“Ninety-seven percent of enterprise leaders expect a material AI-agent–driven security or fraud incident within 12 months.”
Arkose Labs survey of 300 security leaders
A report by Arkose Labs surveyed 300 security leaders to measure the gap between corporate readiness and security funding. The researchers reported a clear shift in enterprise risk management related to automated AI actors, and used the survey results to quantify how organizations are preparing — or not preparing — for that shift.
AI agents operating with legitimate credentials
Arkose Labs found that AI agents have "become active participants in operational workflows," a phrase the report uses to describe how automated tools are now operating inside enterprise environments. According to the report, these AI agents use legitimate credentials and interact across systems in manners that "closely resemble trusted activity," a behavior pattern that complicates detection by models tuned to older patterns of abuse.
Security funding: about 6% of budgets for AI-agent risk, 10% untracked
The report quantifies the funding response. Organizations allocate an average of about 6% of their security budgets specifically to AI-agent risk, Arkose Labs found. In addition, the report notes that 10% of organizations do not track AI-agent risk separately from other risk categories. Those figures frame the central contrast of the report: actors and workflows are changing quickly, while budget and measurement practices lag.
Expectation of near-term incidents: 97% within 12 months, 49% within six
Arkose Labs reported near-term expectations from enterprise leaders: 97% expect a material AI-agent–driven security or fraud incident within 12 months, and 49% anticipate such impact within six months. Those percentages compress the timeframe many security teams are preparing for and underscore the sense of urgency the report documents among corporate decision-makers.
What this means for technologists and security teams, enterprise leaders and procurement, and end users
- Technologists and security teams: The report’s description of AI agents using legitimate credentials and mimicking trusted activity presents a detection challenge that teams will need to confront; survey respondents’ funding allocations — an average of about 6% of security budgets for AI-agent risk — show how teams are currently resourcing that fight.
- Enterprise leaders and procurement: With 97% of leaders expecting a material incident within a year and nearly half expecting one within six months, the report signals pressure on procurement and budget prioritization — especially given that 10% of organizations do not track AI-agent risk separately.
- End users and the general public: The survey’s projection of imminent material incidents implies a higher probability of fraud or security events that could affect customer accounts and services, the report suggests, by drawing a link between AI-agent activity and enterprise-facing fraud and security exposure.
The Arkose Labs findings paint a simple but stark picture: automated agents are increasingly embedded in enterprise workflows in ways that look like legitimate users, while allocation and tracking of security funds for this risk remain modest. Whether organizations will shift budgets and detection models quickly enough to match the changing behavior of AI-driven actors is left implicit in the report’s numbers — but the survey’s near-term timelines make that question urgent.
Original story: https://www.securitymagazine.com/articles/102269-funding-has-limited-security-readiness




