AI Agents Are Finding 45 Million Vulnerabilities. The Question Is Whether That Means Anything.
When Cognizant and CrowdStrike reported that an EY Fortune 100 customer found 45 million potential security exposures using an AI scanning tool, the number sounded like a crisis. It might be a category error.
The tool — QuiltWorks, part of CrowdStrike's Falcon platform — defines "vulnerability" differently than most security teams would expect. QuiltWorks scans for misconfigurations in how AI agents connect to the external tools they call, insecure "tool bindings" that can be exploited to make agents call the wrong function or leak data, overly broad data access permissions, and "prompt injection" attacks where an attacker embeds hostile commands in the data an agent processes. That taxonomy comes from the OWASP Top 10 for Agentic AI Applications, a peer-reviewed framework cataloging the new risks that appear once autonomous agents run in production. The 45 million figure counts exposures under this expanded definition — not the traditional CVE-listed software flaws, the kind tracked in the common vulnerability database that security teams have used for twenty years. CrowdStrike and Cognizant report the finding; independent verification has not been published.
The distinction matters because the same broad definition that makes 45 million sound alarming also makes it structurally difficult to cross-check. Misconfigurations, insecure bindings, and data exposure are real risks. Whether they are new risks — genuinely created by AI agents rather than problems that existed before and are simply newly visible — is a question the OWASP framework explicitly leaves open. The project's authors note that agentic AI systems have distinct vulnerability categories requiring specific detection, but the framework catalogs categories, not prevalence. A vendor citing OWASP to justify a large finding is using an independent framework as a structural prop, not a measurement of how often those categories appear.
CrowdStrike has a commercial interest in expanding the category. The company reported fourth quarter fiscal 2026 ARR of $5.25 billion, up 24 percent year over year, with net new ARR of $331 million in the quarter. Its partnership with Cognizant was upgraded to Americas Velocity Partner of the Year status for 2026. Accenture has built 27 mission-ready agents on the Falcon platform for automated vulnerability assessment and reporting.
The partnership announcement frames this as a response to genuine market pressure: organizations are deploying AI agents at scale across operations, IT, and core business processes, and the attack surface is widening accordingly. Cognizant is bringing Falcon to its AI Factory and managed security services, positioning itself as the implementation layer for enterprises that want coverage without building the capability in-house.
Independent analysts have flagged the gap between AI deployment velocity and governance maturity. The Futurum Group noted that enterprise AI governance is racing to catch up with deployment — a dynamic that vendors are structurally positioned to exploit by defining the problem broadly. The OWASP framework makes no claim about prevalence; it catalogs categories. The honest version of this announcement is that a vendor and its partner reported a large number under an expanded definition, and whether that definition reflects new threats or newly visible old ones is a question neither the announcement nor the framework answers. Enterprises treating the figure as actionable intelligence are accepting the vendor's framing without an independent audit. What to watch next is whether any customer publishes post-audit results — actual incidents before and after deployment — that would let buyers validate whether expanded-definition scanning produces proportionate security outcomes or proportionate security spending.