New Teleport Research Reveals AI Security Crisis in the Enterprise: Over-Privileged AI Systems Drive 4.5x Higher Incident Rates

2026 State of AI in Enterprise Infrastructure Security Report finds 92% of companies deploying AI — but most lack the identity controls to secure it

Oakland, California  — February 17, 2026 — Enterprises deploying AI systems with excessive permissions are experiencing 4.5x more security incidents than those that enforce least-privilege controls according to a new research report from Teleport. The report warns that most enterprises are dramatically underprepared for the security consequences. Based on interviews with 205 CISOs, security architects, and platform leaders, The 2026 State of AI in Enterprise Infrastructure Security finds that AI is rapidly shifting into production infrastructure without identity controls keeping pace, creating a growing and measurable security gap. 

The widening gap between AI adoption and AI readiness threatens to undermine the very efficiency gains organizations are chasing.

"AI has broken the camel’s back. The rapidly increasing complexity of computing infrastructure has been putting immense pressure on identity management in recent years. Most organizations have more groups and roles than employees, for example," said Ev Kontsevoy, CEO at Teleport. "And deploying non-deterministically behaving agents on top of this mess comes with unpleasant consequences."

Key Findings Highlight a Growing Leadership Blind Spot
 

The report reveals that AI adoption is already ubiquitous, but governance and identity controls have not kept pace:

• 92% of organizations have near-term AI initiatives in production infrastructure

• 85% of security leaders are concerned about AI-related infrastructure risk

• 59% report having experienced — or strongly suspect — an AI-related security incident

• 70% say AI systems have more access than a human in the same role

• 69% agree identity management must fundamentally change to support AI safely

Strikingly, access scope — not AI sophistication or organizational maturity — was the strongest predictor of security outcomes. Organizations with over-privileged AI systems reported a 76% incident rate, compared to just 17% among those that limited AI to only the privileges needed for the task at hand. This gap reflects a deeper, potentially systemic, identity risk. Over-privileged AI systems are typically deployed on fragmented identity architectures built on static credentials and duplicated service accounts. As AI operates continuously across tools and environments, this identity fragmentation and secrets sprawl dramatically amplify the blast radius of any misconfiguration or compromise.

“The data is clear,” said Kontsevoy. “It’s not the AI that’s unsafe. It’s the access we’re giving it.”

Confidence Is Not Security — and May Be Making Things Worse
 

Contrary to conventional wisdom, the study found that organizations most confident in their AI deployments experienced more than twice the incident rate of less confident peers.

Meanwhile, visibility remains dangerously low:

• 43% say AI makes infrastructure changes without human oversight at least monthly
• 7% don’t know how often AI is making autonomous changes at all

As AI systems move toward agentic behavior — planning, executing, and chaining actions independently — these gaps are expected to widen. 79% of organizations are already evaluating or deploying agentic AI, yet only 13% feel highly prepared for it.

Identity Emerges as the Deciding Factor
 

The research points to a clear conclusion: identity is the control plane for AI security. When organizations deploy AI on top of infrastructure that relies upon static credentials and fragmented identity systems, the risk grows exponentially. A prerequisite is deploying a unified identity layer that removes identity fragmentation and secrets sprawl. The need to make this transition is evident in the data:

• 67% of organizations still rely on static credentials for AI systems
• Static credentials correlate with a 20-point increase in incident rates
• Only 3% have automated, machine-speed controls governing AI behavior

Without unified identity, AI systems inherit broad, persistent permissions — amplifying the blast radius of any failure or compromise.

The Path Forward
 

The findings outline a clear mandate for leaders:

• Replace static credentials with strong  identity  for humans and AI
• Enforce least privilege by design — not as an afterthought
• Move governance controls to machine speed, not human review cycles
   

About the Report
 

The 2026 State of AI in Enterprise Infrastructure Security was commissioned by Teleport and conducted by Eleven Market Research in December 2025. The study includes qualitative interviews with 205 senior infrastructure and security leaders at organizations ranging from 500 to more than 10,000 employees.

👉 Download the full report.

About Teleport
 

Teleport, the AI Infrastructure Identity Company, prepares organizations for an AI future by establishing a unified identity layer for infrastructure, with humans, machines, workloads, and AI agents secured cryptographically with a hardware root of trust rather than vulnerable credentials. By replacing fragmented identity and access management systems with Infrastructure Identity, Teleport scales zero trust across cloud and on-prem environments, eliminating the complexity and risk created by identity fragmentation and credential sprawl. Teleport protects infrastructure from identity attacks, accelerates engineering by reducing infrastructure complexity, and secures non-deterministic agentic workflows. Headquartered in Oakland, CA, Teleport operates globally, with industry-leading customers such as Nasdaq, IBM, Doordash, and Elastic. For more information, visit www.goteleport.com or follow @goteleport.