TL;DR: Enterprises are adding AI agents, service accounts, and machine identities faster than legacy IAM can coordinate them, with some organisations reporting 1 to 17 AI agents per employee and 12 or more identity products in use, according to ConductorOne. The real failure is orchestration, because fixed reviews and siloed controls cannot keep pace with machine-speed delegation chains and continuous privilege changes.
At a glance
What this is: This analysis argues that access management is failing less from missing tools than from missing orchestration across human, machine, and AI-agent identities.
Why it matters: It matters because IAM, NHI, PAM, and agentic-AI programmes now need one governance model for identities that authenticate, delegate, and mutate at different speeds.
By the numbers:
- The average enterprise runs 12 or more discrete identity products.
- Companies report between 1 and 17 AI agents per employee today.
- 40% of enterprise applications will embed task-specific agents by end of 2026.
👉 Read ConductorOne's analysis of access orchestration for AI agents and identity tools
Context
Access management is becoming a coordination problem, not a tool-selection problem. In 2026, enterprises are managing human users, service accounts, AI agents, and sub-agents at the same time, which makes legacy identity programmes feel like separate sections playing from different scores. The primary keyword here is access management, but the underlying issue is that access decisions now happen at machine speed across multiple identity types.
The article's core claim is that organisations have built strong instruments, but no conductor. In practical terms, that means authentication, PAM, governance, secrets, and agent identity controls can each work locally while failing globally because no layer is synchronising policy, timing, and delegation across the estate. For a broader NHI baseline, see the Ultimate Guide to NHIs.
Key questions
Q: How should security teams govern AI agents and service accounts together?
A: Security teams should govern AI agents and service accounts through one orchestration layer that tracks sponsor, delegation, and revocation across every dependent identity. The goal is not separate policy for each control point. It is a unified decision model that can react when an agent, workload, or human sponsor changes state.
Q: Why do periodic access reviews fail for agent-heavy environments?
A: Periodic reviews fail because they assume access remains stable long enough to be sampled and certified. AI agents can authenticate and act many times between review cycles, and sub-agents can inherit authority instantly. By the time a certification starts, the risky behaviour may already be complete.
Q: What breaks when identity tools are strong but not coordinated?
A: What breaks is the enterprise decision chain. Individual tools can enforce local rules, but without orchestration, policy changes do not propagate cleanly across authentication, authorisation, PAM, and agent governance. The result is fragmented control, delayed revocation, and blind spots between systems.
Q: What is the difference between orchestration and having more identity tools?
A: More identity tools add capability, but orchestration makes those capabilities work together as one control plane. Orchestration coordinates timing, signal propagation, and policy interpretation across systems. Without it, the environment becomes harder to govern even if each product performs well on its own.
Technical breakdown
Identity orchestration as the control plane
Identity orchestration is the layer that coordinates authentication, authorisation, governance, and privilege changes across separate tools and identity types. It does not replace IAM, PAM, or secret management. Instead, it makes their decisions coherent by propagating signals in real time, so a change in one system can affect every dependent identity path. In agent-heavy environments, orchestration matters because one human sponsor may indirectly control multiple agents and sub-agents, each with different access surfaces. Without a shared control plane, policy remains fragmented and enforcement lags behind behaviour.
Practical implication: map the handoffs between identity tools and identify where policy updates, revocations, or risk signals fail to propagate.
Continuous authorization for AI agents and machine identities
Traditional access review assumes stable entitlements that can be sampled on a schedule. AI agents invalidate that assumption because they authenticate frequently, act at runtime, and can trigger follow-on actions without waiting for a human checkpoint. Continuous authorization shifts the decision point from periodic review to event-driven evaluation, using context such as device, request sensitivity, and behavioural risk. For agents and service accounts, this is the difference between reviewing yesterday's access and governing today's execution. The model aligns with zero trust because trust is never granted once and then forgotten.
Practical implication: replace schedule-based entitlement checks with event-triggered policy decisions for high-risk agent and workload activity.
Policy-as-code and machine-readable governance
Policy-as-code turns access rules into executable logic that can be versioned, tested, and enforced consistently across systems. In mixed human and non-human environments, this matters because prose policies cannot keep up with dynamic delegation chains, sub-agent creation, or cloud-by-cloud differences in enforcement. Machine-readable policy also improves auditability because the rule set is explicit rather than embedded in tribal knowledge. The article's position is that orchestration fails when policy exists only as documentation and not as an operational score that systems can read in real time.
Practical implication: move critical access rules into machine-readable policy and validate them against real delegation paths before rollout.
Breaches seen in the wild
- Moltbook AI agent keys breach — Moltbook breach exposed 1.5M AI agent keys.
- AI LLM hijack breach — attackers used stolen AWS access keys to hijack Anthropic LLM models on Bedrock.
Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.
NHI Mgmt Group analysis
Access orchestration is now the missing identity governance layer: The article is right that enterprises do not primarily lack identity tools. They lack a mechanism that synchronises those tools across human, machine, and agentic actors in real time. That is why the same environment can be well controlled at the component level and still fail at the system level. The practitioner conclusion is that architecture, not product count, is now the governance issue.
