AI agents blamed for security incidents at 9 in 10 healthcare firms as ‘digital workforce’ goes rogue

• Nearly 90% of firms in financial services and transport sectors industries report security incidents caused by autonomous systems.
• Manufacturing and telecommunications face a significant governance blind spot, as research reveals half of the AI agents deployed in these fields are operating entirely unmonitored.
• Over 80% of organizations across all major industries admit to AI-related data leaks as the new ‘digital workforce’ outpaces security protocols.

Denver – The vast majority of firms (over 80%) across all major industries are reporting AI-related security breaches and data leaks, according to new research from Gravitee.

In the manufacturing and telecommunications sectors, half of AI agents are currently unmonitored.

Meanwhile, more than 90% of healthcare organizations have experienced a security or data privacy incident related to AI agents in the last year.

Financial services firms are close behind, with 88.7% reporting security incidents—a stark figure given nearly half (47%) of their AI agents are unmonitored.

The travel and transport sector faces a similar crisis, where 87.3% of companies have flagged incidents, operating with 46% of their autonomous agent workforce currently outside of governance structures.

The research of 750 CTOs and tech VPs  was carried out on behalf of Gravitee, a leading provider of API management and agentic AI solutions.

Sector	% of AI agents that are unmonitored
Financial services	47.21
Travel and transport	45.98
Telecomms	49.03
Manufacturing	50.10
Healthcare	42.41

AI agents, autonomous ‘digital workers’ that execute complex tasks without human interference, are expected to bring productivity gains to firms across the globe. But this new research reveals that they are being deployed faster than security teams can keep up.

Without proper governance, AI agents can ‘go rogue’ – exhibiting unintended or unwanted behaviours such as making incorrect decisions, exposing data, or triggering security breaches.

These missteps underscore the risks of deploying autonomous systems without guardrails.

“There are now over 3 million AI agents operating within corporations, a workforce larger  than the entire global employee count of Walmart,” said Rory Blundell, CEO of Gravitee “But far too often, these autonomous agents are left ungoverned and unchecked. Every day, I hear stories of catastrophic data leaks and unauthorized deletions. Without governance, these agents will stop being productivity gains and start becoming liabilities: a danger to consumers and businesses alike.”

Gravitee’s AI Agent Management platform gives organizations the power to secure, manage, and observe interactions between APIs, Events, and Agents – all within the same unified framework. The Denver-based software provider was recognised by Gartner® as a Leader in the 2025 Gartner Magic Quadrant™ for API Management.

In January, Gravitee launched Gravitee 4.10: establishing the non-negotiable foundation for AI Agent Management, controlling identity, access, policies, and trust for every agent interaction. It allows teams to run AI agents in production with the same discipline they already apply to APIs and event streams. Last year, Gravitee hosted the inaugural A2A (Agent-to-Agent) Summit – the world’s first conference for the A2A protocol, bringing together the industry’s brightest minds to shape how this new ecosystem evolves.

About Gravitee

Gravitee.io, with a valuation of over $300m, is the open-source leader in Agentic API & Event Management. The Gravitee platform empowers enterprises to design, secure, and govern APIs, event streams, and AI-driven interactions across hybrid, multi-cloud, and edge environments. With a federated, agent-ready approach and native support for real-time traffic and autonomous agents via the Gravitee Agent Mesh, Gravitee enables secure, scalable, and intelligent connectivity in an increasingly complex ecosystem.

Methodology

On behalf of Gravitee, Opinion Matters surveyed 750 (500 US, 250 UK) individuals with the job titles: CIOs & CTOs, VPs of engineering / DevOps, Heads of Platform / API Management working in banks and enterprise firms with 250+ employees, across a range of industries.

Survey conducted in December 2025.