Gravitee Warns of 'Invisible Risk': Nearly Half of AI Agents Run Without Oversight

Study finds 47% of 3 million AI agents deployed by enterprises lack security oversight, leaving 1.5 million at risk of going rogue

Published on Feb. 15, 2026

Got story updates? Submit your updates here. ›

A new study by Gravitee, a leading provider of API management and agentic AI solutions, has revealed that nearly half of the 3 million AI agents deployed by enterprise firms in the US and UK are ungoverned and at risk of 'going rogue'. The research, based on a survey of 750 CTOs and tech VPs, found that 88% of firms have already experienced or suspected an AI agent-related security or data privacy incident in the last twelve months. Without proper governance, these autonomous 'digital workers' can exhibit unintended or unwanted behaviors, exposing data or triggering security breaches.

Why it matters

The rapid deployment of AI agents across enterprises has outpaced the ability of security teams to effectively monitor and govern these autonomous systems. This 'invisible risk' of ungoverned AI agents presents a significant threat to consumers and businesses, as evidenced by the high rate of reported security incidents. Proper oversight and management of these AI agents is crucial to ensuring they remain productivity gains rather than liabilities.

The details

The study found that large firms in the US and UK have rolled out 3 million AI agents, with plans for millions more in 2026. However, almost half of these agents (47%) are not actively monitored and not secured, leaving an estimated 1.5 million at risk of going rogue. Without proper governance, AI agents can make incorrect decisions, expose data, or trigger security breaches, as evidenced by the 88% of firms that have already experienced or suspected an AI agent-related incident in the last year.

  • The survey was conducted in December 2025.
  • Gravitee launched its AI Agent Management platform in January 2026.

The players

Gravitee

A leading provider of API management and agentic AI solutions, with a valuation of over $300 million. Gravitee's platform empowers enterprises to design, secure, and govern APIs, event streams, and AI-driven interactions.

Rory Blundell

The CEO of Gravitee, who stated that the lack of governance over the 3 million AI agents operating within corporations presents a significant risk to consumers and businesses.

Got photos? Submit your photos here. ›

What they’re saying

“There are now over 3 million AI agents operating within corporations, a workforce larger than the entire global employee count of Walmart. But far too often, these autonomous agents are left ungoverned and unchecked. Every day, I hear stories of catastrophic data leaks and unauthorized deletions. Without governance, these agents will stop being productivity gains and start becoming liabilities: a danger to consumers and businesses alike.”

— Rory Blundell, CEO of Gravitee

What’s next

Gravitee's AI Agent Management platform, launched in January 2026, aims to give organizations the power to secure, manage, and observe interactions between APIs, Events, and Agents within a unified framework. This platform is designed to help enterprises run AI agents in production with the same discipline they apply to APIs and event streams.

The takeaway

The rapid deployment of AI agents across enterprises has outpaced the ability of security teams to effectively monitor and govern these autonomous systems, leaving a significant portion of these AI agents ungoverned and at risk of 'going rogue'. This 'invisible risk' highlights the critical need for enterprises to implement robust governance and oversight mechanisms to ensure AI agents remain productivity gains rather than liabilities that threaten consumer and business security.