Microsoft's Cyber Pulse

Microsoft has released its latest Cyber Pulse report, offering practical insights into emerging cybersecurity risks as AI agents become embedded in everyday business operations. One of the most pressing challenges identified is governance: AI agents are scaling faster than many organizations can see or manage them—and that visibility gap represents a growing business risk.

AI agent creation is no longer limited to technical teams

Across Microsoft’s ecosystem, customers are now building and deploying AI agents on every major platform—from Fabric and Foundry to Copilot Studio and Agent Builder—reflecting a broad shift toward AI-powered automation in the flow of work.

Agent building isn't limited to technical roles; today employees in various positions create and use agents in daily work. In fact, Microsoft data shows that over 80% of the Fortune 500 is deploying active agents built with low-code/no-code tools. With agent use expanding and transformation opportunities multiplying, now is the time to get foundational controls in place.

AI agents scale rapidly across regions and industries

AI agent adoption is accelerating globally, with Europe, the Middle East and Africa accounting for 42% of active AI agents, followed by the United States (29%), Asia (19%), and the Americas (10%). Growth is the strongest in highly regulated and operationally complex industries. After software and technology (16%), Manufacturing represents 13% of global AI agent usage, followed by Financial Services (11%) and Retail (9%). Across these sectors, AI agents are increasingly used for drafting proposals, analyzing financial data, triaging security alerts, automating repetitive processes, and surfacing insights at machine speed.

Blind spot and “The double‑agent” risk

The report warns that rapid AI agent deployment can outpace security and compliance frameworks, increasing the risk of shadow AI. Agents with excessive access—or influenced by misleading inputs—can be exploited by bad actors and turned into unintended “double agents”. Like human employees, AI agents require clear roles, limited privileges, and continuous oversight to avoid becoming a vulnerability. According to the Cyber Pulse report, already 29% of employees have turned to unsanctioned AI agents for work tasks.

“In Croatia and across region, AI agents are rapidly becoming digital coworkers in everyday business operations. But without clear rules, visibility, and accountability, they can also become a serious security liability. Innovation and security must move at the same speed. Organizations that apply Zero Trust principles, full observability, and centralized governance to AI agents—just as they do for people and systems—will reduce risk, strengthen trust, and be better positioned to compete in an increasingly regulated and digital European market and beyond”, said Tomislav Vračić, NTO Europe South Multi-country Cluster for Microsoft.

AI governance as a leadership responsibility

According to Microsoft’s Data Security Index, only 47% of organizations across industries report they are implementing specific GenAI security controls - highlighting an opportunity for organizations to gain clear visibility necessary for safe AI adoption.

AI governance cannot sit solely within IT, nor can AI security be delegated only to CISOs. It is a cross‑functional responsibility, spanning legal, compliance, HR, data teams, business leadership, and the board. When AI risk is treated as a core enterprise risk—alongside financial, operational, and regulatory risk—organizations are better positioned to move quickly and safely.

From risk management to competitive advantage

This is an exciting time for leading Frontier Firm, leading organizations that are already using AI moment to modernize governance, reduce overshared data, and implement security controls that enable responsible AI use. The Cyber Pulse report concludes that security and innovation are not opposing forces—they reinforce each other. Strong governance builds transparency, and transparency is becoming a decisive competitive advantage.

Organizations that act now will mitigate risk, accelerate innovation, protect customer trust, and build resilience into the fabric of their AI‑powered enterprises.

For more information:

• Cyber Pulse Report: Cyber Pulse: An AI Security Report | Security Insider
• Vasu Jakkal, Corporate Vice President, Microsoft Security blog: 80% of Fortune 500 use active AI Agents: Observability, governance, and security shape the new fron…
• Defender blog on AI attack that Cyber Pulse links to: Manipulating AI memory for profit: The rise of AI Recommendation Poisoning | Microsoft Security Blog

Methodology
The Cyber Pulse report is based on Microsoft firstparty telemetry measuring active AI agents built with Microsoft Copilot Studio and Agent Builder, as well as a multinational survey of 1,725 data security leaders conducted in 2025.