Skills
Salt Security 1H 2026 Report: 49% of Enterprises Completely Blind to AI Agent API Traffic, 92% Lack Maturity for Agentic Security, 99% of Attacks Come from Authenticated Sources
Salt Security surveyed 300+ security leaders and found APIs have become the 'Agentic Action Layer' powering autonomous AI agents, but 48.9% of organizations cannot monitor their machine-to-machine traffic at all. Nearly all attack attempts (99%) now originate from authenticated sources — increasingly rogue agents with legitimate credentials but no human oversight, rate limiting, or behavioral guardrails. Two-thirds (65%) exploit OWASP API8 (Security Misconfiguration), dramatically amplified when over-permissioned APIs connect to AI agents. Meanwhile, 47% of organizations have delayed production releases due to concerns about securing agent-exposed APIs.
Source
↳ Follow the thread