What Went Wrong at Amazon, McKinsey & Meta and What It Means For Your AI

AI agents act. They query databases, modify records, trigger workflows inside live infrastructure. The shift AI has taken from recommending to acting changes the risk profile. 

And the enterprise is taking note. At the KNIME Data Summit Munich, we polled 81 data and technology leaders on where their organizations stand with AI agents. Nearly half – 48% are actively exploring agentic AI. Another 27% are running pilots. Only a small fraction have reached limited production or are scaling.

The enterprise is clearly moving from curiosity to commitment.

When we asked the same audience what’s holding them back, the answer was equally clear: 43% cited trust and governance as the single biggest blocker – outpacing skills gaps, integration complexity, unclear ROI, and data quality combined.

Four high-profile incidents in early 2026, at Amazon, McKinsey, Meta, and n8n causing cloud outages and exposure of sensitive data, illustrate the stakes. The common thread was that AI had broad, poorly governed access and used valid credentials. Traditional security controls never fired.

AI agents operate through credentials — API keys, database connections, service accounts. These credentials are the true boundaries of what an AI can do. Yet in practice, they are treated as a technical detail rather than a governance control.

Under delivery pressure, teams default to broad, simplified access — effectively handing agents a master key. When something goes wrong, that single credential can touch multiple systems simultaneously, and because it's valid, it triggers no alerts. There is also no audit trail: shared credentials make it impossible to distinguish whether an action was taken by an agent, a process, or a person.

The survey data makes this risk concrete. Most organizations polled are still in the exploration or pilot phase. That means governance frameworks are being defined right now, while deployment pressure is already building. What gets designed in at this stage will either protect the organization or constrain its options later.

When agentic AI acts in unintended ways, the consequences are immediate and business-critical: sensitive data exposed, customer communications sent in error, records modified or deleted, compliance violations triggered. And today, in most AI agent deployments, leadership cannot confidently answer the four questions that matter most: What happened? Why? What caused it? Can we prevent it?

The fact that trust and governance tops the blocker list — ahead of cost, talent, and integration — tells us that teams already understand this and they're asking for frameworks that let them move forward safely.

Leading organizations are embedding governance directly into how AI is built — not bolting it on after the fact. In practice, this means managing agent credentials, applying least-privilege access (each agent gets only what it needs), maintaining end-to-end audit trails, and eliminating hardcoded credentials. This approach reduces risk without sacrificing development speed.

The organizations that will scale AI agents successfully are those who build the right controls while they’re still in the exploration and pilot phase, before scale makes remediation expensive.

The question is: What’s your AI is allowed to do? Credential governance is the mechanism that answers that question. Organizations that design AI autonomy intentionally, with oversight built in structurally, will scale safely. Those that don't are one misconfigured permission away from an operational or reputational crisis.

The data from the KNIME Data Summit is a useful benchmark: If your peers identify governance as their primary concern and your organization is at a similar stage of AI agent maturity, this is the time to act.

One recommended action: Ask your AI teams to map which credentials your agents currently hold and whether least-privilege access is enforced. If the answer is unclear, that is itself the risk.