TL;DR: 91% of U.S. data, privacy, and AI decision-makers say their organisations are developing or rolling out agentic AI, but only 48% are establishing formal AI governance policies and frameworks, according to Collibra. That mismatch shows adoption is outrunning governance, leaving identity, accountability, and control design exposed.
At a glance
What this is: This Collibra survey finds that agentic AI adoption is moving faster than formal governance, with most decision-makers reporting rollout activity but fewer than half saying policies are in place.
Why it matters: It matters because agentic AI changes who or what needs access governance, and IAM, IGA, and PAM teams need policy, lifecycle, and risk controls before scale makes them harder to retrofit.
By the numbers:
- 91% of technology leaders said that their organization is developing or rolling out agentic AI.
- 48% of tech decision-makers said their organization is establishing formal AI governance policies and frameworks.
- 52% of tech decision-makers are conducting regular AI risk assessments and audits.
👉 Read Collibra's survey on agentic AI governance, adoption, and policy gaps
Context
Agentic AI governance is the discipline of defining who or what can act, under which conditions, and with what oversight when software can make decisions at runtime. In this survey, adoption is clearly advancing faster than governance, which creates a familiar identity problem in a new form: access and accountability are being expanded before policy has caught up.
For IAM, IGA, and PAM teams, the issue is not whether agentic AI will arrive. The issue is whether governance, lifecycle management, and risk review are ready for identities that can request, combine, and use access dynamically across business systems. That is a different operating model from static application access or human-only workflows.
The starting position described here is typical rather than exceptional. Most organisations move faster on capability than on control design, which means the pattern is likely to repeat unless identity teams treat agentic AI as a governance category, not just another automation project.
Key questions
Q: How should security teams govern agentic AI before it reaches production scale?
A: Start by assigning each agent a clear owner, a defined purpose, and a review cadence. Then scope access to specific tasks, require evidence of what the agent did, and revoke access when the use case changes. Agentic AI should be managed as a governed identity, not as a loosely controlled feature of another platform.
Q: Why do static credentials create more risk for agentic AI systems?
A: Static credentials extend the life of access beyond the moment it is needed, which increases the blast radius if the agent misbehaves or the credential is exposed. For agentic systems, that persistence is dangerous because the actor can act independently across tools and services. Short-lived, task-scoped access reduces that exposure.
Q: What do organisations get wrong about AI governance policies?
A: They often treat AI governance as a model-risk or data-governance exercise and leave identity controls underneath it. That leaves ownership, approval, logging, and revocation ambiguous. Effective governance has to connect policy to the identities and permissions that actually let the system act.
Q: Who should own agentic AI access decisions in an enterprise?
A: Ownership should sit with the business and security functions that understand the workflow, with identity teams enforcing policy and evidence. No single team can safely manage agentic AI in isolation because the risk spans access, data, operations, and accountability. The ownership model must be explicit before broad rollout.
Technical breakdown
Why agentic AI changes identity governance
Agentic AI differs from conventional automation because it can make runtime decisions about what action to take, what tool to use, and when to act. That means access is no longer just a provisioning problem. It becomes a question of delegated authority, decision boundaries, and observable accountability. Traditional IAM assumes a stable subject with a predictable role. Agentic systems can shift context during execution, which makes static approval models less reliable. The control problem is therefore not simply access scope, but whether the organisation can define and monitor the agent's operational intent as it changes.
Practical implication: map agent behaviour to a governed identity model before giving it access to production systems.
Why static credentials are weak for agentic AI systems
Static credentials create persistence, and persistence creates blast radius. When an agent can act independently across multiple services, a long-lived key or token can turn a narrow workflow into broad system exposure. This is especially risky when the agent is connected to data stores, orchestration layers, and development tooling at the same time. The issue is not only theft, but overreach. If the identity carries more access than the task needs, the agent can use that privilege in ways the organisation did not anticipate when the credential was issued.
Practical implication: replace standing access with task-scoped entitlements wherever the agent's execution model allows it.
What governance looks like when AI systems can act
Governance for agentic AI needs to cover policy, evidence, and review together. Policy defines what classes of action are allowed, evidence shows what the system actually did, and review determines whether those actions remain acceptable over time. That matters because many organisations already say they are monitoring bias, fairness, and transparency, yet those checks do not by themselves answer who approved the access, who owns the risk, or when privileges should be withdrawn. A governance model that stops at model oversight leaves identity and operational control gaps open.
Practical implication: tie agent oversight to identity lifecycle controls, not only model-risk or data-governance reviews.
NHI Mgmt Group analysis
Agentic AI governance is now an identity problem, not just an AI policy problem. When software can initiate action, select tools, and execute decisions at runtime, the governance question shifts from model quality to delegated authority. That changes the control surface for IAM, IGA, and PAM teams because the subject is no longer a passive workload but an actor with operational discretion. The implication is that agentic AI must be governed as a non-human identity class with explicit accountability.
