent explosion: From assistive to autonomous
AI agents are no longer limited to technical teams. Today, employees across various roles create and deploy agents for daily work, with the technology becoming ubiquitous in operations. These agents operate in two primary modes: assistive agents that respond to user prompts and autonomous agents that execute tasks with minimal human intervention.
The growth spans globally, with leading industries including software and technology (16%), manufacturing (13%), financial institutions (11%), and retail (9%) using agents for increasingly complex tasks. These range from drafting proposals and analyzing financial data to triaging security alerts, automating repetitive processes, and surfacing insights at machine speed.
Unlike traditional software, agents are dynamic entities that act, decide, access data, and increasingly interact with other agents. This fundamental shift changes the risk profile entirely.
The blind spot: Agent growth without oversight
Despite rapid adoption, many organizations struggle with basic questions: How many agents are running across the enterprise? Who owns them? What data do they touch? Which agents are sanctioned—and which are not?
This isn't a hypothetical concern. Shadow IT has existed for decades, but shadow AI introduces new dimensions of risk. Agents can inherit permissions, access sensitive information, and generate outputs at scale—sometimes outside the visibility of IT and security teams. Bad actors might exploit agents' access and privileges, turning them into unintended double agents.
{{IMAGE:3}}
When agents have too much access or the wrong instructions, they become vulnerabilities. The Cyber Pulse report reveals that already 29% of employees have turned to unsanctioned AI agents for work tasks, creating a significant governance gap.
Why observability comes first
You can't protect what you can't see, and you can't manage what you don't understand. Observability provides a control plane across all layers of the organization to understand what agents exist, who owns them, what systems and data they touch, and how they behave.
The report outlines five core capabilities organizations need for true observability and governance:
- Registry: A centralized inventory of all agents—sanctioned, third-party, and shadow agents—to prevent sprawl and enable accountability
- Access control: Identity- and policy-driven controls governing each agent with least-privilege permissions
- Visualization: Real-time dashboards showing agent interactions with people, data, and systems
- Interoperability: Consistent governance across Microsoft platforms, open-source frameworks, and third-party ecosystems
- Security: Built-in protections safeguarding agents from internal misuse and external cyberthreats
Governance and security: Related but distinct
An important clarification from the Cyber Pulse report: governance and security are related but not interchangeable. Governance defines ownership, accountability, policy, and oversight. Security enforces controls, protects access, and detects cyberthreats. Both are required, and neither can succeed in isolation.
AI governance cannot live solely within IT, and AI security cannot be delegated only to CISOs. This is a cross-functional responsibility spanning legal, compliance, human resources, data science, business leadership, and the board.
When AI risk is treated as a core enterprise risk—alongside financial, operational, and regulatory risk—organizations are better positioned to move quickly and safely. Strong security and governance do more than reduce risk; they enable transparency, which is fast becoming a competitive advantage.
From risk management to competitive advantage
Organizations that act now to establish foundational controls will not only mitigate risk but also unlock faster innovation, protect customer trust, and build resilience into their AI-powered enterprises. Security is not an opposing force to innovation—it's a reinforcing one.
The future belongs to organizations that can innovate at machine speed while observing, governing, and securing with the same precision. Those who get this right will find that AI becomes more than a technological breakthrough—it becomes a breakthrough in human ambition.
As AI agents continue their rapid proliferation across enterprises worldwide, the organizations that establish robust observability, governance, and security frameworks today will be the ones leading tomorrow's AI transformation.
Comments
Please log in or register to join the discussion