.jpg)
A new report from Arkose Labs reveals a significant gap between corporate readiness for agentic AI threats and the funding allocated to defend against them, with enterprise leaders expecting near-term security incidents while budgets remain severely underinvested.
97% of enterprise leaders expect a material AI-agent-driven security or fraud incident within 12 months, with 49% anticipating impact within six months.
Organizations allocate only 6% of security budgets on average to AI-agent risk, while 10% do not track it separately.
Security and fraud models designed around human behavior have not kept pace with autonomous AI-driven activity operating continuously across services.
Credentialed AI agents are redefining insider risk, as organizations must distinguish between malicious agents and authorized ones that may go rogue.
Ownership of AI-agent risk remains fragmented, governance maturity lags deployment velocity, and attribution is identified as the weakest link in enterprise defense.
Current defenses cannot scale to meet AI-driven attacks, leaving enterprises exposed as AI agents become active participants in operational workflows.
AI agents have become active participants in operational workflows, using legitimate credentials and interacting across systems in ways that closely resemble trusted activity. However, security and fraud models have not kept pace. These models were designed around human behavior and external threats, making autonomous, AI-driven activity operating continuously across services harder to interpret and isolate. As a result, understanding how this activity occurs and connects across enterprise-wide systems is becoming central to investigation and response.
The report, published in conjunction with Tech Studio, surveyed 300 security leaders from around the globe representing major technology platforms, global financial institutions, and large-scale enterprises, including many Fortune 500 companies with more than $1 billion in annual revenue.
Enterprise leaders expect near-term impact with significant urgency. Nearly all respondents (97%) expect a material AI-agent-driven security or fraud incident within 12 months, with almost half (49%) anticipating impact within six months. Despite this expectation, enterprise readiness is not keeping pace with deployment velocity.
Organizations allocate an average of only 6% of security budgets to AI-agent risk, and 10% do not track it separately. This funding disparity exists alongside fragmented ownership of AI-agent risk, limited executive engagement, and governance maturity that lags behind the speed of deployment.
Credentialed AI agents are redefining insider risk. Enterprises now face the dual challenge of distinguishing between malicious AI agents and authorized agents that may go rogue with proper permissions.
“In the rush to benefit from the amazing productivity and efficiency gains that agentic AI represents and, in keeping pace with competitors, many companies deployed it broadly before fully considering the identity, security, and governance issues involved,” said Frank Teruel, Chief Operating Officer, Arkose Labs. “Not only do enterprises need to distinguish between malicious and authorized agents, but they also need to think about those with proper permissions going rogue. It’s the ultimate insider threat.”
The report highlights several critical vulnerabilities in current enterprise defenses. Current defenses cannot scale to meet AI-driven attacks, and attribution is identified as the weakest link in enterprise defense. Without the ability to accurately attribute activity to specific AI agents, organizations cannot effectively investigate or respond to incidents.
Arkose Labs is known for Arkose Titan, a unified platform that protects enterprises from human and AI-powered fraud, scraping and bot attacks, account takeovers and SMS toll fraud. Unlike fragmented point solutions, Arkose Titan provides defense-in-depth through intelligent detection and adaptive mitigation against both traditional and emerging AI threats, including agentic AI. By defending a company’s entire digital experience and customer journey, Arkose Titan makes attacks economically unsustainable for perpetrators.
Named to the Deloitte Fast 500 list for the fifth consecutive year, Arkose Labs counts Adobe, Meta, Roblox and Microsoft among its customers.
About Arkose Labs
Arkose Labs is the leading proactive fraud deterrence provider with a solution purpose-built to neutralize modern attacks including those powered by Agentic AI. Its Arkose Titan platform combines proprietary device identification, behavioral analysis, phishing protection, email intelligence, scraping prevention, API defense and bot management. Trusted by the world’s leading consumer brands including Microsoft, Meta and Roblox, Arkose Labs stops account takeovers, fake account creation, LLM-driven scraping and SMS toll fraud. It undermines attacker ROI by introducing dynamic friction, making it economically unsustainable for adversaries to persist. Headquartered in San Mateo, California, the company maintains a global presence with offices throughout APAC, Central America, EMEA and South America.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.