AI agents are exploding and multiplying every day. Adoption is skyrocketing, with Gartner projecting that embedded, task-specific AI agents will feature in 40% of enterprise applicationsopens in a new tab by the end of this year, up from less than 5% today.
These agents are getting remarkably better at carrying out complex tasks. They might already—and one day will—require access to sensitive or restricted data and the ability to both invoke critical workflows and take actions on behalf of users. And agents will perform these tasks with minimal to zero human intervention.
AI agents are still relatively new, and most organizations are in the “experimenting zone,” taking a greenfield approach. Consequently, many developers are spinning up new agents focused on end-to-end functionality without always thinking through broader security implications—creating a massive blind spot in identity and auditability.
Let's consider a scenario: Your development team is building an AI agent to automate a business-critical workflow that requires the agent to access your CRM and query a reporting service. Everything seems straightforward until it goes through a security review, and your team must answer:
- Do you know who owns this AI agent?
- Do you know what actions this agent has taken in the last few weeks?
- How do you cut off all the access the AI agent has?
These are very basic but important questions. The issue is that most identity and access management (IAM) solutions weren’t designed to help you answer them. In this post, we will explore why AI agents create unique security challenges and what is at stake when they are ungoverned. We will also explore guiding principles for securing AI agent identity before these blind spots become breaches.
Current state of AI agents
AI agents are being deployed at an accelerating pace, solving real business problems across different verticals:
- At one fintech company, customer service bots are handling two-thirds of support chatsopens in a new tab, the equivalent of 700 full-time employees.
- Analytics agents can query databases and data warehousesopens in a new tab to generate business intelligence reports.
- Code generation agents can access repositories, review pull requests, and suggest improvements opens in a new tabautonomously.
- Sales assistants can analyze pipeline data and draft personalized outreach emails opens in a new tabto speed up deal cycles.
Each of these agents requires access to sensitive systems and data to do its job. And that's where the problem starts.
The identity blind spot
Given the trend and explosive adoption, many organizations can't answer basic questions about their AI agents:
- How many AI agents do we have? IT may know about the officially sanctioned ones, but what about the experimental agents?
- Who owns them? When an agent misbehaves, who's responsible? Which team deployed it? Who approved the access?
- What systems can they access? Does your custom service bot have read-only access to the CRM, or can it modify records? Can it access financial data it doesn't need?
- What permissions do they have?
These blind spots are exactly where the security gap lies. These agents are invisible to companies' managed security systems as they fall through the cracks. The reasons are:
- Missing central registry: Unlike employees who exist in HR systems and identity directories, there’s no unified inventory of AI agents; they’re scattered across cloud accounts, internal systems, and SaaS platforms.
- Credential sprawl: AI agents are still relatively new, and they authenticate using API keys, service account credentials, and OAuth tokens that are often stored in code repositories, environment variables, or configuration files—definitely outside any centralized, managed system.
- AI agents are not first-class citizens: Most organizations treat them as technical integrations rather than as autonomous actors that require identity governance. This classification gap means they bypass the registration, lifecycle, and audit processes applied to human identities.