Static access review was designed for stable entitlements, not runtime delegation chains: Quarterly certification assumes that privilege persists long enough to be observed, reviewed, and revoked. That assumption fails when AI agents spawn sub-agents, inherit authority, and execute at machine speed. The implication is not simply that review cadences must accelerate. It is that the review model itself no longer matches the behaviour being governed.
Identity blast radius is the right concept for agent sprawl: As human sponsors create agents that create sub-agents, a single approval can fan out into multiple identities with different access paths and retention states. That makes the impact of one governance decision much larger than the original entitlement suggests. NHI teams should treat delegation chains as blast-radius multipliers, not as isolated accounts.
Machine-speed identity makes coordination the decisive control variable: The article's strongest point is that the problem is not whether a control exists, but whether it can act in the same tempo as the identity it governs. When authentication, authorisation, and revocation operate on different clocks, policy drift becomes inevitable. The practitioner conclusion is that tempo alignment is now a first-class governance requirement.
Orchestration validates NHI governance and extends it into autonomous behaviour: The same lifecycle discipline used for service accounts now has to span AI agents and their dependencies. That is where the category is heading: not separate identity silos, but one governance plane that can see sponsor, workload, and delegated execution together. Teams should design for unified lifecycle control across all non-human identities.
From our research:
- The average enterprise runs 12 or more discrete identity products, according to Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, which means orchestration failures often begin with incomplete inventory.
- For lifecycle control across machine identities, see Ultimate Guide to NHIs , Lifecycle Processes for Managing NHIs.
What this signals
Identity orchestration will become the practical test of NHI maturity. Organisations will not be judged by how many controls they own, but by whether those controls can act together when a human sponsor creates, delegates to, and later revokes access for multiple machine identities. The programme question is whether revocation, risk signals, and policy updates move at the same tempo as the fastest identity in the chain.
Orchestration is the named concept teams should be using to describe this gap: it is the missing layer between identity capability and identity coherence. That gap affects human IAM, NHI governance, and autonomous behaviour alike, which is why teams should evaluate every identity initiative against end-to-end signal propagation rather than product coverage.
With 79% of organisations reporting secrets leaks and 77% of those incidents causing tangible damage, per Ultimate Guide to NHIs, the operational signal is clear: fragmented identity control is already producing business impact. Teams should prioritise coordinated lifecycle and access paths before adding another control family.
For practitioners
- Inventory orchestration gaps across identity tools Trace how changes move between IAM, PAM, governance, secrets, and agent controls. Focus on where revocation, policy updates, or risk signals stall between systems.
- Model delegation chains for every sponsored agent Document the human sponsor, primary agent, and any sub-agents that inherit access or trigger downstream actions. Treat each chain as a governed identity path, not a one-off deployment.
- Replace periodic reviews with event-driven decisions Use continuous authorization for high-risk machine identities, especially when agents authenticate frequently or can access production data and privileged workflows.
- Convert critical policy into machine-readable rules Move access requirements out of static documents and into executable policy so enforcement can keep pace with machine-speed activity and multi-system dependency changes.
- Align governance cadence to the fastest actor Set review, approval, and revocation timing based on the identity type with the shortest execution window, not on the slowest human process in the chain.
Key takeaways
- The article's central claim is that identity failure now comes from poor coordination across tools, not from a lack of tools themselves.
- Machine-speed agents and delegation chains make periodic review models too slow to govern access safely.
- Practitioners should treat orchestration, policy-as-code, and unified lifecycle control as the next identity architecture baseline.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 and OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | AG-03 | Agent sprawl and tool chaining create runtime identity risk. |
| OWASP Non-Human Identity Top 10 | NHI-03 | Orchestration gaps often expose standing machine privileges. |
| NIST CSF 2.0 | PR.AC-4 | Coordinated access control is central to the article's thesis. |
Align identity governance processes so access changes propagate across systems without delay.
Key terms
- Identity Orchestration: Identity orchestration is the coordination layer that connects authentication, authorisation, governance, and revocation across separate tools. It creates one operational view of access so policy changes, risk signals, and lifecycle actions can move together instead of fragmenting across systems.
- Delegation Chain: A delegation chain is the path of access that extends from a human sponsor to one or more non-human identities, such as agents or service accounts. The chain matters because each inherited permission increases the effective blast radius of the original approval.
- Continuous Authorization: Continuous authorization is an event-driven access decision model that re-evaluates trust as context changes. For AI agents and workloads, it replaces slow periodic review with real-time checks that can respond to changing behaviour, privilege, and request sensitivity.
- Identity Blast Radius: Identity blast radius is the amount of access and downstream effect a single identity decision can create. In agentic environments, one sponsor decision may produce multiple identities, inherited permissions, and chained actions, so blast radius becomes a core governance metric.
Deepen your knowledge
Access orchestration, AI agent governance, and machine-readable policy are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are building a control plane across human, machine, and autonomous identities, it is worth exploring.
This post draws on content published by ConductorOne: Access Management Needs a Conductor, Not More Instruments. Read the original.
Published by the NHIMG editorial team on 2026-03-04.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
