AI agent identity governance is outpacing enterprise IAM controls

At a glance

What this is: This survey shows that AI agent adoption is colliding with weak identity governance, low IAM confidence, and fragmented ownership.

Why it matters: It matters because IAM, PAM, and NHI programmes now have to govern autonomous behaviour, not just static credentials and human users.

By the numbers:

• Only 18% of security leaders are highly confident their current IAM systems can effectively manage agent identities.
• Just 23% of organizations have a formal, enterprise-wide strategy for agent identity management.
• 40% of organizations are increasing their identity and security budgets specifically to address AI agent risks.
• Only 21% maintain a real-time inventory of active agents.

👉 Read Strata Identity's full report on securing autonomous AI agent identity

Context

AI agent identity governance is the discipline of assigning, tracking, and constraining access for software entities that make runtime decisions across systems. This survey suggests most enterprises are trying to force that model into IAM patterns designed for human users and stable machine credentials, which is why confidence is low and ownership is fragmented.

The gap is not only technical. When teams share human credentials and access tokens with agents because no alternative exists, they are signalling that identity architecture has not caught up with the actor type. That makes this a governance problem for NHI, autonomous systems, and the human approval chains still expected to supervise them.

Key questions

Q: How should security teams govern AI agents that use shared credentials today?

A: They should treat shared credentials as a transition risk, not a steady state. Move agents onto dedicated identities, map every action to a sponsor, and enforce policy at the resource boundary so access is checked during execution rather than assumed from provisioning. Without that shift, agent behaviour remains outside meaningful audit and control.

Q: Why do autonomous agents break traditional IAM confidence measures?

A: Traditional IAM confidence measures assume access is stable, attributable, and reviewable over time. Autonomous agents change context during execution, span multiple platforms, and may complete sensitive actions before a review cycle can observe them. That makes confidence depend less on credential strength and more on runtime governance, traceability, and ownership.

Q: What do security teams get wrong about human-in-the-loop controls for agents?

A: They often assume a manual approval step is the same as governance. In reality, HITL only works when the organisation can discover all active agents, trace each one to an owner, and apply policy consistently across systems. Without those foundations, approvals create delay without closing the control gap.

Q: Who should be accountable for agent identity governance?

A: Accountability should sit with one named owner for the agent class, supported by security, IT, and platform teams. Fragmented responsibility leads to inconsistent policies, weak audit evidence, and unclear exception handling. The right model is a single accountable chain for identity, access, logging, and lifecycle decisions.

Technical breakdown

Why static credentials fail for autonomous agents

Static API keys, shared service accounts, and username-password combinations assume access is persistent, traceable, and issued to a stable subject. Autonomous agents do not behave that way. They operate continuously, span multiple platforms, and may need different privileges at different points in a single workflow. That means the old model of credential issuance and periodic review creates a mismatch between the identity object and the actor’s runtime behaviour. In practice, the problem is not only credential strength. It is that the access model is too static for decision-making systems that change context mid-execution.

Practical implication: Treat long-lived human-style credentials as a design defect for agent workflows, not as a temporary workaround.

Runtime authorization and traceability in agentic workflows

Agentic environments need controls that evaluate access at the moment of action, not just at enrolment. Runtime authorisation, OBO token exchange, and continuous traceability are responses to the fact that an agent can cross systems, change tasks, and trigger downstream actions without a human present for every step. If a programme cannot connect an action back to a sponsor or policy decision in real time, it loses the ability to govern the workflow as it unfolds. This is where IAM and PAM start to overlap with NHI governance more directly than they do in most human identity programmes.

Practical implication: Build policy enforcement points that sit in front of sensitive resources and log every agent action back to a sponsor or policy context.

Human-in-the-loop controls are not the same as governance

The survey shows strong support for human-in-the-loop checks, but HITL only works when the architecture can pause, validate, and resume without breaking the workflow. Many programmes mistake a manual approval step for governance, when in reality it is only one control point inside a larger identity design. If the system cannot discover agents, inventory their privileges, and apply consistent policies across environments, human approval becomes a bottleneck rather than a control. Governance for agents has to cover discovery, ownership, authentication, and auditability together.

Practical implication: Map every approval gate to a discoverable agent inventory and a clear ownership model before relying on HITL as a control.

Threat narrative

Attacker objective: The objective is to turn trusted agent workflows into a durable access path that can move laterally, expose data, and evade accountability.

1. Entry occurs when organisations share human credentials, static API keys, or service accounts with autonomous agents because no dedicated identity model exists for them.
2. Escalation follows as agents operate continuously across public cloud, on-premises, and hybrid environments with privileges that are hard to trace, audit, or scope in real time.
3. Impact is the creation of blind spots for unauthorized actions, sensitive data exposure, and compliance failure because the organisation cannot reliably prove who or what performed the action.

Breaches seen in the wild

• Moltbook AI agent keys breach — Moltbook breach exposed 1.5M AI agent keys.
• MongoBleed breach — MongoBleed exposed secrets across 87K MongoDB servers.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Static credential governance was designed for access that stays still long enough to be reviewed. That assumption fails when an autonomous agent can authenticate, act, and move on across multiple environments in one continuous workflow. The implication is not simply that teams need more controls. It is that access-review-centric governance no longer describes the thing being governed.

