Salt Security has released its 1H 2026 State of AI and API Security: Navigating the Agentic Era report, revealing a widening gap between the rapid deployment of AI agents and the security programs designed to protect them. The research finds that while autonomous AI agents are being deployed at enterprise scale, 92% of organisations lack the advanced security maturity required to defend these environments.
AI is reliant on APIs in order to work properly and carry out autonomous actions. APIs are fast becoming the execution layer for AI systems, powering every action taken by agents, large language models (LLMs), and Model Context Protocol (MCP) servers. Because of this, the number of APIs in use in organisations today have exploded, with two-thirds (66%) reporting growth of over 50% in the last year.
However, as organisations scale AI-driven automation, security is failing to keep pace, creating what Salt Security defines as the “Agentic Security Gap”. The security of modern AI environments now requires visibility and control across the entire agentic AI stack, not just individual APIs.
Roey Eliyahu, Co-Founder and CEO at Salt Security, said: “You cannot secure AI agents without securing every layer they touch, including the APIs they call, the MCP servers they route through, and the data they access. Risk in the agentic era doesn’t sit in one place. It lives in how all of those pieces interact in real time.”
The research, based on a survey of 327 security leaders, reveals that while AI adoption is accelerating, security maturity is struggling to keep pace. Nearly half (47%) of organisations have delayed production releases due to API security concerns, and almost one third (32%) experienced an API security incident in the past year. Despite this, only 8% report having advanced API security maturity, leaving the majority underprepared. At the same time, two-thirds (66%) reported API growth of more than 50% in the past year, largely driven by increased automation and AI adoption.
Additionally, 79% of boards and executive teams have increased scrutiny of AI security risks, yet only 18% are extremely confident in their ability to detect attacks leveraging Generative AI, a confidence gap that reflects the inadequacy of legacy tools in agentic environments.
The findings also highlight a significant shift in the threat landscape, with attackers no longer forcing entry but instead operating within trusted systems, often via AI-driven processes. According to the data, nearly all (99%) attack attempts analysed by Salt Labs originate from authenticated sources, increasingly involving rogue agents using legitimate credentials but lacking human oversight, rate limiting or behavioural guardrails. In addition, almost two-thirds (65%) of attacks exploit security misconfiguration (OWASP API8), a vulnerability that is significantly amplified when over-permissioned APIs are connected to AI agents capable of querying, chaining and exfiltrating data at machine speed.
The report concludes that API security is no longer a subset of application or cloud security, but a foundational discipline in its own right. As APIs now account for the majority of web traffic and power all AI agent activity, they represent a distinct and critical attack surface that existing security pillars were not designed to protect.
To address this shift, Salt Security is advancing a new model for enterprise security called the Agentic Security Graph, which maps the relationships between LLMs, MCP servers and APIs. Together, these components form the agentic stack, providing the context needed to understand not just what AI systems generate but also what they do across enterprise environments.
“Salt Security was founded on the belief that APIs are the most critical and most overlooked attack surface in the enterprise. As AI agents have emerged, it has become clear that APIs are just one pillar in a much larger, deeply connected system,” said Roey Eliyahu, Co-Founder and CEO at Salt Security. “Today, we secure the entire agentic environment, the llm, agents, MCP servers, APIs and the data they access. Our 1H 2026 research confirms that this isn’t a future problem, it’s happening now, and most organizations are not ready.”