Formal AI governance policies are lagging the reality of deployment. Collibra's survey shows that most respondents say agentic AI is being developed or rolled out, yet fewer than half report formal policies and frameworks. That gap is not cosmetic. It means organisations are normalising capability before they have defined acceptable behaviour, ownership, and review thresholds. Practitioners should treat this as a maturity warning, not a tooling gap.
Identity governance assumptions built around stable access are already under pressure. Least privilege was designed for access that can be scoped at provisioning time and then reviewed later. That assumption fails when the actor can alter its tool use and request path at runtime. The implication is not merely more controls, but a rethink of how privilege, intent, and evidence are defined for autonomous behaviour.
Identity blast radius is becoming the practical measure of agentic AI risk. If 91% of decision-makers are already developing or rolling out agentic AI, then the question is no longer whether adoption is happening. The question is how much access each agent can accumulate before governance catches up. Organisations that treat agent identity as a bounded operational problem will miss the cumulative exposure created by multiple agents, shared credentials, and cross-system delegation.
Governance credibility will depend on proving control, not declaring confidence. The survey's confidence levels are high, but confidence is not evidence. Security teams need a defensible answer to who owns agent access, how agent actions are logged, and when access is revoked. Without that, AI governance becomes a policy statement with no operational enforcement behind it.
From our research:
- 70% of organisations grant AI systems more access than they would give a human employee performing the exact same job, according to the 2026 Infrastructure Identity Survey.
- Only 13% of organisations feel extremely prepared for the reality of agentic AI despite the majority racing toward autonomous adoption.
- For a governance baseline, read OWASP Agentic AI Top 10 for the control themes that should shape policy and review.
What this signals
The immediate signal for programmes is that AI access is already drifting beyond what humans would receive for the same work, so identity teams need to stop treating agent permissions as an exception category. With 70% of organisations granting AI systems more access than human employees, the gap is structural rather than cosmetic, and review processes need to catch up before more agents enter production.
Identity blast radius: the useful way to frame this trend is to measure how much uncontrolled access an agent can accumulate before a policy or review event intervenes. That concept is especially relevant where multiple tools, data stores, and orchestration layers sit behind a single agentic workflow.
Security leaders should expect governance pressure to move toward platform and infrastructure teams, but that shift only helps if they can tie oversight back to identity controls. The next step is to connect AI policy to the same access, logging, and lifecycle discipline used for other non-human identities.
For practitioners
- Classify agentic systems as governed identities Inventory every AI system that can decide, select tools, or execute actions without human approval, and assign an owner, purpose, and review cadence to each one.
- Replace standing access with task-scoped controls Limit agent permissions to the smallest viable set for the shortest viable duration, and avoid reusing the same token or credential across unrelated workflows.
- Tie governance to audit evidence Require logs that show what the agent accessed, what action it took, and who approved its operating boundary before the next review cycle.
- Fold AI oversight into identity lifecycle management Treat onboarding, access review, exception handling, and decommissioning for AI agents as lifecycle events, not ad hoc AI programme tasks.
Key takeaways
- Agentic AI is widening the identity governance problem because decision-making software can now carry and use access in ways static IAM models do not fully anticipate.
- The survey shows a clear maturity gap, with broad rollout plans but weaker policy coverage, which means confidence is running ahead of control design.
- Security teams should govern agentic systems as identities with owners, boundaries, and lifecycle controls rather than as generic AI capabilities.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 address the attack and risk surface, while NIST AI RMF and NIST CSF 2.0 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | Agentic AI governance and runtime tool use are central to the article. | |
| NIST AI RMF | The post focuses on governance, accountability, and risk management for AI systems. | |
| NIST CSF 2.0 | PR.AC-4 | Least privilege and access control are the main governance gaps highlighted here. |
Map agent permissions, tool access, and approval boundaries to agentic risk controls before production rollout.
Key terms
- Agentic AI: Software systems that can choose actions, tools, and timing at runtime rather than following a fixed script. In identity terms, these systems need explicit ownership, access boundaries, and review processes because they can act with operational discretion, not just execute predetermined automation.
- Identity blast radius: The amount of damage that can result when an identity has more access than it truly needs. For agentic AI, blast radius grows quickly because one credential can support many actions across systems, so control design must focus on limiting privilege scope and persistence.
- Agent governance: The set of policies, approvals, monitoring, and lifecycle controls used to manage AI systems that can act on behalf of the enterprise. It extends beyond model oversight to include access ownership, logging, revocation, and the business rules that constrain runtime behaviour.
- Non-human identity: Any identity that is not a person, including service accounts, API keys, tokens, certificates, workloads, bots, and AI agents. These identities need governance because they can carry privilege independently of a human user, and their access often outlives the task unless it is deliberately managed.
Deepen your knowledge
NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or governance in your organisation, it is worth exploring.
This post draws on content published by Collibra: Collibra Identified that Fewer Than 50% of Tech Decision-Makers Are Establishing AI Governance Policies, Which is Concerning. Read the original.
Published by the NHIMG editorial team on 2025-10-29.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
