1Password’s cloud 100 recognition spotlights the access-trust gap

At a glance

What this is: 1Password’s Cloud 100 placement is presented as evidence that identity security is shifting toward access governance for people, AI agents, unmanaged devices, and apps outside traditional IT control.

Why it matters: For IAM teams, the takeaway is that access control is no longer just about employee sign-in and federation, but about governing a wider access surface that includes non-human identities and unmanaged endpoints.

By the numbers:

• Only 44% of organisations have implemented any policies to manage their AI agents, despite 92% agreeing that governing AI agents is critical to enterprise security.

👉 Read 1Password’s Cloud 100 announcement and Extended Access Management context

Context

The access-trust gap is what happens when identity controls stop at the edges of managed devices, sanctioned apps, and centrally governed human users. In practice, that gap now includes AI agents, unmanaged endpoints, and SaaS access that never passes through the controls many IAM programmes still treat as complete.

1Password’s Cloud 100 recognition is less interesting as a trophy than as a signal that the market is converging on a broader access problem. The article frames the shift as one where traditional IAM, IGA, and MDM coverage no longer maps cleanly to how work is actually being done across human and non-human identities.

That makes this a governance story, not a branding story. If your access model still assumes the identity subject is a person on a managed laptop, you are already under-scoping the problem space.

Key questions

Q: How should security teams govern access when AI agents and humans share the same apps?

A: Treat AI agents as separate identity subjects with their own approvals, scope limits, and monitoring. Human access policy assumes a person controls the session, but agentic access can chain actions across tools and timing. Governance should separate authentication from authorisation and require explicit policy for non-human actors before they are allowed to reach business apps.

Q: Why do unmanaged devices create an identity governance problem?

A: Because identity control depends on knowing both who is accessing and from what trusted endpoint. If the device is outside management, posture checks and policy enforcement become incomplete, even when SSO succeeds. That leaves a gap where legitimate authentication can still lead to ungoverned access to sensitive applications or data.

Q: What do teams get wrong about extended access management?

A: They often treat it as an add-on to SSO rather than a response to a wider trust problem. The real issue is not just login coverage, but whether unmanaged apps, devices, and non-human identities can be brought under one access decision model. Without that, access remains visible but not governable.

Q: What frameworks are most relevant when AI agents expand the access surface?

A: OWASP NHI Top 10 and Zero Trust Architecture are the most useful starting points because they connect identity scope, trust boundaries, and access enforcement. Teams should also use governance and lifecycle controls to decide who or what can reach each app, under which conditions, and with what visibility.

Technical breakdown

Why the access-trust gap emerges in modern identity stacks

The access-trust gap appears when identity assurance, device trust, and application governance are split across tools that were not designed to share one decision plane. Legacy IAM handles sign-in and federation well, but it does not fully govern unmanaged devices, unsanctioned apps, or non-human actors operating outside IT oversight. Extended Access Management is being positioned to cover that blind spot by linking identity, application sign-on, and device posture into one access decision. The technical issue is scope, not feature count: if the policy engine cannot see the full access path, it cannot govern it consistently.

Practical implication: Map every high-risk access path that bypasses your core IAM stack and assign an owner for each blind spot.

How AI agents change access control and sign-on assumptions

AI agents do not simply increase volume; they change the subject of access control. Traditional IAM assumes a human initiates authentication and then uses the session in a fairly bounded way, but agentic workflows can request access, chain tools, and operate across multiple systems with less predictable timing. That means the real control question becomes whether the actor is trusted to reach the app at all, not just whether the sign-on succeeded. In identity terms, AI agents behave like non-human identities that need explicit governance, not just a broader login policy.

Practical implication: Separate human authentication design from machine and agent access policy so agent sessions are governed as non-human identities.

Why unmanaged devices and unsanctioned apps still matter to IAM

Unmanaged devices and unsanctioned applications matter because identity assurance breaks down when the endpoint and the app are outside the control set assumed by the policy. Even strong SSO does not help if the app is not federated, the device is not trustworthy, or the access path exists only through local credentials and ad hoc approvals. This is where governance and enforcement diverge: visibility may show the access, but without endpoint and application context the IAM layer cannot enforce consistent risk decisions. That is the architectural reason the access surface keeps expanding faster than policy coverage.

Practical implication: Inventory where sign-in occurs outside federated, managed, and policy-enforced paths, then decide which risks are acceptable and which are not.

Threat narrative

Attacker objective: The objective is to reach sensitive applications and data through access paths that look legitimate in isolation but remain outside comprehensive identity governance.

1. Entry occurs when identities reach apps through unmanaged devices, unsanctioned SaaS, or non-federated paths that sit outside standard IAM oversight.
2. Escalation follows when AI agents or users accumulate access across multiple tools without a single governance layer validating device trust, app trust, and identity scope together.
3. Impact is sustained access to business systems and sensitive data through identities and endpoints that legacy controls do not fully govern.

