AI Agents: A Growing Challenge for Organizations Amidst Uncontrolled Disruptions

The Rise of AI Agents in Organizations and Their Risks

In today's rapidly evolving technological landscape, artificial intelligence (AI) agents have become increasingly prevalent within large organizations. While these agents are designed to assist with decision-making and data management, they also pose significant risks that are often overlooked. Unfortunately, many organizations are deploying these AI systems faster than they can effectively monitor and govern them. This reality has become a pressing issue that organizations must confront head-on.

A recent study conducted by Economist Enterprise, as part of the Tech Frontiers initiative and supported by Rubrik, highlights this growing concern. The research surveyed over 800 business decision-makers across nine countries, shedding light on the disruptive nature of AI agents. The striking finding is that a staggering 98% of organizations have already experienced at least one incident related to AI agents that resulted in disruptions. Worryingly, nine out of ten of these organizations anticipate that more incidents are on the horizon, regardless of the safeguards that are put in place.

The Inevitable Disruption

The overarching implication of the study is that the disruption caused by AI agents is no longer merely a risk to be avoided; it is a reality that must be managed. For leaders, identifying the areas most vulnerable to agent-related incidents is crucial. They cite regulatory fines, supply chain disruptions, revenue losses, and reputational damage as the primary business areas affected. Notably, this indicates a shift where agentic risk is perceived as a business challenge rather than solely a technological one.

Despite their awareness of these risks, organizations significantly lack the necessary visibility into their AI systems. Approximately 66% of organizations admit that they cannot fully track their AI agents, leaving them unable to detect, contain, or reverse failures when they arise. This gap between confidence and actual capability is alarming. For instance, while 95% of organizations have established recovery time objectives, many of these remain poorly defined or informal. Interestingly, only 30% of organizations possess robust and tested mechanisms to roll back harmful actions taken by AI agents, creating an alarming situation when incidents occur.

A Disconnect in Cybersecurity Preparedness

This issue extends beyond the technical challenges posed by AI agents; it reaches the highest levels of corporate governance. According to the research, only 25% of organizations regularly report on their performance in cyber recovery to senior leadership. This lack of transparency leaves top executives ill-equipped to make informed decisions about AI investments, particularly given the absence of visibility regarding the organization's ability to recover from potential AI disruptions.

Kavitha Mariappan, the Chief Transformation Officer at Rubrik, emphasized the gravity of this situation, stating, "Two-thirds of organizations cannot tell you what their agents did five minutes ago. When an incident unfolds at machine speed, that is not an inconvenience; it is the difference between containment and catastrophe." This underscores the urgency for organizations to catch up with the pace of AI agent deployment.

Furthermore, the investment trends in cybersecurity are exacerbating this issue. Organizations commonly allocate a larger portion of their budgets to prevention, with 55% dedicated to preventive measures compared to 45% for response and recovery. Many leaders predict this imbalance will persist until at least 2030, further complicating their ability to effectively manage the risks introduced by AI agents.

Defining Cyber Resilience in the Agentic Era

To address these challenges, the research identifies three critical capabilities that distinguish resilient organizations from others entrenched in chaos when incidents occur:
1. Full Observability: Organizations cannot control what they cannot see; without visibility into the actions and statuses of their AI agents, detection and recovery become wildly unpredictable.
2. Rapid Response and Recovery: As incidents escalate at machine speed, the time window for organizations to contain them is measured in mere minutes. Alarmingly, only 30% of organizations have the necessary rollback capabilities to counteract harmful AI agent actions.
3. Regular Testing and Validation: Even having a recovery plan is insufficient. Of the 73% of organizations that do define their minimum viable business configurations, less than half regularly test them, leaving their adaptation to pressure unproven.

In the wake of these findings, organizations should reassess their approaches to managing AI agent deployments. A shift in mindset and strategy is necessary; instead of solely focusing on prevention, they should prioritize preparedness, containment strategies, and rapid recovery provisions. This reorientation is essential in the agentic era, where disruption is not just probable but an unavoidable reality.

Organizational leaders now face the critical decision of how to navigate this new landscape marked by agentic systems. The key lies in adapting practices to not only meet the challenges of AI agents but to embrace the potential they offer for innovation and efficiency.