Safeguard
Industry Analysis

State of Agentic AI Adoption Report Overview

Safeguard's State of Agentic AI Adoption Report finds 71% of enterprises now run agents with production access, outpacing identity, SBOM, and reachability controls.

Safeguard Research Team
Research
7 min read

SAN FRANCISCO — Agentic AI has moved from pilot projects to production workloads faster than almost any enterprise technology in recent memory, and security teams are struggling to keep pace. According to Safeguard's newly compiled State of Agentic AI Adoption Report, which aggregates telemetry from customer environments, public breach disclosures, and a survey of over 400 engineering and security leaders conducted between January and May 2026, 71% of organizations now run at least one autonomous AI agent with write access to production code, infrastructure, or CI/CD pipelines — up from just 19% at the start of 2025. The report paints a picture of an ecosystem racing ahead of its own guardrails: agents are shipping code, opening pull requests, provisioning cloud resources, and calling internal APIs largely without the identity governance, provenance tracking, or dependency scrutiny that organizations have spent the last decade building for human developers.

The findings arrive as agentic coding assistants, autonomous SRE bots, and AI-driven DevOps orchestrators have become default tooling in mainstream engineering organizations rather than experimental side projects. That speed of adoption is precisely what makes this report notable — the security control plane has not caught up, and the gap is now measurable.

The Adoption Curve Is Steeper Than Any Prior Platform Shift

Safeguard's data shows agentic AI adoption outpacing both the cloud migration wave of the early 2010s and the initial container/Kubernetes adoption curve. Median time from "first agent deployed" to "agent operating with production write access" was 47 days in the surveyed cohort — compared to 14 months for a comparable cloud migration milestone a decade ago. Three factors are driving the pace:

  • Low friction onboarding. Agentic coding tools integrate directly into existing IDEs and CI systems, meaning teams can grant an agent a service account and a set of scopes in an afternoon, with no dedicated security review in 58% of reported cases.
  • Compounding productivity pressure. Engineering leaders cited "competitive velocity" as the top driver of agent adoption (64%), ahead of cost reduction (22%) and talent shortage (14%).
  • Vendor proliferation. The report catalogs a 3.4x increase in distinct agentic AI vendors and open-source agent frameworks in use across the surveyed organizations between Q1 2025 and Q1 2026, fragmenting the surface area security teams must monitor.

Where the Risk Concentrates: Non-Human Identity Sprawl

The single largest theme in the report is identity. Agents typically authenticate as service accounts, API keys, or OAuth tokens — non-human identities (NHIs) that inherit broad, often static permissions and rarely go through the same lifecycle review as human accounts. Safeguard's telemetry found:

  • The average enterprise environment in the study had 4.7 non-human identities for every human developer, a ratio that has more than doubled since 2024.
  • 43% of agent-associated credentials observed had standing access to production secrets stores, and nearly a third of those credentials had not been rotated in over 90 days.
  • Only 12% of organizations reported having a formal inventory of which agents hold which permissions across their SDLC — meaning the majority are operating with an incomplete picture of their own attack surface.

This matters because agent identities are attractive, high-leverage targets: compromising one credential can grant an attacker the same broad write access the agent itself was given, often without triggering the anomaly-detection baselines built for human behavior patterns.

Shadow Agents Are Now a Bigger Blind Spot Than Shadow IT

Just as "shadow IT" described unsanctioned SaaS tools a decade ago, the report identifies "shadow agents" as the 2026 equivalent — AI agents deployed by individual engineers or teams outside of any centrally approved tooling list. 38% of security leaders surveyed admitted they discovered at least one unsanctioned agent operating in their environment in the past six months, typically through an incident review or a routine access audit rather than proactive detection. The report notes that shadow agents are disproportionately likely to be granted overly broad scopes, because the engineer configuring them optimizes for "getting it working" rather than least privilege, and there is no review gate forcing a narrower grant.

The Software Supply Chain Is the Actual Blast Radius

Perhaps the most consequential finding for supply chain security specifically: agentic coding tools are now a primary vector by which new third-party dependencies enter the codebase. The report found that agents introduced an average of 6.2 new open-source packages per week per active repository in the surveyed cohort, frequently without a corresponding SBOM update or license/vulnerability check at merge time. Two related data points stand out:

  • 34% of organizations reported at least one incident in the past year where an AI agent introduced a dependency with a known CVE, a typosquatted package name, or a malicious post-install script — and in the majority of those cases, the issue was only caught after merge, not before.
  • Only 21% of organizations currently run reachability analysis on agent-generated code changes before merge, meaning most teams cannot distinguish between a vulnerable dependency that is actually exploitable in their application versus one that is present but never invoked — a gap that inflates both risk and alert fatigue simultaneously.

The report frames this as the natural evolution of a well-known supply chain problem: for years, attackers have targeted the software supply chain through typosquatting, dependency confusion, and compromised maintainer accounts. Agentic AI does not introduce a new attack technique so much as it dramatically increases the rate at which new, unvetted dependencies and code paths are proposed — compressing review windows and increasing the odds that something slips through.

Compliance and Board-Level Attention Is Rising, But Controls Lag

Regulatory and audit pressure is starting to catch up to the trend. 56% of organizations surveyed said agentic AI usage was raised as a specific line item in their most recent SOC 2 or ISO 27001 audit cycle — nearly triple the rate reported a year prior — yet only 27% said their existing control framework explicitly addresses autonomous code-writing or infrastructure-provisioning agents. Auditors are increasingly asking pointed questions: which agents have production access, what is their blast radius if compromised, and can the organization produce a provenance trail for AI-generated code changes. Most organizations in the report could not fully answer at least one of those three questions on request.

Boards are following suit. 61% of the CISOs surveyed said agentic AI risk had become a standing topic in board-level security briefings in the past two quarters, reflecting a broader shift from "innovation enablement" framing to "governed adoption" framing at the executive level.

The Common Thread: Speed Without Provenance

Across every section of the report, the same structural gap recurs: organizations are granting agents speed and autonomy at a rate that outpaces their ability to answer basic provenance questions — what changed, who (or what) changed it, what new code or dependency was introduced, and whether it is actually reachable and exploitable in production. That gap is not a reason to slow agentic AI adoption; the productivity case is real and the trend is not reversing. It is, however, a clear signal that the controls organizations already trust for human-authored code and human identities need to be extended, rather than assumed, to cover autonomous agents.

How Safeguard Helps

Safeguard is built for exactly this gap between agentic velocity and supply chain assurance. Our reachability analysis engine tells teams whether a vulnerability introduced by an agent — or anyone else — is actually exploitable in the running application, cutting through the noise so security teams can prioritize the small fraction of findings that matter instead of triaging every CVE an agent's dependency choices surface. Griffin AI continuously watches agent-driven commits and pull requests for anomalous patterns, from unexpected new dependencies to suspicious permission requests, giving teams the visibility into agent behavior that the report shows most organizations currently lack. Safeguard's automated SBOM generation and ingest capabilities keep a live, accurate inventory of every component an agent introduces, closing the provenance gap that auditors are now asking pointed questions about. And when a real issue is found, Safeguard can open an auto-fix pull request directly, matching the speed at which agents introduce risk with an equally fast, equally automated remediation path — so governance doesn't have to mean slowing down.

Never miss an update

Weekly insights on software supply chain security, delivered to your inbox.