[DigitalToday reporter Chi-gyu Hwang (황치규)] Microsoft released its AI security report, Cyber Pulse: An AI security report. It set out visibility, governance and zero-trust security principles for companies to adopt agents safely and accelerate innovation.

The report said the spread of AI agents is creating a new business risk in the form of a visibility gap. It forecast that organisations that take the lead in the race to adopt AI will be those that have systems in place for business, IT and security teams to work together to monitor agent activity, apply governance and strengthen security.

The report first stressed the importance of zero-trust principles. It listed least privilege access that grants only necessary permissions, explicit verification based on identity, device, location and risk, and assume compromise that always presumes the possibility of breach as core elements.

Microsoft forecast 2026 as the “year of AI agents”. It said the spread of low-code and no-code tools is creating an environment in which knowledge workers can develop agents themselves, and AI-based automation is rapidly spreading across industries.

The trend is also reflected in regional and industry indicators. The share of active agents by region was 42 percent in Europe, the Middle East and Africa, 29 percent in the United States, 19 percent in Asia and 10 percent in the Americas. By industry, software and technology accounted for 16 percent, manufacturing 13 percent, financial services 11 percent and retail 9 percent.

Agent adoption is occurring actively through various platforms. Microsoft provides an environment for companies to build and deploy agents directly, from Microsoft Fabric and Microsoft Foundry to Microsoft Copilot Studio and Microsoft Agent Builder.

The company said cases are increasing in which the rapid spread of agent adoption outpaces the level of security and compliance controls. As a result, shadow AI risks are expanding, and if malicious actors abuse agent access rights and permission scopes, agents can become unintended double agents. It said that, like human employees, agents granted excessive access rights or given inappropriate instructions can act as security vulnerabilities within an organisation.

The double-agent risk is not limited to a theoretical concern. Recently, the Microsoft Defender team detected a fraudulent attack campaign that exploited a memory poisoning technique. It involved multiple attackers continuously manipulating an AI assistant's memory to covertly steer future responses and weaken trust in system accuracy.

The Microsoft AI Red Team identified cases in which agents followed harmful instructions embedded in everyday content due to deceptive interface elements. It also confirmed cases in which manipulated task framing distorted the direction of an agent's reasoning.

Administrative risks are also growing. In a survey conducted by Hypothesis Group on Microsoft's behalf, 29 percent of employees said they had experience using unapproved AI agents at work. According to the Microsoft Data Security Index, only 47 percent of organisations had introduced generative AI security controls.

Frontier companies are modernising governance through AI agents, minimising unnecessary data sharing and gradually strengthening enterprise-wide control systems. The company said the report found this approach is emerging as a strategic asset that turns agent protection into a competitive advantage.

It also presented seven action tasks to minimise AI agent risks: defining the scope of operations, strengthening data protection systems, providing approved AI platforms, establishing incident response plans, setting up regulatory response systems, enterprise integrated risk management and fostering a culture of security innovation.