Agent identity without a clear owner is a governance failure, not a staffing issue. When responsibility is split across security, IT, and emerging AI functions, no one can prove policy intent, accept accountability, or respond cleanly to audit questions. This is where identity governance becomes an operating model problem as much as a technical one, and practitioners need a single accountable chain for every agent class.

Runtime authorisation is becoming the dividing line between experimental and production-grade agent programmes. Continuous decision-making across multiple platforms means policy enforcement has to happen during execution, not just at provisioning. The field is moving toward identity architectures that can enforce, trace, and constrain agent behaviour at runtime, which is now a prerequisite for scale rather than an advanced option.

Agent identity ownership vacuum: The lack of a formal enterprise strategy shows that many organisations are trying to govern a new actor type with fragmented human-era processes. That fragmentation weakens auditability, slows deployment, and creates a compliance gap that no single team can close alone. Practitioners should treat ownership as the first control boundary for agent governance.

AI agents are forcing IAM, PAM, and NHI disciplines to converge. The survey data shows that the operational risk is not limited to authentication or token hygiene. It includes policy scope, runtime action control, and evidence generation, which means identity teams need a shared governance model that spans humans, service accounts, and autonomous actors.

From our research:

• Only 18% of technology professionals say they are highly confident their current identity systems can effectively handle agent identities, according to the AI Agents: The New Attack Surface report.
• Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
• That governance gap connects directly to the OWASP Agentic AI Top 10, where runtime abuse and identity misuse become structural risks rather than isolated misconfigurations.

What this signals

Agent identity will increasingly be judged on evidence, not intent. As autonomous workflows spread, programmes that cannot produce sponsor attribution, active inventory, and runtime audit trails will struggle to move past pilot status. The practical shift is toward governance that proves control at execution time, not just at enrollment time, and that is where the Ultimate Guide to NHIs , Lifecycle Processes for Managing NHIs becomes directly relevant.

With 92% of organisations agreeing that governing AI agents is critical to enterprise security in the linked research, the market signal is clear: demand is moving from general IAM features to dedicated agent identity controls. That will force identity teams to standardise discovery, ownership, and policy enforcement before agent adoption widens further.

Identity blast radius: The next governance problem is not whether an agent can authenticate, but how far it can move once trusted. Teams should assume that every unaudited agent is a potential cross-platform path and align controls to the OWASP Agentic AI Top 10 and runtime zero-trust principles.

For practitioners

• Replace shared human credentials in agent workflows Inventory every place where agents are using usernames, passwords, API keys, or shared service accounts. Move those paths to dedicated agent identities and enforce sponsor attribution for every privileged action across environments.
• Create a single owner for each agent class Assign accountable ownership for discovery, policy, audit, and exception handling so security, IT, and AI teams are not making overlapping decisions without a final authority. Ownership should be recorded in the same system used for lifecycle governance.
• Enforce runtime policy at the resource boundary Place policy enforcement points in front of critical systems so authorisation is checked at the moment of action. This reduces reliance on static entitlements and makes continuous traceability possible when agents operate across multiple platforms.
• Tie human-in-the-loop checks to a real agent inventory Do not rely on approval gates unless every active agent can be discovered, named, and traced back to a sponsor in real time. Otherwise the approval step becomes a manual bottleneck with no meaningful governance coverage.
• Use identity review evidence as a production gate Require proof of auditability, active inventory, and policy scope before allowing agents to move beyond pilot use. If those artefacts are missing, the programme is not ready for production even if the workflow appears to function.

Key takeaways

• AI agents expose a structural gap in IAM because they operate continuously, across systems, and outside the assumptions built into static identity controls.
• The survey data shows low confidence, weak ownership, and limited real-time visibility, which means the governance problem is already operational rather than theoretical.
• Production-ready agent programmes will need dedicated identities, runtime authorisation, and clear accountability before they can scale safely.

Key terms

• Agent Identity Governance: The discipline of assigning ownership, identity, policy, and auditability to AI agents so their actions can be controlled and explained. For autonomous systems, it must cover runtime decisions, sponsor attribution, and lifecycle handling, not just login credentials or enrolment records.
• Runtime Authorisation: An access decision made at the moment an action is about to occur, rather than only when an identity is created or provisioned. For agents, this matters because behaviour can change mid-session and privileges may need to be constrained continuously across multiple systems.
• Sponsor Attribution: A way to link an agent action back to the human, team, or system accountable for that workflow. In autonomous environments, sponsor attribution is essential for audit, incident response, and compliance because the actor may not be a person and may not remain stable across the full task.
• Identity Blast Radius: The amount of systems, data, and privileges an identity can reach once trusted. For autonomous agents, blast radius can expand quickly across platforms if credentials are shared, ownership is unclear, or runtime policy enforcement is missing.

Deepen your knowledge

AI agent identity governance is a core topic in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are building controls for autonomous workflows, this is a practical place to start.

This post draws on content published by Strata Identity: Securing Autonomous AI Agents Starts with Identity Governance. Read the original.