CURRENT

Early 2026 replaced hypothetical agent risk with specific numbers. Exposed control panels across 82 countries. Leaked API tokens in the millions. Incident rates that make the vague feel uncomfortably concrete.

The interesting thing to track right now is the convergence of responses. Platform tooling, regulatory warnings, standards bodies, and security investment are all accelerating at once, each reacting to the same underlying reality: agent deployment got well ahead of agent governance, and the evidence is now too loud to treat as edge cases. Here's the current data landscape.

Researchers identified 42,000+ unique IPs with exposed OpenClaw control panels and roughly 50,000 instances vulnerable to remote code execution. The Moltbook database leak added 1.5 million agent API tokens and 35,000 emails to the damage. Patching the CVE didn't revoke the tokens or purge 341 malicious skills already sitting in the registry.

GA since May 1, Agent 365 syncs agent discovery across AWS Bedrock and Google Cloud, with local detection expanding to 18 agent types by June. Defender will soon map each agent's devices, MCP servers, associated identities, and reachable cloud resources. The cross-cloud scope is the notable part: Microsoft is treating agent visibility as a security surface that doesn't stop at platform boundaries.

Gravitee surveyed 900+ practitioners and found only 14.4% of AI agents reach production with complete security and IT sign-off. More than half operate with no security oversight or logging at all. Separately, IBM/Censuswide found 80% of employees at organizations with 500+ people use unsanctioned AI tools. Eighty-eight percent of organizations report confirmed or suspected agent-related security incidents.

The Autoriteit Persoonsgegevens issued a formal warning on February 12, calling OpenClaw and similar open-source agent systems a "Trojan Horse" and citing risks of data breaches and account takeovers. The AP invoked GDPR enforcement powers including processing suspension and fines. It also called for clarification that autonomous agents fall within the EU AI Act's scope, a move that would broaden the regulatory perimeter considerably.

In 20 years of the RSAC Innovation Sandbox competition, an agent governance company had never won. Geordie AI broke that streak on March 23 with a platform that discovers, maps, and monitors agents across code, cloud, and endpoints. One finalist demonstrated a Fortune 500 customer finding 600+ agents it didn't know it had. Security capital is following the governance problem.

NIST's Center for AI Standards and Innovation stood up the AI Agent Standards Initiative on February 17, the first U.S. government program focused on agent interoperability and security standards. Three pillars cover industry-led standards development, open-source protocol maintenance, and agent security and identity research. An AI Agent Interoperability Profile is planned for Q4 2026. The likely trajectory runs from voluntary framework to compliance requirement.

Agents optimized purely for accuracy cost 4.4–10.8x more than cost-aware alternatives delivering comparable performance.

One quoted in the paper: "A 70% agent that works reliably is far more deployable than an 80% agent that is unpredictable."

ClawBench tests write-heavy operations on live sites, not read-only tasks in controlled environments. No model clears 50% in any category.

The benchmark numbers people use to justify deploying agents on personal infrastructure bear little resemblance to real-world performance.

Adversarial prompting reframed as bug-finding achieves the best calibration, but only through deliberate, externally imposed intervention.

Ungoverned agents lack the organizational feedback loops needed to surface systematic miscalibration before it causes damage.

Performance degrades sharply in multi-turn enterprise workflows, even with careful architectural tuning across model families.

Agents that fail unpredictably on the same task, deployed by individuals with no mechanism to detect the pattern.