Breaches seen in the wild

• Moltbook AI agent keys breach — Moltbook breach exposed 1.5M AI agent keys.
• Azure Key Vault privilege escalation exposure — Azure Key Vault Contributor role misconfiguration enabled privilege escalation.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Access-trust gap: the enterprise has outgrown its original identity perimeter. Traditional IAM was built for managed users, managed devices, and federated applications. That assumption no longer holds when work is performed through autonomous agents, unmanaged endpoints, and apps adopted outside IT oversight. The implication is that identity governance now has to account for access paths that never fit the original trust model.

AI agents expose a governance boundary, not just a new workload class. When an AI system can reach applications and act across them, the question is no longer whether the sign-on is secure but whether the actor should be allowed to exist in the access graph at all. OWASP NHI Top 10 language and Zero Trust thinking both point to the same conclusion: identity scope now matters as much as authentication strength. Practitioners should treat agent access as a governed identity subject, not a side effect of automation.

Extended access management is becoming the category label for a deeper control problem. The market is moving toward tools that unify sign-in, device trust, application reach, and non-human identity visibility because siloed controls leave too much ungoverned access behind. That does not mean every product strategy is equal, but it does mean the category reflects a real operational gap. Security teams should reassess which access paths sit outside their current control plane.

Cloud 100 recognition signals where buyer attention is heading, not what is solved. Enterprise buyers are increasingly looking for identity security models that extend beyond classic SSO and lifecycle administration into device and application trust. The useful question is whether a programme can enforce policy across humans, AI agents, and unmanaged surfaces without creating fragmented governance. Teams should prepare for broader access governance demands, not narrower IAM scope.

Identity governance is converging across human and non-human subjects. The same programme that governs employee access now has to account for AI agents, machine identities, and unmanaged SaaS use. That convergence does not erase the differences between actor types, but it does force a common governance language for scope, trust, and lifecycle. Practitioners should align IAM, IGA, and NHI controls under one access model instead of treating them as separate problems.

From our research:

• Only 44% of organisations have implemented any policies to manage their AI agents, despite 92% agreeing that governing AI agents is critical to enterprise security, according to the 2026 Infrastructure Identity Survey.
• 67% of organisations still rely heavily on static credentials despite the risks they pose to agentic AI deployments, according to the 2026 Infrastructure Identity Survey.
• For a deeper view of where agentic access governance is headed, see Ultimate Guide to NHIs , 2025 Outlook and Predictions for the broader category outlook and control priorities.

What this signals

Access-trust gap: the next governance fight is not over whether identity is authenticated, but whether the access path itself is still within policy. With only 44% of organisations reporting AI agent policies in place, per the 2026 Infrastructure Identity Survey, many programmes are already behind the shape of the problem.

Security teams should expect the control plane to shift toward broader access governance across humans, machines, and agents. That means IAM, IGA, and endpoint posture can no longer operate as separate operational silos if the goal is to close the access-trust gap.

The practical signal is that privileged access is becoming less about standing roles and more about whether the system can see, classify, and constrain every actor that reaches business apps. Programmes that cannot do that will keep discovering shadow access after the fact.

For practitioners

• Inventory the access-trust gap Map every application and device path that falls outside federated SSO, managed endpoints, or centrally approved app usage. Prioritise the paths that can reach sensitive data or administrative functions without passing through your core policy engine.
• Separate agent governance from human access policy Classify AI agents and other non-human actors as their own identity subjects, then assign explicit controls for their app reach, approvals, and session scope. Do not let agent access inherit human assumptions about authentication, intent, or session duration.
• Close unmanaged-device exceptions Review exceptions where users or agents can reach corporate apps from devices that are not posture-checked or enrolled. Remove silent exceptions first, then decide whether compensating controls are strong enough to keep the exception open.
• Unify identity telemetry across IAM, IGA, and endpoint controls Correlate sign-in, device trust, app usage, and privilege data so access decisions are made with the full path in view. Without that correlation, ungoverned access will look like ordinary usage until it becomes an incident.

Key takeaways

• 1Password’s recognition reflects a real market shift toward governing access paths that classic IAM does not fully cover.
• The key risk is not just more identities, but more identities operating across unmanaged devices and unsanctioned apps outside the old trust perimeter.
• Practitioners should focus on closing the access-trust gap by classifying AI agents, removing unmanaged exceptions, and unifying identity telemetry.

Key terms

• Access-trust gap: The gap between the access an organisation thinks it governs and the access actually available through unmanaged devices, unsanctioned apps, and non-human identities. It is an identity scope problem, not just an authentication problem, because visibility and enforcement often stop at the edge of legacy IAM.
• Extended Access Management: An access governance approach that extends control beyond traditional SSO and managed endpoints to cover app reach, device trust, and non-human actors. In practice, it tries to unify identity, posture, and application access into one decision surface instead of leaving those controls fragmented.
• Non-human identity: A non-human identity is any machine or software actor that needs governed access, such as a service account, token, certificate, workload, or AI agent. These identities can hold privileges, reach applications, and create risk when they are not managed with the same discipline as human accounts.
• Agentic access: Access used by an AI agent that can act across tools and systems with some runtime independence. The governance challenge is that the actor may not follow the same predictable, human-paced pattern that traditional access reviews and approval workflows assume.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or governance in your organisation, it is worth exploring.

This post draws on content published by 1Password: 1Password is named to the 2025 Forbes Cloud 100 for fourth consecutive year. Read the original.