TL;DR: AI agents are already in production at 72% of organisations, yet 92% report limits to safely scaling them, according to JumpCloud's Agentic IAM Pulse Report. The gap is not agent capability but governance depth: without formal identity records, revocation paths, and policy enforcement, agentic IT expands risk as fast as it reduces routine work.
At a glance
What this is: This is a governance analysis of agentic IT showing that AI agents can absorb routine work only when identity, access, and revocation controls keep pace.
Why it matters: It matters because IAM, NHI, and human identity programmes now have to govern machine-speed execution, not just human requests and approvals.
By the numbers:
- 92% of organizations reported limits to safely scaling their use of AI agents.
- 72% are already running AI agents in production.
- 70% of organisations grant AI systems more access than they would give a human employee performing the exact same job.
- Only 44% of organisations have implemented any policies to manage their AI agents, despite 92% agreeing that governing AI agents is critical to enterprise security.
👉 Read JumpCloud's analysis of agentic IT governance and governed AI
Context
Agentic IT is the idea that AI agents can take over routine operational work such as onboarding, access provisioning, evidence collection, and support triage. The governance problem is that many organisations are trying to scale that model before they have a reliable identity record, policy boundary, or revocation path for each agent.
The article frames this as a capacity issue, but the deeper issue is identity control. Once an agent can act at machine speed across systems, the question shifts from whether it is useful to whether the organisation can prove what it was allowed to do, detect when scope changes, and revoke access without delay.
Key questions
Q: How should organisations govern AI agents that perform routine IT work?
A: Treat each agent as a non-human identity with an owner, a defined permission set, and a lifecycle. Routine work can be delegated only when access is policy-bound, logged, and revocable. If the organisation cannot inventory the agent or explain its scope, it should not be allowed to operate in production.
Q: Why do AI agents create governance risk even when the tasks are predictable?
A: Predictable tasks do not eliminate identity risk. An agent can still exceed its intended scope, persist after ownership changes, or operate without a complete access record. The problem is not the workflow itself, but the absence of identity governance around the actor performing it.
Q: What breaks when AI agents are deployed without formal identity records?
A: Access reviews become incomplete, revocation becomes uncertain, and ownership becomes ambiguous. The organisation may see work getting done, but it cannot reliably prove who or what performed it, what it was allowed to touch, or whether the access still belongs in the environment.
Q: Who should be accountable when an AI agent makes an incorrect access or onboarding decision?
A: Accountability should sit with the business owner and the identity team that defined the agent’s scope, policy, and monitoring. If those roles are unclear, the agent is operating outside governable boundaries. Governance should make responsibility traceable before production use begins.
Technical breakdown
Why agentic IT turns identity into the control plane
Agentic IT moves repetitive work from human operators to AI agents, but that hand-off only works if the agent is treated as an identity with explicit permissions. In practice, the control plane is no longer just the application or ticketing system. It becomes the policy layer that defines what the agent may read, provision, escalate, or complete. Without that layer, automation increases throughput while weakening accountability. The governance challenge is therefore not the agent itself, but the absence of an enforceable identity record tied to each action.
Practical implication: assign every agent a managed identity, a named owner, and policy-bound access before it touches production workflows.
Shadow AI appears when access exists without a formal identity record
Shadow AI in this context is not simply an undiscovered chatbot. It is any agent operating with credentials, tool access, or workflow reach that IT cannot inventory or revoke cleanly. The risk rises when agents are embedded in business tools faster than governance processes can register them. That creates a familiar but sharper NHI problem: access can exist without inventory, intent, or lifecycle control. When identity records are missing, access reviews become incomplete and revocation becomes guesswork.
Practical implication: require discovery and registration of every agent before granting persistent access to business systems.
Why governance must follow the agent, not the task
Routine tasks such as password resets or evidence gathering are often used to justify agentic IT because they are predictable. But predictability of the task does not mean predictability of the identity. An agent can still drift in scope if its permissions are broader than the job, or if its owner and approval chain are unclear. The correct governance model tracks the actor, the policy, and the lifecycle event, not just the workflow outcome. That is how organisations preserve control while moving work below the desk.
Practical implication: bind approvals, logging, and revocation to the agent lifecycle rather than to individual workflow steps.
Threat narrative
Attacker objective: The objective is to gain durable operational reach through unmanaged AI agent access so routine actions can be executed without reliable oversight or revocation.
- Entry occurs when an AI agent is deployed into a routine workflow such as onboarding, access provisioning, or compliance evidence collection with credentials and tool access already in place. Escalation follows if the agent operates without a formal identity record or policy boundary, because its reach expands faster than review cycles can detect. Impact appears when ungoverned agents start completing high-volume tasks, creating a shadow AI layer that cannot be confidently audited or revoked.
Breaches seen in the wild
- Moltbook AI agent keys breach — Moltbook breach exposed 1.5M AI agent keys.
- AI LLM hijack breach — attackers used stolen AWS access keys to hijack Anthropic LLM models on Bedrock.
Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.
NHI Mgmt Group analysis
Agentic IT exposes an identity governance gap, not a staffing gap. The article describes capacity relief, but the real control question is whether organisations can inventory, authorise, and revoke AI agents as identities. When they cannot, the efficiency gain is real but so is the unmanaged execution surface. Practitioners should treat agentic IT as a governance programme before they treat it as a productivity programme.
