--- title: "Only 11% of AI agents pass the security bar. Here's the board conversation behind the number." slug: harness-11-percent-agents-pass-board-question date: 2026-06-04 excerpt: An independent assessment this week scored production AI agents and found only 11 percent fortified. The number your board should actually fix on is 83 percent. Here is the calm version of that conversation. featured_image: "https://bbtxujdxvidaghmhxkqs.supabase.co/storage/v1/object/public/generated-images/blog-1780555377569-harness-11-percent-agents-pass-board-question.webp" featured_image_alt: A boardroom table seen from above with a single laptop showing a security dashboard, most of the agent status indicators amber, one green, conveying that few AI agents are fully fortified. canonical_url: https://cerevisor.com/blog/harness-11-percent-agents-pass-board-question updated_at: 2026-06-04T06:42:58.704442+00:00 --- # Only 11% of AI agents pass the security bar. Here's the board conversation behind the number. TLDR An independent assessment published this week scored production AI agents and found only 11 percent sit in the fortified category. The number that should actually hold a board's attention is 83 percent: the share of claimed defenses with no independent verification. Adoption is settled. Verified defense is the open question, and it is a governance decision before it is an engineering one. This week an assessment called the AI Risk Quadrant landed in the security press, and the headline traveled fast. Help Net Security reported it on June 3: of the production AI agents scored, only 11 percent fell into the “fortified” group where a high attack surface is matched by strong defenses. In the same 48 hours, Salt Security published a survey finding that 90 percent of security leaders are worried about AI-generated code, and Microsoft shipped a full enterprise stack for securing AI agents. Three signals, one message, and it is already sitting on the board’s desk. So a director is going to forward that 11 percent number to a CEO with a one-line note: “Are we in the 11 percent?” This is the calm version of the answer. --- ## What it actually means Here is the thing about the 11 percent figure. It is the attention-grabber, but it is not the number that should change a decision. The number that should is 83 percent. As the AIRQ assessment put it, “Eighty-three percent of claimed defenses lack independent verification.” Read that twice. Most organizations are not undefended. They have controls. The problem is that the controls are self-asserted by the same team that built the agent, and nobody outside that team has checked whether they actually fire. That is the gap a board exists to close, and it is a familiar one. It is the same reason audit committees do not let finance grade its own homework. The reframe worth carrying into the room: the risk is not that an agent writes code. It is that an agent holds a credential, executes a tool, and acts on a production system without a verified guardrail in the path. The same assessment found that tool execution alone explains 76 percent of an agent’s blast radius. That is where the danger concentrates, and it maps cleanly onto something a board already understands, which is who can touch what. 83% of claimed AI-agent defenses lack independent verification (AI Risk Quadrant assessment, via Help Net Security, June 2026) The scale is what makes this a board topic rather than a backlog ticket. Salt Security’s survey, conducted by Censuswide across 100 security leaders in the UK and US, found that 67 percent now report AI coding assistants widely adopted across their teams, with nearly half of all enterprise code now generated by those assistants. And 38 percent still rely primarily on manual review to catch what the agent gets wrong. Half the code, eyeballed by hand. That is not a sustainable control, and most leaders already sense it. --- ## Three questions your board will ask Good directors will not ask about models or benchmarks. They will ask three [governance](/blog/which-ai-agents-exposed-giants) questions, and it helps to have the answers ready before the meeting rather than during it. **One: how many of our agents are fortified, and who verified that?** The honest follow-up is “independent of the team that built them.” If the only evidence is the engineering team’s own assurance, that is exactly the 83 percent the report is warning about. The answer a board can accept is a verification done by someone who does not report to the builder. **Two: nearly half our code is AI-authored. What is our verification rate, and is it a number or a feeling?** A CEO who can say “agent-written changes pass an automated, independent check at this rate, and here is the trend” is in a different room than one describing good intentions. **Three: the platform vendors are now selling the fix. Are we buying, building, or running without one?** Microsoft’s announcement this week was not a feature. It was a product line: a multi-agent discovery system, an agent registry, container isolation, and audit tooling, fed by what the company described as telemetry from “more than 100 trillion security signals per day.” Salt Security launched its own agent-security product the same week. When [governance](/blog/series-a-ai-governance-build-vs-buy) becomes something [procurement](/blog/series-b-ai-vendor-58-percent-2026-04-29) can buy, “we have not decided” stops being a neutral position. > "Eighty-three percent of claimed defenses lack independent verification, according to the assessment." Help Net Security, reporting the AI Risk Quadrant assessment, June 2026 --- ## The 60-second brief If there is one minute with the board, it goes like this. Adoption is no longer the question. Roughly half our code is AI-generated and that is true across the industry, not just here. The open question is verified defense, and the single most board-defensible metric is the share of production agents whose controls have been checked by someone independent of the builder. Sandboxing and container isolation are not nice-to-haves; the same assessment found they cut risk by 2.6 and 6 times respectively. We are funding the verification side to catch up with the authoring side, and we will report that number every quarter. > The board's job is not to slow the agents down. It is to turn self-asserted controls into independently verified ones. --- ## What to watch Watch whether agentic security folds into the platform bill the way billing and [governance](/blog/agent-register-series-b-board-q3) did over the past month. If it does, the decision moves from “should we secure agents” to “whose control plane do we standardize on, and who owns the kill switch when one misbehaves.” That is a procurement conversation worth having on purpose, calmly, before a screenshot of the 11 percent chart forces it. Key Insight The work of the next two quarters is not building more controls. It is independently verifying the ones already in place, and reporting that verified share as a standing board number. The teams that get this right will not be the ones with the most security tooling. They will be the ones who stopped grading their own homework. #### Sources - [Only 11% of production agents pass the AI agent security bar](https://www.helpnetsecurity.com/2026/06/03/research-ai-agent-security-capability/) - Help Net Security, 2026-06-03 - [New Research Reveals 9 in 10 Security Leaders Concerned About AI-Generated Code Risks](https://www.prnewswire.com/news-releases/new-research-reveals-9-in-10-security-leaders-concerned-about-ai-generated-code-risks-302788323.html) - PR Newswire (Salt Security), 2026-06-02 - [Microsoft responds to security challenges facing code, AI agents, and models](https://www.helpnetsecurity.com/2026/06/03/microsoft-ai-agent-security-capabilities/) - Help Net Security, 2026-06-03