TL;DR: Browser-native AI and autonomous agents are pushing organizations toward a third identity class, while more than 99% of organizations are already moving ahead with AI initiatives and many still rely on fragmented, legacy security controls, according to JumpCloud. Reactive blocking drives usage underground; the real control problem is governed visibility, not prohibition.
At a glance
What this is: This is a governance-focused analysis of why AI agent identity cannot be managed like a standard bot or a human user, and why reactive blocking fails.
Why it matters: It matters because IAM teams need a control model that spans NHI, autonomous behaviour, and human oversight without creating shadow AI or losing accountability.
By the numbers:
- Over 99% of organizations are already moving forward with AI initiatives.
- The 2026 Infrastructure Identity Survey found that 69% of security leaders agree identity management must fundamentally shift to address agentic AI systems.
- Only 44% of organisations have implemented any policies to manage their AI agents, despite 92% agreeing that governing AI agents is critical to enterprise security.
👉 Read JumpCloud's analysis of AI agent identity and unified governance
Context
AI agent identity is the governance problem that appears when software can choose actions, tools, and timing in pursuit of a goal rather than simply following a fixed script. The article argues that older IAM models break because they assume identity is either human or a static machine account, while agentic systems sit between those categories and create new accountability gaps.
For IAM and security teams, the practical issue is not whether AI will be used, but whether it will be governed through a unified control plane or pushed into shadow AI through blocking. That distinction matters across NHI, autonomous, and human identity programmes because visibility, least privilege, and session accountability have to extend to every actor type the organisation now depends on.
Key questions
Q: How should security teams govern AI agent identity in enterprise environments?
A: Security teams should govern AI agents as distinct actors with scoped entitlements, session-level visibility, and explicit lifecycle controls. The key is to manage what the agent can access and do at runtime, not just whether it authenticated successfully. That requires unified logging, human oversight, and continuous review of reachable actions.
Q: Why does blocking AI access often make governance worse?
A: Blocking often makes governance worse because users route around restrictions and move into shadow AI, where security teams lose visibility and auditability. The control failure is not simply that the block exists, but that the organisation did not provide a sanctioned path with logging, data handling rules, and access accountability.
Q: What do organisations get wrong about least privilege for AI agents?
A: They often define least privilege from a static role description instead of the agent’s actual runtime behaviour. An AI agent may hold a narrow title but still reach sensitive systems, chain tools, or access data outside the intended task. Effective scoping must reflect reachable action space, not job labels.
Q: How can teams keep AI adoption from creating shadow AI risks?
A: Teams should offer approved AI workflows that are easier to use than unsanctioned tools, backed by identity logging and data controls. If the official path is cumbersome, employees will bypass it. Governance works best when secure use is the most practical path for day-to-day work.
Technical breakdown
Why AI agent identity is a third governance class
Traditional IAM splits the world into human users and non-human identities such as service accounts, scripts, and API tokens. AI agents do not fit cleanly into either category when they can reason, select actions, and decide how to reach a goal at runtime. That behaviour changes the identity question from who authenticated to what governed the decision path. In practice, the control plane has to account for dynamic action selection, policy scope, and traceable execution across the session, not just the login event. Practical implication: treat AI agents as governed actors with their own lifecycle, session, and entitlement boundaries.
Practical implication: treat AI agents as governed actors with their own lifecycle, session, and entitlement boundaries.
Why reactive blocking creates shadow AI
Blocking AI access rarely eliminates use, because users route around restrictions when the tools still help them work. That creates shadow AI, where unsanctioned tools receive data outside approved identity controls and security teams lose both visibility and auditability. The failure is not simply policy enforcement, but the absence of a secure alternative path that gives users approved access with accountable logging. Once usage moves outside the managed environment, data handling, provenance, and entitlement review become partial at best. Practical implication: build approved access paths that make governed use easier than unsanctioned use.
Practical implication: build approved access paths that make governed use easier than unsanctioned use.
Unified control planes and least privilege for autonomous systems
The article’s unification argument maps to a familiar IAM problem: when identity, device, and access controls are split, no team has a full picture of risk. For AI agents, the issue is sharper because one control gap can propagate across tools, data sources, and downstream actions in a single session. Least privilege still matters, but it has to be enforced against actual agent behaviour and tool access rather than assumed task intent. That is why session controls, traceability, and central entitlement governance become core architectural requirements. Practical implication: converge identity, access, and visibility so agent behaviour can be constrained and verified in one place.
Practical implication: converge identity, access, and visibility so agent behaviour can be constrained and verified in one place.
Breaches seen in the wild
- Moltbook AI agent keys breach — Moltbook breach exposed 1.5M AI agent keys.
- AI LLM hijack breach — attackers used stolen AWS access keys to hijack Anthropic LLM models on Bedrock.
Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.
NHI Mgmt Group analysis
AI agent identity is not a subcategory of service accounts. The article correctly separates probabilistic, goal-seeking agents from fixed scripts and bots, which is the governance distinction that matters. Once an identity can choose routes and tools at runtime, static provisioning logic stops describing the real risk. Practitioners should stop forcing agentic systems into machine-identity templates that assume deterministic behaviour.
