Your Agents Have No Owners, and RSA 2026 Just Put a Number on the Problem

RSA Conference 2026 in San Francisco turned the "agentic AI governance gap" from an abstract concern into a measurable crisis. New data presented at the conference paints a stark picture: 88% of organizations reported confirmed or suspected AI agent security incidents in the past year. In healthcare, that number is 92.7%. Yet 82% of executives report confidence that their existing policies are sufficient.

The disconnect is structural, not informational. Only 14.4% of organizations send agents to production with full security or IT approval. The rest operate in a gray zone where employees deploy agents across platforms like Microsoft Copilot Studio, Salesforce Agentforce, and n8n without centralized oversight. Brian Rankin at USDM Life Sciences called it the "agents without owners" problem: autonomous systems with access to corporate data, no clear accountability chain, and no standardized governance framework. For anyone building agent infrastructure or evaluating enterprise agent startups, the RSA data confirms that the governance tooling market is not speculative. It is responding to active, documented harm.