The Gap Between Adoption and Action

There is a statistic from the first quarter of 2026 that should be on every operations director's desk, and almost certainly is not. Eighty-five percent of organisations are now experimenting with AI agents in some form. Only five percent have moved any of those agents into production. Eighty percentage points between buying the technology and running it. Gartner predicts that over 40% of agentic AI projects will be cancelled by the end of 2027. The reason has almost nothing to do with technology, and almost everything to do with what the business is willing to authorise. This article explains the gap, the race nobody is talking about properly, and what the small minority of enterprises doing this well share in common.

The Gap Between Adoption and Action

Cisco's most recent survey found that 85% of organisations are experimenting with AI agents. Only 5% have deployed them in production. The reason has almost nothing to do with technology, and almost everything to do with what your business is willing to authorise.

There is a statistic from the first quarter of 2026 that should be on every operations director's desk, and almost certainly is not.

Eighty-five percent of organisations are now experimenting with AI agents in some form. Only five percent have moved any of those agents into production (Cisco, 2026).

Eighty percentage points between buying the technology and running it. Among broader research aggregating IDC, Gartner, McKinsey and Salesforce datasets, the gap is slightly narrower at sixty-eight percentage points, with 79% of enterprises having adopted AI agents in some form and 11% running them in production, but the direction is the same (Digital Applied, 2026). On either measurement, this is the largest deployment backlog in the recent history of enterprise technology. Cloud, ERP, CRM, mobile, SaaS, none had a gap this wide between purchase and use.

The conventional assumption is that the technology is not ready. The evidence does not support that. Among the small group of organisations that have closed the gap, ROI figures from primary research suggest average returns of 171% and median payback inside nine months. The technology works. The prize is real. Something else is keeping everyone else stuck.

What is actually blocking deployment

Gartner published a forecast in June 2025 that over 40% of agentic AI projects will be cancelled by the end of 2027, and was explicit about why. Anushree Verma, a Gartner senior director analyst quoted in the press release, named the causes plainly: escalating costs, unclear business value, and inadequate risk controls (Gartner, 2025).

The same Gartner research delivered a finding that has not had the attention it deserves. Of the thousands of vendors marketing themselves as agentic AI providers, Gartner estimates that only around 130 are genuinely so. The rest are engaged in what Gartner has named "agent washing", the rebranding of existing chatbots, robotic process automation, and AI assistants as autonomous agents without the underlying capability. The market your business is buying from is, by Gartner's count, more than 95% theatre.

Combined with primary failure-pattern research from the broader market, the picture sharpens. Among enterprises that abandoned agentic AI projects in 2025 and early 2026, the principal causes were not technical. Governance and security barriers, infrastructure gaps such as observability and orchestration, the inability to measure ROI, and unclear business ownership were each cited more often than model quality issues (Digital Applied, 2026, drawing on IDC, Gartner, McKinsey and Salesforce research).

Translated for the executive reading this: the genuine agents are good enough. The problem is that nobody in the organisation can answer four questions about them.

What does this agent have access to, and is that the right amount? Who in the business is accountable when it does something wrong? How do we know if it is delivering value? What happens when we need to switch it off?

If those questions cannot be answered cleanly, the security team will not approve production deployment. They are right not to.

Why the security team is winning the argument

The Cloud Security Alliance's State of AI Cybersecurity 2026 report, drawing on the Darktrace 2026 survey, found that 92% of security professionals are concerned about the use of AI agents across their workforce and the impact on security (Cloud Security Alliance, 2026).

The reason for that concern is structural. AI agents, once deployed, act with broad permissions across multiple software systems and platforms. They are granted access to sensitive data, business-critical applications, authentication tokens, internal APIs, and the IT and security tools themselves. As the Cloud Security Alliance report puts it, "these agents must be governed as identities, with least-privilege access and ongoing monitoring. They can't be thought of as invisible aspects of the application estate" (Cloud Security Alliance, 2026).

Most are. Cisco's own deployment data and survey of the wider market indicates that the majority of organisations granting agents this kind of access have done so without comparable controls. The result, predictably, is incidents. Among enterprises that have deployed agents in production, primary research indicates that the majority have reported at least one security incident, the leading cause being over-permissioned agent credentials in approximately six in ten cases (Digital Applied, 2026).

This is not a hypothetical risk. It is the operational reality of running autonomous software with privileged access to your systems, and it explains why the security team's pen has been on the brake for the past two years.

The race nobody is talking about properly

The conventional narrative around 2026 is "AI versus AI", defenders' agents fighting attackers' agents on some kind of automated battlefield. That framing is not wrong, but it misses the point that matters operationally.

