CURRENT

Over 3 million AI agents now operate inside US and UK corporations. 53% are neither monitored nor secured. For scale: that's an unsupervised workforce exceeding Walmart's entire global headcount. (Gravitee, n=750 CTOs and tech VPs)

81% of teams have moved past planning into active testing or production. Only 14.4% of agents go live with full security approval. The remaining 85.6% launch with partial oversight or none whatsoever. (Gravitee, n=919)

22.5% of organizations have no formal catalog of their agents or MCP servers. Another 25.4% track them on spreadsheets, which go stale the moment someone hits save. Together, that's nearly half with no reliable real-time inventory. (Gravitee, n=919)

Just 21.9% of organizations treat AI agents as independent, identity-bearing entities in their security model. The rest still lump them in with human users or generic service accounts, which quietly guts auditability and access control. (Gravitee, n=919)

"Through 2028, over 50% of AI initiatives will halt, becoming unmanageable, because of unresolved agentic identity challenges." Note: this is a separate prediction from Gartner's earlier cost-focused cancellation forecast. The culprit here is identity governance specifically. (Gartner, via Veza)

88% of organizations confirmed or suspected an agent-related security or data privacy incident in the past year. Documented cases include agents leaking confidential data, acting on stale information, and deleting databases nobody asked them to touch. (Gravitee, 2026)

NIST's new AI Agent Standards Initiative targets security and identity for autonomous systems through parallel tracks. An RFI on agent security closes March 9; a concept paper on agent identity and authorization accepts comments through April 2, with listening sessions to follow.

Veza Access Agents, launched today, automate identity governance spanning humans, non-human identities, and AI agents. A new Suggested Owner Agent maps agents to human owners, tackling the attribution problem directly. Early access is live now; GA is targeted for end of Q2 2026.

Anthropic donated MCP to the Agentic AI Foundation under the Linux Foundation, co-founded with Block and OpenAI. Separately, MCP Apps went official, letting tools return interactive UI components like dashboards and forms directly inside agent conversations.

Censys found over 21,000 publicly exposed OpenClaw instances. Researchers flagged roughly 12% of ClawHub skills as malicious, distributing infostealers through professional-looking plugins. The npm and PyPI "claw" package ecosystem has exploded from near-zero to over 1,000 packages, with an estimated 900 now malicious.

The Microsoft Agent Framework, now in public preview, merges AutoGen's agent abstractions with Semantic Kernel's enterprise plumbing. Both predecessors enter maintenance mode. The consolidated framework targets 1.0 GA by end of Q1 2026, with MCP and A2A interoperability baked in.

Gong shipped MCP support today under its Mission Andromeda initiative, connecting to Salesforce, HubSpot, and Microsoft Dynamics 365. The company positioned the move as a response to AI fragmentation, where siloed agents can't orchestrate across the full customer journey.