New Delhi, India – April 21, 2026 – The enterprise push into AI agents is outpacing the ability to secure them, according to new research from Rubrik Zero Labs.
Rubrik (NYSE: RBRK) today announced the findings from the report, which show organisations are operationalising autonomous systems without the controls required to govern them, introducing a gap between innovation and security.
Based on a survey of more than 1,600 global IT and security leaders, the report reveals the following:
- 82% of Indian enterprises expect AI agents to outpace their organisation’s security guardrails within the next year.
- Only 26% report full visibility into the agents operating in their environments, which the report notes is likely an over-estimation on the part of respondents. The result is the inability to secure identities that are already making decisions, taking actions, and interacting with critical data.
The gap is compounded by identity sprawl. Non-human identities tied to agents are proliferating faster than enterprises can track or govern them, forming what researchers describe as a “shadow workforce.” These identities often operate with persistent access and limited oversight, creating new pathways for misuse, compromise, and lateral movement.
At the same time, the operational promise of AI agents is under strain. The report also found:
- More than 82% of Indian respondents report agents require more manual oversight than they save in efficiency.
- 81% say they lack the ability to roll back agent actions without system disruption. Recovery, not prevention, is emerging as a primary point of failure. Nearly nine in ten leaders expressed concern about meeting recovery objectives as agent-driven threats increase.
The threat itself is accelerating. Nearly half of respondents expect agentic systems to drive the majority of attacks in the coming year, reflecting a broader shift in how adversaries operate. Autonomous systems compress timelines, scale attacks, and blur the line between insider risk and external compromise.
“AI disruption is real and rapidly accelerating in India, yet many organisations lack the visibility, control, and restoration capabilities required to securely manage AI-driven environments,” said Ashish Gupta, Managing Director, India & Head of Engineering at Rubrik. “Organisations must move fast to embrace AI disruption, while maintaining a strong focus on resilience, governance, and security, ensuring risks are effectively managed in an increasingly complex and dynamic digital landscape.”
For boards and executive teams, the implication is immediate. AI strategy is now inseparable from resilience strategy, yet many Indian organisations are not equipped to operationalise AI agents.
To highlight this, Rubrik Zero Labs found that 66% of Indian respondents believed that AI security advice is still too theoretical or early-stage to be practical. In addition, 38% of Indian organisations expect that up to 50% of cyberattacks in the next 12 months could be driven by agentic AI. Organisations that continue to prioritise deployment speed over control mechanisms risk creating environments where failures cannot be contained or reversed.
Rubrik Zero Labs’ report, The State of the Agent: Understanding Adoption, Risk, and Mitigation, combines global survey data with technical analysis of emerging attack vectors across the tool, cognitive, and identity layers of AI systems. The research outlines a shift already underway: security is no longer about preventing breach alone, but about maintaining control in systems that no longer wait for human input.
