Nearly two-thirds of organizations have suffered a confirmed AI identity-related security incident in the past 12 months, and the companies that feel most secure are being hit the hardest, according to new research from FusionAuth.
The 2026 State of AI and Identity Report, which surveyed 312 technology and security leaders, including CTOs, CISOs, and VPs of engineering, security, and platform, found that 65% of organizations reported a confirmed AI identity breach in the past year, with a further 23% reporting a near miss. Just 12% came through the year unscathed.
But the report’s most striking finding is not the breach rate itself; it is who is being breached. Among respondents who rated themselves “extremely confident” in their AI security posture, 84% had already experienced a confirmed incident. That figure falls to 64% for those “very confident” and just 17% for those who described themselves as “not so confident”. In other words, confidence and breach rates rise together.
The organizations at the top of the confidence scale share a common profile: broad AI deployment, comprehensive governance policies, formalized lifecycle processes, and heavy investment. On paper, they are doing everything right and they are still being breached at the highest rates.
“Confidence appears to be tracking deployment velocity and governance activity, not actual protection,” said Brian Bell, CEO of FusionAuth. “The faster organizations move, the more confident they feel. The faster they move, the larger their attack surface. Written policies don’t answer the questions that matter: Can you scope what each agent can access? Can you see what it’s doing? Can you prove what it accessed after the fact? Can you revoke access before a near miss becomes something worse? Architecture answers those questions. Policy alone does not.”
The report suggests self-reported maturity has become an unreliable signal of actual security posture, with implications for how the industry benchmarks AI readiness. It also notes that organizations with mature security programs may simply be better at detecting incidents, meaning lower-confidence organizations are not necessarily safer, just blind to what is already happening.
Shadow AI is now the norm
The findings paint a picture of AI adoption racing ahead of the controls meant to govern it. Some 88% of respondents say AI deployment is outpacing their identity and security infrastructure, while 80% report shadow AI, employees connecting AI tools to internal systems without security or IT review. In the highest-risk cohort, organizations that combine production AI features, widespread employee AI use, and multi-tenant SaaS identity platforms see shadow AI reach 96%, and the confirmed incident rate hits 90%.
Architecture emerged as the variable that most clearly separates outcomes. Organizations running multi-tenant SaaS identity platforms reported confirmed incidents at more than twice the rate of self-hosted deployments – 83% versus 38%. In a shared environment, the report argues, a single compromised token or misconfigured policy can cascade across every AI workflow connected to the identity layer, creating a far larger blast radius than in an isolated deployment.
The weakest lifecycle controls were auditing what AI agents accessed (formalized at just 70% of organizations) and revoking access when no longer needed (73%), precisely the controls that matter once agents begin acting autonomously.
Identity becomes a commercial problem
AI identity risk is also showing up in the sales cycle. Eighty-five percent of respondents have faced customer, partner, or regulatory demands to demonstrate tenant isolation, with 56% facing such demands frequently, turning what was once a backend implementation detail into a requirement that determines whether enterprise deals close.
The result is a market-wide investment cycle. Ninety-three percent say AI is causing or contributing to a reevaluation of identity infrastructure, and 91% expect identity investment to increase in the next 12 to 18 months. The top evaluation criteria, machine identity at scale (72%), deployment flexibility (57%), and fine-grained authorization (54%), point to an architectural reset rather than a budget refresh. Total cost of ownership ranked last, cited by just 11%.
“This isn’t a normal budget refresh — market-wide, organizations are resetting their identity architecture,” Bell added. “They’re prioritizing deployment flexibility, tenant isolation, and architectural control as defining the next era of identity. That means organizations are demanding more than policies or governance — they want actual runtime enforcement over who and what can access their systems.”
