Enterprises deploying AI systems with excessive permissions are experiencing 4.5x more security incidents than those that enforce least-privilege controls according to new research from Teleport.
Based on interviews with 205 CISOs, security architects, and platform leaders, the report finds that AI is rapidly shifting into production infrastructure without identity controls keeping pace, creating a growing and measurable security gap.
“AI has broken the camel’s back. The rapidly increasing complexity of computing infrastructure has been putting immense pressure on identity management in recent years. Most organizations have more groups and roles than employees, for example, says Ev Kontsevoy, CEO at Teleport. “And deploying non-deterministically behaving agents on top of this mess comes with unpleasant consequences.”
Among the findings 85 percent of security leaders are concerned about AI-related infrastructure risk, while 59 percent report having experienced, or strongly suspect, an AI-related security incident.
In addition 70 percent say AI systems have more access than a human in the same role and 69 percent agree identity management must fundamentally change to support AI safely.
Organizations with over-privileged AI systems report a 76 percent incident rate, compared to just 17 percent among those that limit AI to only the privileges needed for the task at hand. This gap reflects a deeper, potentially systemic, identity risk. Over-privileged AI systems are typically deployed on fragmented identity architectures built on static credentials and duplicated service accounts. As AI operates continuously across tools and environments, this identity fragmentation and secrets sprawl dramatically amplify the blast radius of any misconfiguration or compromise.
Lack of visibility into AI systems is a major issue, 43 percent say AI makes infrastructure changes without human oversight at least monthly and seven percent don’t know how often AI is making autonomous changes.
As AI systems move toward agentic behavior — planning, executing, and chaining actions independently — these gaps are expected to widen. 79 percent of organizations are already evaluating or deploying agentic AI, yet only 13 percent feel highly prepared for it.
When businesses deploy AI on top of infrastructure that relies upon static credentials and fragmented identity systems, the risk increases. Without unified identity, AI systems inherit broad, persistent permissions amplifying the effect of any failure or compromise.
“The data is clear,” concludes Kontsevoy. “It’s not the AI that’s unsafe. It’s the access we’re giving it.”
The full 2026 Infrastructure Identity Survey: State of AI Adoption report is available from the Teleport site.
Image credit: BiancoBlue/depositphotos.com
![regulation-and-its-role-in-protecting-critical-infrastructure-[q&a]](https://thetechbriefs.com/wp-content/uploads/2025/03/7534-regulation-and-its-role-in-protecting-critical-infrastructure-qa.jpg)
