Only 16% of Security Teams Can See All Their Data. The Rest Are Building AI Agents on Top of the Blind Spots Anyway.

Every writeup of agentic security seems to open the same way: the security perimeter needs to tighten, the models need to be smarter, the hallucinations need to stop, the human can't step away from the loop. But what we're hearing fro actual security leaders points at a less convenient explanation. The trust crisis is a visibility problem and a budget problem the SOC ran out of room for years ago.

Strike48's State of Agentic Security report, based on a survey of 100 enterprise and mid-market security leaders, makes the case in numbers. 84% of respondents say their current tools cannot access all of their log data for investigations. 80% cite the cost of keeping log data hot, live, and searchable as being particularly painful, or at least a major budget concern. 65% have had at least one investigation stall because the data they needed was in a system their tools couldn't reach. The three numbers describe the same problem from three angles: an industry that cannot afford to see its own environment is being asked to trust an agent that reasons over a partial picture.

What an agent can see is what the budget allows

Hot storage is the unsexy line item that decides what an enterprise security team actually gets to investigate. Logs that sit in the SIEM are searchable in seconds. Logs that have aged into cold storage, or that never got ingested in the first place because the daily-volume bill made it economically prohibitive, are functionally invisible to detection and investigation workflows. The standard answer is a careful retention policy that decides which sources the SOC will be able to query in a hurry. The unspoken answer, the one nobody likes saying out loud, is that most of an organization's telemetry is dark to its own security team most of the time.

The numbers in the Strike48 report make the trade-off explicit. Only 16% of security leaders say their current tools can access all of their data. 52% say they can access most of it but acknowledge older or cold-stored data isn't easily reachable. 13% say about half. 15% say their tools only work with what's in the primary SIEM. The report flags a finding that complicates the picture further: even among respondents who said they can access "most" of their data, more than half still reported stalled investigations in the past twelve months. Perceived coverage and actual investigative access turn out to be different measurements.

What an agent inherits

A human investigator working from a partial picture can at least feel the partial-ness. They know which queries took longer than expected, which sources they couldn't reach, which time windows fell outside the hot-storage envelope. That implicit context is a load-bearing part of how a senior analyst weighs a finding.

An agent has no such instinct. An agent given access to a fraction of the environment will reason confidently inside that fraction and produce conclusions that look complete. The hallucination concern that 69% of leaders named in the survey is downstream of this. A model asked to draw conclusions from a deliberately incomplete data set is going to extrapolate, and extrapolation in security operations is indistinguishable from hallucination after the fact.

A CISO in SaaS and software put the test bluntly in an open response in the survey, asking whether an agentic platform could see the data the SIEM cannot ingest, understand it rather than throw out false positives that require more investigation, and surface actionable insight from it. The bar the question describes is not one most current architectures can meet. The speed-asymmetry side of this picture gets the bulk of the industry attention; the data-access side is the part that decides whether anything an agent concludes is worth acting on.

Federation beats migration

Another SIEM migration is not the exit ramp from this trap. Migrations take months, add risk, and reset the data-access problem in a slightly different shape. The Strike48 report describes the alternative shape that's gaining ground: federated, search-in-place architectures that let agents query data wherever it actually lives (primary SIEM, cloud object storage, observability platforms, third-party data lakes) without requiring the security team to re-ingest, duplicate, or move it. Strike48 makes the architectural case at length in its companion SIEM modernization playbook.

Strike48 itself is built on this architecture. Its micro-agent design pairs audit trails and adjustable human-in-the-loop controls with a federated data layer that treats cold storage and silo'd platforms as first-class queryable surfaces. Other platforms are exploring variations on the same shape, and the shape, more than any specific vendor implementation, is what closes the gap the report describes.

The trust gap is the storage gap

Trust in agentic security gets framed as a confidence problem in AI. The data in this report describes a confidence problem in data. An agent that can see everything a senior analyst can see, with full audit trails and adjustable autonomy, is a different proposition from an agent bolted onto a SIEM that can already only see a fraction of the environment.

Until the data-access problem gets solved, every additional sophistication on the model side runs into the same ceiling. The 36% of leaders who already have agents in production have started closing the trust gap from the data side rather than waiting for the model side to mature. The org-chart side of that decision is its own story.

The full report is available at Strike48: State of Agentic Security: Breaking Through the Trust Barrier.