AI agent adoption is reshaping enterprise identity controls

At a glance

What this is: This is 1Password’s take on why AI adoption and agentic workflows are driving rapid identity-tool growth and exposing governance gaps around humans, agents, and machine identities.

Why it matters: It matters because IAM teams now have to govern access across humans, service identities, and AI agents in one programme, rather than treating AI security as a separate layer.

By the numbers:

• The security tool 1Password showed the highest industry-level growth, notching a 370% YoY increase in the technology sector.
• 91% of the organizations they surveyed are using AI agents.

👉 Read 1Password’s analysis of AI agent identity growth and access governance

Context

AI agent identity governance is now an IAM problem, not a niche product feature. The article ties 1Password’s growth to enterprise adoption of AI-powered workflows, where employees, agents, tools, and secrets increasingly sit in the same access path. That creates a governance challenge for programmes that still separate human access, workload identity, and emerging agentic use cases.

The article’s core claim is that existing access controls were not designed for dynamic, probabilistic machine identities. That matters because once agents can act inside production workflows, the questions shift from simple authentication to auditability, privilege scope, approval boundaries, and policy enforcement across the full delegation chain.

Key questions

Q: How should security teams govern AI agents that can access multiple tools?

A: They should govern AI agents as identities with explicit runtime boundaries, not as ordinary automation. That means defining allowed tools, approved data sources, human approval points, and per-action logging before the agent is put into production. The safest model is a narrow, observable access path with clear ownership and revocation.

Q: Why do AI agents create more identity risk than standard automation?

A: Because standard automation usually follows a fixed script, while AI agents can choose actions, tools, and timing within a live workflow. That creates more uncertainty around least privilege, auditability, and policy enforcement. Identity teams must assume the access path can change during execution, not just at setup.

Q: What breaks when employees use unapproved AI tools with company data?

A: Governance breaks because the organisation loses visibility into where data and secrets are going, who can access them, and how they are being reused. Unapproved tools can copy credentials into unmanaged workflows, which weakens revocation and makes audit trails incomplete. The result is shadow access outside the main identity programme.

Q: How do IAM teams prepare for humans, agents, and machine identities together?

A: They should unify policy, discovery, and access review across all three identity classes. The programme needs a shared inventory of identities, a common view of privileges, and consistent offboarding for credentials and sessions. For mixed environments, the control objective is one governance model with different rules by actor type, not three disconnected programmes.

Technical breakdown

AI agent identity and dynamic access scope

AI agents are not just another automated workload. In the article’s framing, they operate across tools, credentials, and workflows in ways that can change during runtime, which makes fixed entitlement models brittle. Traditional IAM assumes a relatively stable identity and a predictable action set. Agentic systems can widen or narrow their own operational path as they interact with different tools, which makes the access boundary harder to define at provisioning time. That is why auditability and policy enforcement become central concerns, not add-ons.

Practical implication: treat agent access as a governed runtime state, not a static entitlement.

Shadow AI, secrets, and unmanaged workflow access

The article links AI adoption to shadow use, where employees rely on unapproved tools and expose sensitive information outside formal controls. In identity terms, that means secrets, tokens, and sessions can be copied into workflows that security teams do not fully see. The control problem is not only theft, but untracked propagation of access into AI tooling, browser extensions, and builder workflows. Once secrets are reused in those paths, revocation alone does not restore governance if the workflow itself remains unmanaged.

Practical implication: inventory where secrets enter AI workflows and remove unmanaged paths before expanding access.

Why auditability breaks down for agentic access

The article points to over-privileged agents and limited auditability as a combined failure mode. That pairing matters because audit logs only help if the actor’s decision path is observable and the resulting action can be attributed to a specific identity and policy condition. If the agent can select actions across multiple tools, the organisation needs evidence of what it was allowed to do, what it actually did, and whether the action was human-authorised or policy-triggered. Without that, identity governance becomes after-the-fact reconstruction rather than control.

Practical implication: require per-action attribution and policy evidence for every agent-controlled workflow.

Breaches seen in the wild

• Moltbook AI agent keys breach — Moltbook breach exposed 1.5M AI agent keys.
• Shai Hulud npm malware campaign — Shai Hulud campaign: npm malware exposed secrets on GitHub.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

AI agents are becoming a distinct identity governance class, not just a new workload type. The article shows why agentic systems cannot be managed through human IAM assumptions alone. When access is assembled dynamically across tools and data sources, the security problem shifts from login to runtime authority. Practitioners should treat agent identity as its own governance surface, covered by OWASP-NHI and Zero Trust principles, not folded into generic automation.

Dynamic machine identities expose a runtime governance gap that static provisioning cannot close. The article’s core signal is that access decisions for AI agents are no longer made once at onboarding and then reviewed later. That assumption fails when the identity can choose tools, credentials, and action timing inside a live workflow. The implication is that entitlement models, certification cadences, and audit design all need to account for runtime behaviour rather than fixed access states.

