52% of your enterprise AI agents are running without a security log — here's what that looks like in practice

gravitee's 2026 state of ai agent security report landed this week with a number that should stop any platform team cold: on average, only 47.1% of an organization's AI agents are actively monitored or secured.

flip that around. more than half of the agents deployed inside large enterprises are operating without logging, without oversight, without any way to answer "what did that agent actually do?" after the fact.

the report covers ~3 million deployed agents across US and UK enterprise firms. that means roughly 1.6 million agents are flying completely dark right now.

the gap isn't a tooling problem — it's a structural one

the instinct is to reach for a SIEM or an APM dashboard and call it done. the problem is that agent actions don't map cleanly onto either model. a traditional log tells you a service call happened. it doesn't tell you whether the agent was authorized to make it, whether a human approved the decision upstream, or whether the outcome was within the bounds someone actually set.

what you're missing isn't observability. it's governance — the layer that connects what an agent did to what it was allowed to do and who said so.

the gravitee report calls this out directly: adoption has outpaced control. the fix isn't slowing adoption. it's building the control layer in parallel.

what the control layer actually needs to contain

from the teams i've seen get this right, three things matter:

1. decision-level audit trails, not just API call logs

you need a record of why the agent made the call, not just that it did. that means capturing the input context, the model's reasoning path (even summarized), and the output alongside the raw API log. without that, a post-incident review is guesswork.

2. identity-scoped permissions at runtime

the agent shouldn't inherit broad permissions from the service account that spawned it. each agent instance should be scoped to exactly what the task requires — and that scope should be verifiable on every call, not just at provisioning time. this is where most MCP gateway implementations fall short: they authenticate the agent once and trust it forever.

3. human override wired into the loop, not bolted on after

the gravitee data shows 52.9% unmonitored. a big chunk of that is agents that do have some monitoring but don't have a real override path. monitoring without override is just a better way to watch things go wrong. the override mechanism needs to be in the architecture before deployment, not added when something breaks.

the 84-day clock

EU AI Act full applicability hits August 2, 2026. high-risk systems — which includes agents operating in finance, HR, healthcare, and regulated workflows — require conformity assessments, documented risk management systems, and continuous monitoring.

the gravitee number is actually useful here: if you're in the 52.9% ungoverned cohort and you're deploying in any of those verticals, you have a hard deadline, not a soft one.

the way i've structured this for teams running BizSuite's ai-audit: start with the agents that touch regulated data or make financial decisions. get those to a documented, auditable state first. the rest can follow on a rolling basis. trying to govern all 3 million agents at once is how you get a 300-page policy document that nobody reads.

ship the audit framework for the 10% of agents that create 90% of the compliance exposure. then expand.

if you want to see what that looks like concretely — how we scope, what the audit trail captures, what a conformity assessment actually requires — the ai-audit runbook is at https://getbizsuite.com/ai-audit. 48-hour delivery, $997 flat.

NOTE: switching from phone-channel → article because no contact email or phone available; source is a public blog post; score 96 + product_fit ai-audit qualifies for article per routing rules.