AI agents are no longer just a conceptual risk; they’ve landed and are storming the beach. From drafting code to executing business logic, these agents are autonomous and increasingly embedded into enterprise workflows.
Tasked with responsibilities once reserved for humans, this growing class of shadow identities is acting with wide-ranging access, little oversight, and no clear accountability. Enterprise security models, meanwhile, particularly identity governance, have failed to keep pace.
The Rise of Identity-Less Automation
As enterprises adopt generative AI tools and low-code platforms, it has become trivial for users to spin up AI agents that execute privileged actions. They often use generic service credentials or hardcoded tokens to interact with production systems, third-party APIs, or customer data.
Yet, in most cases, these agents don’t have formal identities. They don’t exist in the corporate directory, aren’t subject to governance policies, and lack ownership attribution. Operating in a gray area, AI agents are sanctioned by business needs but invisible to security teams.
This is more than just poor hygiene; it’s a breakdown of core identity governance principles, such as least privilege, delegated access, and traceability.
Delegation Without Accountability
One of the most common misconceptions is that AI agents are just tools or app extensions of human users. In reality, they are autonomous actors making independent decisions. That creates a largely underestimated problem: when an AI agent takes an action, there is no clear chain of custody.
Who initiated the workflow? Who authorized the agent’s scope of access? Can the organization prove, post-incident, that the action aligned with policy?
Without answers to these questions, autonomous authority becomes a liability. Attackers can exploit this ambiguity to escalate privileges, impersonate agents, or conceal their actions behind automation. Internally, it makes regulatory compliance and incident forensics difficult, if not impossible.
Identity without accountability isn’t only incomplete and violates the most basic security best practices.
Fragmented Identity Breaks Trust Boundaries
AI agents can operate across multiple domains, including cloud platforms, SaaS tools, and custom workflows. However, the identity systems that underpin these environments remain siloed. Most organizations still struggle to manage a patchwork of Active Directory, IAM-as-a-service, and application-specific LDAP user stores.
Consider an AI agent that interacts with each of these domains, but exists in none of them. Or worse, in all of them, intermittently.
This identity sprawl creates governance drift. A security team may assume access is centrally controlled, but the agent could operate under outdated permissions, orphaned tokens, or credentials that no longer align with policy.
Even well-meaning employees can make this worse. A team might clone, modify, and redeploy an automation without an audit trail, creating multiple ghost agents with identical access and no oversight.
Embedding Identity Governance into AI
To address these new identity risks, organizations must move beyond retroactive controls by building governance into the fabric of how agents are created, provisioned, and monitored.
This requires a shift in both mindset and architecture that includes:
- Assigning First-Class Identities to AI Agents – Treat Agents Like People
Treat every agent as a unique identity in the system, not a privileged account or proxy. This includes issuing credentials, tagging metadata (like creator, public or private, and OAuth scopes), and enforcing lifecycle policies (like time-to-live TTL). - Implementing Traceable Delegation Chains
Use policy-based frameworks to explicitly define when an agent acts “on behalf of” (OBO) a user or service. Capture and validate that relationship at runtime to ensure trust is scoped and auditable. - Mandating JIT Provisioning and Ephemeral Access
Standing privileges are dangerous in human contexts and even riskier with AI. Provision access just in time, only for the required duration, and revoke immediately after task completion. - Monitoring Agent Behavior in Real Time
AI agents can chain together actions in ways security teams may not anticipate. Apply behavioral analytics and anomaly detection to agent activity, just as you would for insider threat monitoring. Log agent events and actions with the same reporting tools you use for people. - Integrating AI Agents into Zero Trust Architectures
Apply Zero Trust principles by continuously validating the agent’s identity, intent, and risk posture at every access decision point. This includes environmental signals (e.g., MCP and API endpoints, data sensitivity) and contextual factors (e.g., read or write? Who deployed the agent? What system does it touch?).
Identity is Expanding. So Must Our Models.
Historically, identity governance has lagged behind new forms of access. We saw it with cloud sprawl, we saw it with API integrations, and we’re seeing it again with autonomous agents. But AI agents are fundamentally different. They’re ephemeral, fast, scalable, and capable of compounding risk at machine speed.
It’s time to reframe our assumptions. Identity is no longer limited to people or IoT devices; it now includes algorithms that make decisions, act autonomously, and touch multiple MCP systems. That means our models for identity governance must evolve as well.
Enterprises that adopt agent-aware identity architectures—rooted in visibility, delegation, and real-time enforcement—will be best positioned to scale AI securely. Those that don’t risk allowing automation to become the next great source of identity debt and increasing exposure.
Eric Olden, CEO of Strata Identity, has made a career out of simplifying and securing enterprise identity management. He founded, scaled, and successfully exited both Securant/ClearTrust (Web Access Management) and Symplified, (the first IDaaS company). Recently Eric served as SVP and GM at Oracle, where he ran the identity and security business worldwide and was responsible for product development, go to market, and partnerships. As a technologist, he was a co-author of the SAML standard, created the first pre-integrated SSO platform, and is the visionary behind the Identity Fabric™.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.