Shadow AI turns identity risk into an unbounded discovery problem. If one in four employees already uses unapproved AI apps, the governance issue is not simply policy non-compliance. It is that access paths are being created outside approved identity controls, where secrets and data can move faster than security teams can catalogue them. The practical conclusion is that visibility into AI usage must be part of the identity programme, not a separate awareness campaign.

Agentic security will increasingly converge with NHI governance and workflow control. The article’s emphasis on unified access across humans, agents, and machine identities reflects where the market is heading. The question for practitioners is no longer whether to treat AI agents as identities, but whether their current governance model can survive mixed human, workload, and agentic delegation. The answer will determine how quickly AI can be adopted without creating permanent access debt.

Access review processes assume access persists long enough to be reviewed; autonomous-seeming agent workflows can collapse that window. Even where an agent is bounded, the broader lesson is that review-based governance is weak against identities that can assemble and discard access inside active sessions. Practitioners need to rethink what evidence a review cycle can actually certify when access behaviour is transient and context-driven. That is the governance pressure point this article exposes.

From our research:

• 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to the Ultimate Guide to NHIs.
• Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them, according to the Ultimate Guide to NHIs.
• For a broader operating model, Ultimate Guide to NHIs , Why NHI Security Matters Now is the best companion resource for teams reworking access governance.

What this signals

Identity programmes are moving toward an all-actor control plane. As enterprises mix humans, workloads, and AI agents in the same workflows, the practical question becomes whether policy, discovery, and offboarding are consistent across all three. The governance model that survives this shift is the one that treats access as a lifecycle problem, not just an authentication problem.

AI adoption will force security teams to measure access by behaviour, not label. If a system can reach tools, data, and secrets in different combinations during the same workflow, then entitlement review alone is not enough. Teams need to understand which identities can actually act, which ones are merely provisioned, and where the organisation still lacks a complete inventory of non-human access.

A useful next step is to connect AI governance to identity standards rather than standalone tooling. The NIST Cybersecurity Framework 2.0 remains a practical way to organise identity, protect, detect, respond, and recover controls around agentic access paths, especially when shadow AI and delegated credentials are already in circulation.

For practitioners

• Map AI agent access paths end to end Document where agents obtain credentials, which tools they can call, and which data sources they can reach. Include human approvals, indirect token use, browser-based access, and any builder workflow that can bypass the main IAM path. Use the Ultimate Guide to NHIs as the baseline for what counted as a non-human identity before agentic use cases expanded.
• Separate approved AI workflows from shadow AI use Inventory employee-facing AI tools, extensions, and workflow helpers that can access company data. Remove duplicated secrets, block unsanctioned tokens, and define an explicit exception process for any workflow that must remain outside standard control.
• Require per-action audit evidence for agent operations Capture which identity initiated the session, which policy allowed the action, what tool was used, and whether a human approved the step. Without that chain of evidence, agent behaviour becomes difficult to certify or investigate after the fact.
• Set privilege boundaries before enabling agentic workflows Limit each agent to the minimum tool set needed for its task, and recheck those limits whenever the workflow changes. Use the NIST Cybersecurity Framework 2.0 to align identity governance, detection, and response around the same access boundary.
• Treat secrets governance as part of AI rollout planning Review where API keys, tokens, and certificates are stored before expanding AI builder use. If secrets live in code, config files, or ad hoc collaboration tools, the AI workflow inherits that exposure and makes revocation more difficult later.

Key takeaways

• AI agent adoption is pulling identity governance beyond human-centric IAM and into runtime access control for non-human identities.
• The reported growth signals are important because they sit alongside high rates of shadow AI, over-privileged identities, and weak auditability.
• Practitioners should respond by unifying identity discovery, privilege boundaries, and per-action evidence across humans, agents, and machine identities.

Key terms

• AI Agent Identity: An AI agent identity is the access footprint used by a software system that can make independent runtime decisions about actions, tools, and timing. In practice, it is governed like a non-human identity, but with tighter controls because the access path can change during execution.
• Shadow AI: Shadow AI is the use of AI tools, agents, or workflows that security and identity teams have not formally approved or inventoried. The risk is not only unsanctioned software, but unmanaged credential use, hidden data movement, and policy bypass outside the identity programme.
• Dynamic Access Scope: Dynamic access scope is a runtime boundary that can shift as an identity interacts with tools, data, or policy decisions during a live session. It is harder to govern than a fixed entitlement because least privilege must be enforced continuously, not just at provisioning time.
• Per-action Auditability: Per-action auditability is the ability to tie each significant action to a specific identity, policy condition, and approved tool path. For AI agents and other non-human identities, it is the difference between usable governance evidence and a log trail that only describes activity after the fact.

Deepen your knowledge

AI agent identity governance and NHI lifecycle control are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If your team is now facing mixed human, workload, and agent access paths, it is worth exploring.

This post draws on content published by 1Password: AI agent growth, Unified Access, and identity security for the modern enterprise. Read the original.