{“lastseen”:”2026-02-10T17:58:49″,”description”:”Today, Microsoft is releasing the new Cyber Pulse report to provide leaders with straightforward, practical insights and guidance on new cybersecurity risks. One of today\u2019s most pressing concerns is the governance of AI and autonomous agents. AI agents are scaling faster than some companies can see them\u2014and that visibility gap is a business risk.1 Like people, AI agents require protection through strong observability, governance, and security using Zero Trust principles. As the report highlights, organizations that succeed in the next phase of AI adoption will be those that move with speed and bring business, IT, security, and developer teams together to observe, govern, and secure their AI transformation.\\n\\nRead the latest Cyber Pulse report\\n\\nAgent building isn’t limited to technical roles; today, employees in various positions create and use agents in daily work. More than 80% of Fortune 500 companies today use AI active agents built with low-code\/no-code tools.2 AI is ubiquitous in many operations, and generative AI-powered agents are embedded in workflows across sales, finance, security, customer service, and product innovation. \\n\\nWith agent use expanding and transformation opportunities multiplying, now is the time to get foundational controls in place. AI agents should be held to the same standards as employees or service accounts. That means applying long\u2011standing Zero Trust security principles consistently:\\n\\n * **Least privilege access** : Give every user, AI agent, or system only what they need\u2014no more.\\n * **Explicit verification** : Always confirm who or what is requesting access using identity, device health, location, risk level.\\n * **Assume compromise can occur** : Design systems expecting that cyberattackers will get inside.\\n\\n\\n\\nThese principles are not new, and many security teams have implemented Zero Trust principles in their organization. What\u2019s new is their application to non\u2011human users operating at scale and speed. Organizations that embed these controls within their deployment of AI agents from the beginning will be able to move faster, building trust in AI.\\n\\n## **The rise of human-led AI agents**\\n\\nThe growth of AI agents expands across many regions around the world from the Americas to Europe, Middle East, and Africa (EMEA), and Asia.\\n\\n\\n\\nAccording to Cyber Pulse, leading industries such as software and technology (16%), manufacturing (13%), financial institutions (11%), and retail (9%) are using agents to support increasingly complex tasks\u2014drafting proposals, analyzing financial data, triaging security alerts, automating repetitive processes, and surfacing insights at machine speed.3 These agents can operate in assistive modes, responding to user prompts, or autonomously, executing tasks with minimal human intervention.\\n\\n_Source:_ _Industry Agent Metrics were created using Microsoft first-party telemetry measuring agents build with Microsoft Copilot Studio or Microsoft Agent Builder that were in use during the last 28 days of November 2025._\\n\\nAnd unlike traditional software, agents are dynamic. They act. They decide. They access data. And increasingly, they interact with other agents.\\n\\nThat changes the risk profile fundamentally.\\n\\n## **The blind spot: Agent growth without observability, governance, and security**\\n\\nDespite the rapid adoption of AI agents, many organizations struggle to answer some basic questions:\\n\\n * How many agents are running across the enterprise?\\n * Who owns them?\\n * What data do they touch?\\n * Which agents are sanctioned\u2014and which are not?\\n\\n\\n\\nThis is not a hypothetical concern. Shadow IT has existed for decades, but **shadow AI** introduces new dimensions of risk. Agents can inherit permissions, access sensitive information, and generate outputs at scale\u2014sometimes outside the visibility of IT and security teams. Bad actors might exploit agents\u2019 access and privileges, turning them into unintended double agents. Like human employees, an agent with too much access\u2014or the wrong instructions\u2014can become a vulnerability. When leaders lack observability in their AI ecosystem, risk accumulates silently.\\n\\nAccording to the Cyber Pulse report,**already 29% of employees have turned to unsanctioned AI agents for work tasks**.4 This disparity is noteworthy, as it indicates that numerous organizations are deploying AI capabilities and agents prior to establishing appropriate controls for access management, data protection, compliance, and accountability. In regulated sectors such as financial services, healthcare, and the public sector, this gap can have particularly significant consequences.\\n\\n## **Why observability comes first**\\n\\nYou can\u2019t protect what you can\u2019t see, and you can\u2019t manage what you don\u2019t understand. Observability is having a control plane across all layers of the organization (IT, security, developers, and AI teams) to understand: \\n\\n * What agents exist \\n * Who owns them \\n * What systems and data they touch \\n * How they behave \\n\\n\\n\\nIn the Cyber Pulse report, we outline five core capabilities that organizations need to establish for true observability and governance of AI agents:\\n\\n * **Registry** : A centralized registry acts as a single source of truth for all agents across the organization\u2014sanctioned, third\u2011party, and emerging shadow agents. This inventory helps prevent agent sprawl, enables accountability, and supports discovery while allowing unsanctioned agents to be restricted or quarantined when necessary.\\n * **Access control** : Each agent is governed using the same identity\u2011 and policy\u2011driven access controls applied to human users and applications. Least\u2011privilege permissions, enforced consistently, help ensure agents can access only the data, systems, and workflows required to fulfill their purpose\u2014no more, no less.