Reactive blocking is a control failure, not a strategy. The piece describes exactly how users bypass restrictions when the approved path is missing, creating shadow AI and unlogged data exposure. That means the organisation has exchanged visible risk for invisible risk, which is almost always worse from a governance and response standpoint. The practitioner conclusion is that controls must make compliant use operationally easier than unsanctioned use.
Unified identity governance becomes the only scalable operating model. Fragmented identity, device, and access tooling cannot keep pace when the same actor can touch data, tools, and workflows across several domains in one session. The field should read this as a sign that AI identity, human IAM, and NHI governance are converging into one control problem with different actor types. Practitioners should plan for a shared control plane rather than parallel exception handling.
Least privilege for AI agents must be judged by reachable action space, not declared role names. The article’s emphasis on guardrails and human oversight points to a deeper problem: the label on the identity tells you little if the agent can still traverse sensitive systems at runtime. This is where entitlement review, session logging, and tool scoping matter more than branding a system as AI-safe. Practitioners should evaluate what the agent can actually do, not what the policy says it should do.
From our research:
- Only 44% of organisations have implemented any policies to manage their AI agents, despite 92% agreeing that governing AI agents is critical to enterprise security, according to The 2026 Infrastructure Identity Survey.
- Another finding from the same survey shows that 70% of organisations grant AI systems more access than they would give a human employee performing the exact same job.
- That same research also found that systems with least-privileged AI access had a 17% incident rate versus 76% for over-privileged systems, reinforcing why scoped governance matters.
What this signals
Agentic control is becoming an IAM architecture issue, not a niche AI policy problem. As AI usage spreads, teams need to prepare for identity governance that spans human users, non-human accounts, and autonomous actors in one operating model. The programmes that delay this work will keep seeing AI adoption escape into unmanaged channels.
With 98% of organisations planning to deploy even more AI agents within 12 months, the pressure is not on proving adoption but on making adoption governable. That means aligning access reviews, data controls, and session telemetry before the agent population grows beyond manual oversight.
From our perspective, the key concept is governed visibility: if a team cannot see which AI tools are active, what they touched, and which identities enabled them, policy enforcement becomes mostly performative. Practitioners should prepare for a future where AI, NHI, and human identity share the same control expectations even if the actor behaviour differs.
For practitioners
- Define a separate governance model for AI agents Map AI agents as distinct governed actors with their own lifecycle, session controls, and entitlement boundaries instead of reusing human or service-account templates. This makes review, offboarding, and accountability measurable across the full execution path.
- Replace reactive blocking with approved access paths Create sanctioned workflows for AI use that include logging, policy checks, and data handling controls so employees do not move to shadow AI tools outside identity visibility. The goal is to make governed use easier than unsanctioned use.
- Converge identity and access controls into one plane Bring human, machine, and agent access telemetry into a single operational view so least privilege can be enforced across the same data and tool set. Without that consolidation, teams cannot see how one agent action propagates across systems.
- Review least-privilege scopes against actual agent actions Test whether the permissions granted to an AI agent match the actions it can reach at runtime, including data retrieval, tool chaining, and downstream workflow execution. If the answer is no, the entitlement model is too broad for the behaviour.
Key takeaways
- AI agents need their own identity governance model because their runtime decisions do not fit cleanly into human or static machine account patterns.
- Reactive blocking pushes AI use into shadow channels, which removes the visibility and audit trail that security teams need most.
- Unified identity, access, and session control is the practical path to governing agentic systems without losing oversight or scale.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 and OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | A1 | The article centres on agent identity, runtime choices, and governance boundaries. |
| OWASP Non-Human Identity Top 10 | NHI-01 | AI agents behave as governed non-human identities with access and lifecycle needs. |
| NIST CSF 2.0 | PR.AC-4 | Unified least privilege and access visibility align with identity access control. |
Consolidate identity telemetry and enforce least privilege across human, machine, and agent access.
Key terms
- AI Agent Identity: AI agent identity is the governance construct used for a software actor that can choose actions, tools, and timing at runtime. It sits beyond a fixed script or service account because its behaviour changes with context, so access, logging, and revocation must reflect execution choices as well as authentication.
- Shadow AI: Shadow AI is the use of AI tools or agents outside approved security and identity controls. It creates blind spots in logging, data handling, and accountability because the organisation can no longer reliably see who accessed what, through which tool, and under what policy boundary.
- Unified Control Plane: A unified control plane is a single governance layer that brings identity, access, and visibility into one operating view. For AI and NHI programmes, it reduces gaps created by siloed tools and makes it possible to enforce least privilege, trace activity, and respond consistently across actor types.
- Reachable Action Space: Reachable action space is the set of systems, data, and workflows an actor can actually touch at runtime. For AI agents, this matters more than role labels because the real risk is not the title assigned to the identity but the actions the system can chain or trigger once it is running.
Deepen your knowledge
AI agent identity, session controls, and unified governance are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are building controls for autonomous systems alongside human and machine identities, it is worth exploring.
This post draws on content published by JumpCloud: AI agent identity, unification, and the move beyond reactive blocking. Read the original.
Published by the NHIMG editorial team on 2026-03-18.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
