Most agentic AI projects in production have stalled over data problems
Enterprises are connecting AI agents to live data feeds and putting them to work on tasks that once required human review, from IT operations to software development. The number doing this in production reached 32 percent in 2026, up from 29 percent the year before, according to Confluent’s annual Data Streaming Report, which surveyed 4,625 IT leaders across 14 countries.
Governance and data quality top the list of agentic AI obstacles
IT leaders point to a set of recurring problems when they try to scale agentic AI. A skills gap and limited organizational readiness ranks first at 69 percent. Concerns about LLM reliability and non-determinism sit at 68 percent. Data infrastructure and quality issues reach 66 percent, and governance, risk, and compliance problems reach 65 percent. These four sit close together, and they describe a security and integrity challenge as much as a technical one.
The strain shows up further upstream. Many organizations still lack the infrastructure to process data in real time, and that gap widened over the past year. Uncertainty about where data came from, how current it is, and whether it can be trusted remains widespread.
An autonomous agent acts on whatever data it receives, which is what makes this a security concern. When provenance is uncertain and freshness is in doubt, the agent can take real actions based on data nobody has verified.
Stalled and abandoned projects signal the cost of getting data wrong
The consequences are visible among the organizations furthest along. Among those running agentic AI in production, 77 percent report stalled projects tied to these challenges. At the production stage, 61 percent report project abandonment as a problem. Delays of one to five months are common, and some initiatives stop indefinitely. Reliability problems with the underlying data carry a direct operational cost.
Security and governance move toward the data source
Much of the report centers on a practice researchers call shifting left, which means moving data processing, governance, and policy enforcement closer to where data is created. Applied to security, this means validating, encrypting, and applying access rules at the point of ingestion, so that everything downstream inherits those controls.
The survey data reflects growing attention to this idea. Inline security and governance enforcement ranks as the most mandatory capability IT leaders want in a data streaming platform, with 43 percent calling it required and 81 percent rating it a major or significant benefit. Natural support for shifting left draws a similar response, with 77 percent rating it mandatory or highly desirable.
Across thousands of IT leaders, the same concerns surface repeatedly: data that cannot be traced, data that arrives stale, and governance that breaks down across systems. These are the conditions under which autonomous agents make decisions. The questions for a security team follow from there. Where does data get validated, who can access it, how is its origin recorded, and what happens when an agent acts on a stream that has been tampered with. The investment numbers point one way. The risk questions remain open.
Download: The IT and security field guide to AI adoption