A new Teleport report reveals that enterprises granting excessive access permissions to AI systems experience 4.5x more security incidents, highlighting identity management failures as AI adoption accelerates.
A comprehensive new report from infrastructure identity company Teleport has uncovered a troubling correlation between over-privileged AI systems and a dramatic increase in enterprise security incidents. The findings, published in The 2026 State of AI in Enterprise Infrastructure Security, reveal that organizations granting excessive access permissions to AI systems experience 4.5 times as many security incidents as those maintaining strict access controls.
The research, based on interviews with 205 CISOs, security architects, and platform leaders from organizations with 500 to 10,000 employees, found that identity management has failed to keep pace with AI adoption in production environments. Of those surveyed, 92% already have AI running in production infrastructure, yet 85% of security leaders express concern about associated risks, with 59% reporting AI-related security incidents or strong suspicions of compromise.
The Access Problem: Static Credentials and Broad Permissions
The report identifies a fundamental issue: organizations continue to use static credentials for AI systems at alarming rates. Some 67% of enterprises still rely on static credentials for AI, which the study correlates with a 20% increase in incident rates. These credentials grant AI agents continuous, broad access across tools and environments, creating a massive blast radius when misconfigurations or compromises occur.
"The issue of granting granular access to AI is a core finding in the report," the authors note. Organizations that granted AI broad permissions reported a 76% incident rate, while those limiting AI to only the access needed for specific tasks saw that figure fall to just 17%. This stark contrast underscores how access scope serves as the strongest predictor of security outcomes.
The Human Factor: Confidence vs. Reality
Perhaps most concerning is the disconnect between organizational confidence and actual security outcomes. The report found that organizations expressing the most confidence in their AI deployments experienced more than twice the incident rate of those who were less confident. This counterintuitive finding suggests that overconfidence may lead to inadequate security measures.
Only 3% of respondents have automated controls governing AI behavior at machine speed, leaving most organizations vulnerable to rapid, autonomous actions by AI agents. The report also reveals limited visibility into AI operations: 43% of respondents say AI makes infrastructure changes without human oversight at least monthly, and 7% admit they have no idea how often autonomous changes occur.
Agentic AI: The Next Frontier of Risk
As organizations rush to deploy agentic AI systems—those capable of planning and executing actions without direct human instruction—security preparedness remains critically low. Some 79% of organizations are already evaluating or deploying such systems, yet only 13% feel well-prepared for the security implications.
This gap between deployment and preparedness mirrors findings from Lumos Identity, which published similar research in the same month. Their study found that 96% of organizations experienced an identity-related incident over the past year, with 55% pointing to excessive privilege as a contributing factor.
Structural Problems Beyond AI
Teleport CEO Ev Kontsevoy frames the issue as a structural problem that predates AI adoption. "AI has broken the camel's back," he explains. "The rapidly increasing complexity of computing infrastructure has been putting immense pressure on identity management in recent years. Most organizations have more groups and roles than employees. And deploying non-deterministically behaving agents on top of this mess comes with unpleasant consequences."
This perspective highlights how AI adoption has exposed long-standing weaknesses in enterprise identity management systems. Organizations struggling with complex role structures and group permissions now face the additional challenge of securing autonomous agents that operate across these already convoluted environments.
Recommendations: Unified Identity and Machine-Speed Governance
The report advocates for several critical changes to address these security challenges. First, organizations should implement a unified identity layer that treats both human and AI actors consistently. Static credentials should be replaced with short-lived, scoped credentials that limit the potential impact of compromise.
Second, governance controls must operate at machine speed rather than through manual review processes. As AI agents make decisions and take actions in real-time, security controls must be able to respond with equal velocity.
Third, organizations need comprehensive visibility into AI operations, including automated monitoring of autonomous changes and clear audit trails for all AI-initiated actions.
The Governance Gap
Current implementation of these recommendations remains limited. The report found that 43% of respondents have no formal AI governance controls in place, with an additional 21% having none at all. This means that more than two-thirds of organizations lack even basic governance frameworks for their AI systems.
As Infosecurity Magazine noted in its analysis of the findings, "the distance between what the report recommends and what organizations are doing remains considerable."
Industry Context and Broader Implications
The Teleport report arrives amid growing industry concern about AI security and identity management. The findings reinforce a familiar reality noted by industry observers: identity is becoming the primary control plane, not just for humans and machines, but for AI agents acting autonomously inside critical systems.
The fourfold increase in security incidents linked to over-privileged AI systems represents a significant challenge for enterprises racing to adopt AI technologies. As organizations continue to deploy increasingly autonomous systems without adequate security controls, the gap between innovation and security preparedness threatens to widen further.
The full report, The 2026 State of AI in Enterprise Infrastructure Security, is available on Teleport's website and provides detailed analysis of the survey methodology, statistical findings, and specific recommendations for organizations seeking to secure their AI deployments while maintaining operational effectiveness.
Comments
Please log in or register to join the discussion