The real race is this. Attackers are deploying agentic AI without any of the governance, security or operational constraints that are stalling defender deployments. They do not scope an agent's permissions. They do not document an incident response procedure. They do not have to convince a security committee or measure ROI to a CFO. They write the agent, point it at the target, and let it run.

A Dark Reading readership poll in early 2026 found that 48% of cybersecurity professionals now identify agentic AI and autonomous systems as the top attack vector heading into 2026, ranked above deepfakes, ransomware, and credential theft (Kiteworks, 2026, citing Dark Reading). Help Net Security's coverage of the Cisco State of AI Security 2026 report documented that attacker-side agents are now routinely operating with elevated permissions, accessing databases, modifying code, and triggering automated workflows with no human oversight at all (Help Net Security, 2026).

Defenders cannot match that velocity without abandoning the governance that makes them defenders in the first place. So they will not. The asymmetry is structural, and it will not be solved by either side moving faster.

What this means in practice is that the organisations winning in 2026 are not the ones with the smartest agents. They are the ones who have built the governance scaffolding, the access controls, the audit logging, the kill switches, the incident response procedures, that let them deploy fast and safely. The losing organisations are either deploying recklessly because their security teams have been overruled, or stuck in pilot because their security teams have not.

There is a third path, and it is the one that closes the gap.

What good actually looks like

The minority of enterprises that have moved agents into production successfully share four characteristics, consistent across the primary failure-pattern research.

They invested in infrastructure before deployment, not after. Observability, orchestration, and identity management for non-human actors were in place before the first agent went live.

They documented governance before deployment, not after. Permission scopes, escalation paths, accountability ownership, kill-switch procedures, and audit logging requirements were written down and approved before any agent ran in production.

They captured baseline metrics before pilots began, so that ROI could be measured against a defined starting point rather than estimated retrospectively.

They assigned named, dedicated business ownership for each agent, with accountability for post-deployment performance, security and continued business case.

None of these is technically difficult. None requires buying more software. All require sustained executive attention from someone whose attention is already spoken for, and they are the work that gets skipped in nearly every mid-market business currently stuck in the 80-point gap.

Where Neurotic comes in

For most organisations, the gap between adoption and production cannot be closed by buying another platform or hiring another engineer. It is bridged by getting a competent, independent technical team to do the unglamorous work that vendors do not sell and auditors do not catch. Scope every agent already running in the business. Document what access each one holds. Build the governance and logging that should have been in place from day one. Leave behind a framework that the existing team can actually run.

Neurotic's technology audit, cybersecurity audit, and data governance services are built precisely for this work. We are independent of any AI vendor or platform, which means the recommendations are driven by what is actually in your business and what it actually needs, not by what someone is trying to sell you. If your organisation is in the gap, agents adopted, value not yet captured, security team holding the line, that is the moment to get an independent read.

Talk to us โ†’ neurotic.co

References

Cisco (2026) Cisco Reimagines Security for the Agentic Workforce, announcement at RSA Conference 2026. Available at: https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2026/m03/cisco-reimagines-security-for-the-agentic-workforce.html [Accessed 3 June 2026].

Cloud Security Alliance (2026) State of AI Cybersecurity 2026: 92% of Security Professionals Concerned About the Impact of AI Agents, drawing on Darktrace 2026 survey. Available at: https://cloudsecurityalliance.org/blog/2026/05/27/state-of-ai-cybersecurity-2026-92-of-security-professionals-concerned-about-the-impact-of-ai-agents [Accessed 3 June 2026].

Digital Applied (2026) Agentic AI Statistics 2026: 150+ Data Points Collection, drawing on primary research by IDC, Gartner, McKinsey, Salesforce, Anthropic and independent researchers. Available at: https://www.digitalapplied.com/blog/agentic-ai-statistics-2026-definitive-collection-150-data-points [Accessed 3 June 2026].

Gartner (2025) Gartner Predicts Over 40% of Agentic AI Projects Will Be Canceled by End of 2027, press release, 25 June 2025. Available at: https://www.gartner.com/en/newsroom/press-releases/2025-06-25-gartner-predicts-over-40-percent-of-agentic-ai-projects-will-be-canceled-by-end-of-2027 [Accessed 3 June 2026].

Help Net Security (2026) Enterprises are racing to secure agentic AI deployments, drawing on Cisco State of AI Security 2026. Available at: https://www.helpnetsecurity.com/2026/02/23/ai-agent-security-risks-enterprise/ [Accessed 3 June 2026].

Kiteworks (2026) Agentic AI: Biggest Enterprise Security Threat for 2026, citing Dark Reading readership poll. Available at: https://www.kiteworks.com/cybersecurity-risk-management/agentic-ai-attack-surface-enterprise-security-2026/ [Accessed 3 June 2026].

Neurotic

Company

Resources

US locations

World locations