\\n * **Visualization** : Real\u2011time dashboards and telemetry provide insight into how agents interact with people, data, and systems. Leaders can see where agents are operating, understanding dependencies, and monitoring behavior and impact\u2014supporting faster detection of misuse, drift, or emerging risk.\\n * **Interoperability** : Agents operate across Microsoft platforms, open\u2011source frameworks, and third\u2011party ecosystems under a consistent governance model. This interoperability allows agents to collaborate with people and other agents across workflows while remaining managed within the same enterprise controls.\\n * **Security** : Built\u2011in protections safeguard agents from internal misuse and external cyberthreats. Security signals, policy enforcement, and integrated tooling help organizations detect compromised or misaligned agents early and respond quickly\u2014before issues escalate into business, regulatory, or reputational harm.\\n\\n\\n\\n## **Governance and security are not the same\u2014and both matter**\\n\\nOne important clarification emerging from Cyber Pulse is this: governance and security are related, but not interchangeable.\\n\\n * **Governance** defines ownership, accountability, policy, and oversight.\\n * **Security** enforces controls, protects access, and detects cyberthreats.\\n\\n\\n\\nBoth are required. And neither can succeed in isolation.\\n\\nAI governance cannot live solely within IT, and AI security cannot be delegated only to chief information security officers (CISOs). This is a **cross functional responsibility** , spanning legal, compliance, human resources, data science, business leadership, and the board.\\n\\nWhen AI risk is treated as a core enterprise risk\u2014alongside financial, operational, and regulatory risk\u2014organizations are better positioned to move quickly and safely.\\n\\nStrong security and governance do more than reduce risk\u2014they enable transparency. And transparency is fast becoming a competitive advantage.\\n\\n## **From risk management to competitive advantage**\\n\\nThis is an exciting time for leading Frontier Firms. Many organizations are already using this moment to modernize governance, reduce overshared data, and establish security controls that allow safe use. They are proving that security and innovation are not opposing forces; they are reinforcing ones. Security is a catalyst for innovation.\\n\\nAccording to the Cyber Pulse report, the leaders who act now will mitigate risk, unlock faster innovation, protect customer trust, and build resilience into the very fabric of their AI-powered enterprises. The future belongs to organizations that innovate at machine speed and observe, govern and secure with the same precision. If we get this right, and I know we will, AI becomes more than a breakthrough in technology\u2014**it becomes a breakthrough in human ambition**.\\n\\nGet the full Cyber Pulse report\\n\\nTo learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.\\n\\n* * *\\n\\n1Microsoft Data Security Index 2026: Unifying Data Protection and AI Innovation, Microsoft Security, 2026.\\n\\n2Based on Microsoft first\u2011party telemetry measuring agents built with Microsoft Copilot Studio or Microsoft Agent Builder that were in use during the last 28 days of November 2025.\\n\\n3Industry and Regional Agent Metrics were created using Microsoft first\u2011party telemetry measuring agents built with Microsoft Copilot Studio or Microsoft Agent Builder that were in use during the last 28 days of November 2025.\\n\\n4July 2025 multi-national survey of more than 1,700 data security professionals commissioned by Microsoft from Hypothesis Group.\\n\\n**Methodology:**\\n\\nIndustry and Regional Agent Metrics were created using Microsoft first\u2011party telemetry measuring agents built with Microsoft Copilot Studio or Microsoft Agent Builder that were in use during the past 28 days of November 2025. ****\\n\\n**2026 Data Security Index:** \\n\\nA 25-minute multinational online survey was conducted from July 16 to August 11, 2025, among 1,725 data security leaders. \\n\\nQuestions centered around the data security landscape, data security incidents, securing employee use of generative AI, and the use of generative AI in data security programs to highlight comparisons to 2024. \\n\\nOne-hour in-depth interviews were conducted with 10 data security leaders in the United States and United Kingdom to garner stories about how they are approaching data security in their organizations. \\n\\n**Definitions:** \\n\\n**Active Agents** are 1) deployed to production and 2) have some \u201creal activity\u201d associated with them in the past 28 days. \\n\\n**\u201cReal activity\u201d** is defined as 1+ engagement with a user (assistive agents) **_OR _**1+ autonomous runs (autonomous agents). \\n\\nThe post 80% of Fortune 500 use active AI Agents: Observability, governance, and security shape the new frontier appeared first on Microsoft Security Blog.”,”published”:”2026-02-10T16:00:00″,”modified”:”2026-02-10T16:00:00″,”type”:”mssecure”,”title”:”80% of Fortune 500 use active AI Agents: Observability, governance, and security shape the new frontier”,”source”:””,”references”:””,”id”:”MSSECURE:3473F8B5F827899663D1AB49424963D2″,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.microsoft.com\/en-us\/security\/blog\/2026\/02\/10\/80-of-fortune-500-use-active-ai-agents-observability-governance-and-security-shape-the-new-frontier\/”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-02-10T17:58:49″,”description”:”Today, Microsoft is releasing the new Cyber Pulse report to provide leaders with straightforward, practical insights and guidance on new cybersecurity risks. One of today\u2019s…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,110,13,33,7,11,5],"class_list":["post-40106","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-mssecure","tag-news","tag-none","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n