Skip to main content

Agentic Third-Party Risk

33% of enterprise software will be agentic by 2028. 40% of those rollouts will be canceled due to governance failures. A risk overview for CTOs.

The adoption curve

33% of enterprise software will include agentic AI by 2028 (Gartner). These agents use third-party skills, MCP servers, and tool integrations that most security teams have no process for vetting.

Three risk categories

Skill supply chain: 36.82% of agent skills have vulnerabilities. Protocol security: 7.2% of MCP servers are exploitable. Agent-to-agent trust: multi-agent systems enable 58-90% arbitrary code execution success rates.

33%
40%
36.82%

What CTOs need to know about agentic third-party risk

33% of enterprise software will include agentic AI by 2028, up from less than 1% in 2024 (Gartner). These agents use third-party skills, MCP servers, and tool integrations that most security teams have no process for vetting. 40% of agentic AI rollouts will be canceled by end of 2027 due to inadequate risk controls (Gartner). See agent governance for compliance frameworks.

Traditional vendor risk management evaluates software as a static artifact. Agentic third-party risk evaluates behavior: what an agent does with the tools you gave it, how it interacts with external services, and whether its outputs are safe to merge. This is a new risk category that existing security controls do not cover.

Three risk categories

Skill supply chain

36.82% of 3,984 agent skills have known vulnerabilities. 13.4% have critical issues including credential theft and data exfiltration (Snyk ToxicSkills, Feb 2026). See building secure skills.

Protocol security (MCP)

7.2% of 1,899 community MCP servers contain vulnerabilities. 5.5% exhibit tool poisoning. 85%+ of identified attacks compromise at least one platform. See MCP security.

Agent-to-agent trust

Multi-agent systems enable 58-90% success rates for arbitrary code execution. Some configurations reach 100% (arXiv:2503.12188). See agent attack landscape.

What traditional VRM misses

Traditional SAST/DAST

Finds code vulnerabilities in static artifacts

Traditional SCA

Finds dependency vulnerabilities in package manifests

XOR

Evaluates agent behavior: what the agent does with its tools, how skills interact, whether the output is safe to merge

Gap

No existing tool evaluates runtime agent behavior against third-party skill integrity

Key stats from published research

36.82%

Agent skills with any security flaw (of 3,984 audited)

Snyk ToxicSkills

85%+

MCP attacks compromising at least one platform

MCPSecBench

20%

Jailbreak success rate across 2,000+ LLM apps

Pillar Security

92%

AI vendors claiming broad data usage rights

Stanford CodeX

[NEXT STEPS]

Deep-dive pages

FAQ

What is agentic third-party risk?

AI agents use external tools, MCP servers, and skills with real permissions. 36.82% of agent skills have vulnerabilities (Snyk ToxicSkills, 3,984 audited, Feb 2026). Traditional vendor risk management doesn't evaluate agent behavior.

How fast is agentic AI adoption growing?

33% of enterprise software will include agentic AI by 2028, up from less than 1% in 2024 (Gartner). 40% of agentic AI rollouts will be canceled by end of 2027 due to inadequate risk controls.

How does XOR address third-party agent risk?

XOR verifies agent behavior, not just agent code. The platform scans skills for vulnerabilities, checks MCP server integrity, and produces signed compliance evidence for every triage.

See which agents produce fixes that work

128 vulnerabilities. 15 agents. 1,920 evaluations. Agents learn from every run.