Teleport Report: Over-Privileged AI Systems Cause 4.5x More Security Incidents

A new report from infrastructure identity management firm Teleport reveals that enterprises granting excessive access permissions to AI systems experience security incidents at 4.5 times the rate of organizations with proper AI privilege controls. The finding highlights a critical gap between AI deployment speed and identity management capabilities.

Key Findings

• Companies surveyed: 205 CISOs, security architects, platform leads
• 92% have AI in infrastructure production environments
• 85% of security leaders worried about AI risks
• 59% experienced or suspect AI-related security events
• Over-privileged AI incident rate: 76%
• Least-privilege AI incident rate: 17%

The Core Problem: Static Credentials

• 67% of enterprises still use static credentials for AI systems
• Static credentials increase security incident probability by 20%
• Only 3% have machine-level automated governance capabilities
• 43% report AI modifies infrastructure configurations unsupervised monthly
• 7% have no visibility into AI's autonomous change frequency

The Confidence Paradox

A counterintuitive finding: companies most confident in their AI deployments experienced 2x more security incidents than cautious organizations. Overconfidence correlates with underinvestment in governance.

CEO Quote

"AI is just the straw that broke the camel's back. Infrastructure complexity has been overwhelming identity management for years. Deploying unpredictable agents on top of this chaotic system inevitably leads to serious consequences." -- Ev Kontsevoy, CEO of Teleport

Recommendations

1. Replace static credentials with short-lived, least-privilege credentials for both humans and AI
2. Implement machine-speed automated governance (not human review)
3. Build unified identity layers managing people, machines, and AI agents
4. 43% of enterprises have no formal AI governance -- this must change urgently

The report underscores that as agentic AI systems gain autonomous planning and execution capabilities, identity infrastructure must evolve at the same pace to prevent catastrophic security incidents.