There’s a question that most IT and security teams haven’t fully reckoned with yet: Who or what is logged into your systems right now?
For decades, the answer was simple. Employees had usernames and passwords. IT managed them. HR offboarded them when they left. The system was imperfect, but it was at least human-scale.
That’s no longer the world we operate in.
In 2026, the entities logging into your business systems, moving data between apps, approving workflows, and reading sensitive files are increasingly not people. They are AI agents – autonomous software that acts, decides, and executes on behalf of your organization, around the clock, without ever needing a coffee break. And the numbers are staggering.
The Scale of the Problem
Machine identities driven primarily by cloud and AI now vastly outnumber human identities within organizations, with nearly half having sensitive or privileged access. To put a number on it: machine identities now outnumber humans 82 to 1, yet 88% of organizations still define only human identities as privileged users.
Read that again. 82 machine identities for every one person. And most companies are still treating the problem like it’s 2015.
In 2025, enterprises globally had 28.6 million active AI agents deployed a number projected to grow to over 2.2 billion by 2030. Each of those agents needs credentials. Each one logs in somewhere, accesses something, moves data to something else. And each one represents a potential door into your organization if not governed correctly.
What Exactly Is an Agentic Identity?
Think of it this way. You hire a new employee. You give them a badge, an email address, a set of permissions. You decide what they can access and what they can’t. When they leave, you revoke everything.
An AI agent works similarly except it’s running 24/7, it might be operating across five different platforms simultaneously, it doesn’t have a manager checking in on it, and when it was created, someone probably gave it broader access than it actually needs, just to get it working quickly.
AI agents are ephemeral, autonomous, and delegated. Managing them like long-lived apps or VMs is a mismatch. We need a new playbook one built for runtime actors, not static objects.
These agents are doing real work. They are performing tasks like scheduling meetings, updating sales pipelines, analyzing code repositories, and retrieving sensitive documents essentially all sorts of tasks that a human would. The difference is, unlike humans, they aren’t always governed the same way.
A Real-World Example: When an Agent Goes Off-Script
Consider what happened at a large US retailer in early 2025. The company deployed an AI agent to help its customer support team — summarizing tickets, pulling order data, and issuing refunds automatically within a set dollar threshold. Straightforward enough.
But the agent had been provisioned with an API key that gave it access not just to the customer support database, but to the broader order management system. When an attacker discovered and stole that API key, they were able to query the system freely — pulling customer purchase histories, addresses, and payment metadata. Not by breaking through a firewall, but simply by presenting a valid credential. No alarm went off. No human noticed for weeks.
This is the new anatomy of a breach. The game is no longer about breaking in; it’s about walking through the front door with stolen keys. And agents hand out a lot of keys.
The Ghost Agent Problem
One of the most underappreciated risks in enterprise security right now is what practitioners call shadow agents — AI agents that were deployed by developers or business teams, outside the visibility of the security team, and never properly registered or governed.
Shadow IT has evolved into Shadow AI. With agents operating as rogue pilots, the risk isn’t coming it could already be inside your perimeter.
68% of organizations say they lack identity security controls for AI, and 47% cannot secure shadow AI usage in their organization. These aren’t fringe cases. They’re the norm.
There’s a practical reason this happens. Builders don’t create shadow agents or over-permissioned service accounts out of negligence, they do it because cloud IAM is slow, security reviews don’t map cleanly to agent workflows, and production pressure rewards speed over precision.
Speed beats governance, every time, until something breaks.
Another Real Example: The GitHub Supply Chain Attack
In March 2025, attackers compromised a widely-used GitHub Action called tj-actions by stealing a personal access token — a machine credential, not a human password. They injected malicious code that silently exfiltrated secrets from the CI/CD logs of more than 23,000 repositories. The breach wasn’t a sophisticated hack. It was credential theft at machine scale, enabled by the fact that the token had never been rotated and was far more powerful than it needed to be.
One stolen key. 23,000 affected repositories. This is what happens when machine identity hygiene lags behind machine identity proliferation.
Why Traditional Security Doesn’t Fit
The core issue is that every security system we’ve built over the past 30 years was designed with a human at the center. A person logs in. A person makes a decision. A person gets flagged for unusual behavior.
AI agents behave differently. They can call APIs, chain tools together, and execute workflows continuously using credentials — which shifts the control point from authentication to authorization at the moment of action.
This is a fundamental shift. It’s not enough to verify that an agent logged in correctly. You need to govern what it does while it’s logged in, in real time, at machine speed.
As CyberArk has noted: Every AI agent is an identity. It needs credentials to access databases, cloud services, and code repositories. The more tasks we give them, the more entitlements they accumulate, making them a prime target for attackers.
What Good Governance Looks Like
The organizations getting this right are thinking about AI agent identities the same way they think about their most privileged human employees with even tighter controls.
The framework is straightforward in principle, even if complex in execution:
Know every agent that exists. You can’t secure what you can’t see. Automated discovery typically reveals three to five times more agents than security teams expect. Start there.
Scope access tightly. Every agent should only have access to exactly what it needs for its specific task — nothing more. A CISO’s first move should be ensuring every agent has a managed identity with scoped authentication — not a shared API key with ‘god-mode’ access.
Use short-lived credentials. Long-lived API keys are ticking time bombs. Short-lived, automatically-expiring credentials dramatically reduce the damage a compromised agent can cause.
Audit everything. If an agent took an action, there should be a log. What did this agent do, on whose behalf, and who approved it? — these three questions should have answers at all times.
Build a lifecycle. Agents, like employees, need to be onboarded carefully and offboarded completely. Nearly half of all non-human identities are over a year old, and some are between five and ten years old — accounts that often outlive the humans who created them and quietly retain access.
The Stakes Are Getting Higher
A Dark Reading poll found that 48% of cybersecurity professionals now identify agentic AI and autonomous systems as the single most dangerous attack vector. According to IBM’s 2025 Cost of a Data Breach Report, shadow AI breaches cost an average of $4.63 million per incident — $670,000 more than a standard breach.
And the threat isn’t just external. Agentic attacks traverse systems, exfiltrate data, and escalate privileges at machine speed — before a human analyst can respond.
Cisco’s 2026 Data Privacy Benchmark Study found that 90% of organizations have expanded their privacy programs to account for AI, yet only 12% describe their AI governance as mature and proactive.
The Bottom Line
We are at an inflection point. AI agents are not coming — they are already here, already logged in, already moving your data. The question isn’t whether to use them. The question is whether you know who they are, what they’re doing, and what happens when one of them is compromised.
The organizations that treat agent identity as a first-class security concern today will be the ones that can scale AI confidently tomorrow. The ones that don’t will be managing incidents instead of managing growth.
In a world where your AI workforce outnumbers your human one by 80 to 1, identity governance isn’t an IT problem. It’s a business strategy.
