A new report by Salt Security (Securing the Future of Agentic AI: Building Consumer Trust through Robust API Security) highlights a critical warning: without proper Application Programming Interface (API) discovery, governance and security, the very technology meant to drive smarter customer engagement could open the door to cyber attacks or data leakage. The research also reveals an increasing trust gap between businesses deploying agentic AI for external communications and consumers wary of sharing personal information due to security concerns.
Because APIs power AI agents, with the ability to make requests, retrieve data and interact across different platforms, the common thread towards improving confidence in agentic AI interactions is API security. The report proposes that once security is strengthened, consumer trust will follow and allow agentic AI to reach its full business potential.
Censuswide carried out the survey on behalf of Salt Security of 1000 US-based consumers and 250 organisations with 250+ employees who are already using agentic AI. The unique report delved into both sides of the agentic AI equation – those organisations already using it and consumers that are encountering it.
According to the report, a significant number of organisations are already deploying or planning to deploy this technology for customer-facing roles, with over half (53%) indicating this. The adoption of AI agents is widespread, with nearly half of organisations using between 6 and 20 types, and a notable 19% deploying between 21 and 50. The number of active agents within systems is also high, as 37% of organisations report having between 1 and 100, while a substantial 18% host between 501 and 1000 agents.
However, despite this widespread adoption, the report reveals a concerning gap in security and governance. Only 32% of organisations conduct daily API risk assessments, and a mere 37% have a dedicated API security solution or a data privacy team to oversee their AI initiatives. In fact, a small but worrying 7% of organisations assess API risk monthly or even less frequently.
On the other hand, consumer interactions with AI chatbots have significantly increased over the past year, with 64% of people engaging with them more frequently. A large majority of these users, 80% to be exact, have shared personal information during these conversations. This is often due to a sense of pressure, as 44% of consumers admit they have felt compelled to share information just to get a task done. Despite these frequent interactions, there is a clear lack of trust, with only 22% of consumers feeling comfortable sharing data with AI agents. This contrasts sharply with the 37% who trust phone interactions and the 54% who feel comfortable sharing data in person. Additionally, a majority of people, 62%, believe that AI agents are easier to deceive than humans.
“Agentic AI is changing the way businesses operate, but consumers are clearly signalling a lack of confidence,” said Michael Callahan, CMO at Salt Security. “What many organisations overlook is that the safety and success of AI depends on APIs that power it and they must be effectively discovered, governed and secured. Otherwise, the trust gap will widen, and the risks will escalate.”
APIs form the digital foundation for AI agents, enabling them to retrieve data, trigger actions, and interact across platforms. However, each connection adds a potential attack surface. As AI agents automate more tasks and handle sensitive information, weaknesses in API authentication, input validation and access control become high-risk vulnerabilities.
The report outlines key best practices, including continuous API monitoring and anomaly detection using AI tools, encryption for data in transit and at rest and regular security testing and developer training.
“As AI agents become more autonomous and embedded in business operations, securing the APIs that power them should be an urgent priority as this is a problem that will just keep compounding until it’s out of control,” Michael Callahan concluded. “Securing API infrastructure needs to happen now to reduce risk, improve trust, bolster innovation and increase overall cyber resilience.




