IT Brief Ireland - Technology news for CIOs & IT decision-makers
Ireland
AI agents emerge as top cyber threat, Exabeam finds

AI agents emerge as top cyber threat, Exabeam finds

Wed, 8th Jul 2026 (Today)
Mark Tarre
MARK TARRE News Chief

Exabeam has published survey findings showing that cybersecurity professionals see AI agents and autonomous systems as a leading security concern. The poll also found that most respondents believe AI has improved security team productivity.

Among 134 cybersecurity professionals surveyed, 87% said AI had improved their team's productivity, while one in four identified AI agents and autonomous systems as the single greatest cybersecurity threat facing their organisation.

The results point to a split view of AI inside security operations. Respondents said the technology is helping teams work more effectively, but also raised concerns about AI systems operating within organisations with legitimate access to systems and information.

External threat actors remained the most frequently cited cybersecurity threat, named by 40% of respondents. AI agents and autonomous systems ranked alongside compromised insiders and ahead of malicious insiders, cited by 9% of those surveyed.

The findings also suggest concern about insider risk remains entrenched. Nearly half, or 46%, said insider threats had increased over the past 12 months, while 43% said the level had stayed the same. Only 4% said insider threats had decreased.

Almost three-quarters of respondents, or 72%, said executive leadership underestimates insider threat risk.

Changing risk

The survey focused on security professionals who engaged with Exabeam at Infosecurity Europe in London, with about 78% of respondents based in the UK and Ireland. The results offer a snapshot of practitioner sentiment on how AI is changing the threat landscape inside organisations.

Findlay Whitelaw, Field CISO at Exabeam, said the growing use of AI across businesses is creating a new category of identity that security teams must monitor.

"As organisations deploy AI across the business, they're introducing a new class of trusted identities," Whitelaw said.

"AI agents can access systems, process sensitive information and make decisions autonomously using legitimate credentials. Security teams aren't just protecting people anymore. They're securing trusted identities, whether they're human or AI."

The concern highlighted by respondents reflects a wider shift in cyber defence, as internal misuse, compromised credentials and automated access receive more attention. Unlike conventional attackers operating from outside a network, AI systems may function through approved workflows and established permissions, making unusual activity harder to distinguish from routine operations.

That challenge has direct implications for detection and investigation teams. If software agents can act with broad authority and interact with sensitive data, security teams need better visibility into what normal behaviour looks like for both human users and automated identities.

Insider focus

Whitelaw said the issue should be viewed as an evolution of insider risk rather than a wholly new category of threat.

"Insider risk hasn't disappeared, it has evolved," Whitelaw said.

"The challenge is no longer limited to monitoring employees or compromised accounts. Organisations also need to understand how AI agents behave and identify abnormalities before they become business risk. Understanding behaviour across both human and AI identities is essential to protecting the modern enterprise."

The data underlines how AI is reshaping security priorities for practitioners. While much public debate still centres on external attackers and ransomware groups, the survey indicates that many security professionals are also considering what happens when AI tools are embedded into everyday business processes and granted access to internal systems.

Exabeam, which focuses on behavioural analytics and insider threat detection, said more than 3,000 enterprises use its products worldwide. The company positions AI-related identity monitoring as an extension of established work on user and entity behaviour analytics, with attention shifting from employee activity alone to a broader mix of human and non-human actors.