Managed identity records are now the minimum viable control for AI agents. An agent that can read roles, provision access, and assemble evidence is functionally a non-human identity, even if it sits inside a familiar workflow tool. That means ownership, policy scope, logging, and lifecycle state must be explicit. The implication is straightforward: if the agent cannot be named in identity governance, it is not governed.
Identity blast radius is the right concept for agentic IT. The article shows that value comes from handing off routine work, but the risk is concentrated in how far an agent can move once it has access. The blast radius is not just the number of systems an agent can touch, but the speed at which it can act before a human notices. Practitioners should map that radius before expanding deployment.
Shadow AI governance fails when discovery and revocation are not lifecycle processes. The article makes clear that unmanaged agents appear when adoption runs ahead of oversight. That is a lifecycle failure, not a tooling gap. Discovery without registration is incomplete, and registration without revocation is a false sense of control. Practitioners need to treat agent offboarding as seriously as onboarding.
Human oversight should move from approving routine work to validating policy exceptions. The article’s model makes clear that routine approvals are the wrong place for scarce human attention. The governance value shifts to exception handling, scope drift detection, and ownership disputes. That is where human judgment is still required, and where programme design should concentrate.
From our research:
- Only 44% of organisations have implemented any policies to manage their AI agents, despite 92% agreeing that governing AI agents is critical to enterprise security, according to The 2026 Infrastructure Identity Survey.
- 69% of security leaders agree identity management must fundamentally shift to address agentic AI systems, according to The 2026 Infrastructure Identity Survey.
- That makes the governance gap a programme issue, not a future concern, and the relevant next step is to review OWASP Agentic AI Top 10 for the controls that need to move first.
What this signals
Agentic IT should be treated as an identity lifecycle problem before it is treated as an automation story. The organisations that scale safely will be the ones that can register, scope, monitor, and revoke agents with the same discipline they apply to other non-human identities. That requires policy, ownership, and offboarding to be designed in from day one, not retrofitted after usage expands.
The survey data reinforces the point: 7% of security leaders do not know how often their AI systems are making autonomous changes to infrastructure, according to The 2026 Infrastructure Identity Survey. When oversight cannot answer that basic question, the next governance move is to reduce ambiguity in ownership and logging before widening deployment.
Identity blast radius is likely to become the practical metric for agentic programmes. Teams will need to measure not only how many agents exist, but how far each can act before human review, which systems it can touch, and how quickly it can be removed from service. That is where control maturity will separate from adoption enthusiasm.
For practitioners
- Register every AI agent as a managed identity Create a formal identity record for each agent, including owner, scope, permissions, and lifecycle state before it is allowed into production workflows.
- Bind access to explicit policy boundaries Define what each agent can read, change, approve, or provision, and keep those permissions narrower than the human role the agent supports.
- Add revocation to the agent lifecycle Ensure offboarding, owner changes, and scope changes trigger immediate access removal or re-approval, not a later review cycle.
- Continuously discover shadow AI usage Use discovery processes to surface unsanctioned agents, then register them or remove access before they become part of the operational fabric.
- Shift human review to exceptions and drift Reserve human attention for policy exceptions, anomalous scope expansion, and unclear ownership rather than routine task approvals.
Key takeaways
- Agentic IT creates a governance problem whenever AI agents can act faster than identity processes can inventory and revoke them.
- The evidence points to a real maturity gap, with most organisations already using AI agents but far fewer able to govern them safely.
- Practitioners should design agent identity, policy scope, and offboarding before expanding autonomous operational work.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 and OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | A1 | Agentic AI governance and tool access are central to the article. |
| OWASP Non-Human Identity Top 10 | NHI-01 | Agents are treated as identities that need inventory and lifecycle control. |
| NIST CSF 2.0 | PR.AA-1 | Identity and access governance underpin safe agentic operations. |
Tie agent permissions to approved identity records and review them as part of access governance.
Key terms
- Agentic IT: Agentic IT is an operating model where AI agents take on repetitive IT tasks such as onboarding, support triage, and evidence collection. The model only remains governable when each agent has an identity, a bounded permission set, and lifecycle controls that make its actions auditable and revocable.
- Shadow AI: Shadow AI is the use of AI agents or tools that security and identity teams cannot fully see, inventory, or control. In practice, it becomes an access governance issue when an undiscovered agent can reach systems, hold credentials, or continue operating after ownership has changed.
- Identity blast radius: Identity blast radius is the amount of damage a person, service account, or AI agent can cause through the access it holds. For agents, the measure includes how many systems it can touch, how quickly it can act, and how difficult it is to revoke that access once deployed.
- Managed identity: A managed identity is a formally recorded identity that has an owner, defined permissions, and lifecycle state that can be tracked over time. For AI agents, it is the minimum governance unit needed to prove what the agent may do and to remove access when its role changes.
Deepen your knowledge
NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.
This post draws on content published by JumpCloud: agentic IT governance and the shift from shadow AI to governed AI. Read the original.
Published by the NHIMG editorial team on 2026-06-24.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
