Enterprises that grant excessive access permissions to AI systems experience 4.5 times as many security incidents as those that do not, according to The 2026 State of AI in Enterprise Infrastructure Security, a report published by infrastructure identity company Teleport. Based on interviews with 205 CISOs, security architects, and platform leaders, the study found that identity management hasn't kept up with AI adoption in production systems.
The research was conducted in December 2025 and covered organisations with between 500 and 10,000 employees. Of those surveyed, 92% already have AI running in production infrastructure. Some 85% of security leaders say they are concerned about the associated risks, and 59% report having experienced an AI-related security incident, or strongly suspect they have.
The issue of granting granular access to AI is a core finding in the report. Organisations that granted AI broad permissions reported a 76% incident rate, whereas those that granted it only the access it needed for a specific task saw that figure fall to 17%. The report offers multiple possible explanations for this gap, including AI model sophistication and organisational maturity, but found that access scope was the strongest predictor of outcomes.
It's not the AI that’s unsafe. It’s the access we’re giving it.
- Ev Kontsevoy, CEO, Teleport
Writing for the report, Ev Kontsevoy, CEO at Teleport, points to a structural problem that predates AI. "AI has broken the camel's back," he said. "The rapidly increasing complexity of computing infrastructure has been putting immense pressure on identity management in recent years. Most organisations have more groups and roles than employees. And deploying non-deterministically behaving agents on top of this mess comes with unpleasant consequences."
The report traces much of the risk to how credentials are issued to AI systems. Some 67% of organisations still use static credentials for AI, and the study finds these correlate with a 20% increase in incident rates. AI agents that operate continuously across tools and environments inherit the permissions of those credentials, so any misconfiguration or compromise carries a much larger blast radius. Only 3% of respondents have automated controls governing AI behaviour at machine speed.
One finding runs counter to common assumptions: the organisations that expressed the most confidence in their AI deployments experienced more than twice the incident rate of those who were less confident. The report does not explain why, but the pattern recurs across the data. The report also suggests that visibility is low: 43% of respondents say AI makes infrastructure changes without human oversight at least monthly, and 7% say they have no idea how often autonomous changes are made.
Agentic AI, in which systems plan and execute actions without direct human instruction, adds another layer of concern. Some 79% of organisations are already evaluating or deploying such systems, yet only 13% feel well-prepared for the security implications. As Brittney Diesel noted on LinkedIn, the findings "reinforce a familiar reality: identity is becoming the primary control plane, not just for humans and machines, but for AI agents acting autonomously inside critical systems."
Teleport is not the only organisation raising concerns over the access that AI systems have into contemporary organisations. Research from Lumos Identity, published in the same month, found that 96% of organisations experienced an identity-related incident over the past year, with 55% pointing to excessive privilege as a contributing factor.
The report recommends that organisations have a unified identity layer, with static credentials replaced by short-lived, scoped credentials for both human and AI actors. Governance controls should operate at machine speed rather than through manual review. As Infosecurity Magazine noted, 43% of respondents currently have no formal AI governance controls in place, and a further 21% have none at all. These figures suggest the distance between what the report recommends and what organisations are doing remains considerable. infosecurity-magazine
The full report can be read on Teleport's web site.