TL;DR: 88% of organisations are using or plan to use AI agents, yet only 37% have moved beyond pilot programs and just 9% have integrated identity and data security controls for AI, according to Descope’s 2025 customer identity data. The gap is no longer theoretical: identity programmes are being asked to govern agent behaviour with controls built for users and static workloads.
At a glance
What this is: This is a customer authentication and AI agent identity analysis that argues identity programmes are being stretched by passwords, MFA gaps, and rapid agent adoption.
Why it matters: It matters because IAM teams now have to govern human logins, NHI access, and emerging agentic identity with one operating model, while the control baseline is still uneven.
By the numbers:
- 88% of organizations are using or plan to use AI agents, but only 37% have progressed beyond pilot programs.
- 94% of organizations have some form of customer MFA, but only 10% offer it across all applications.
- 87% of organizations still use username/password-based authentication, but only 2% believe it effectively balances security and user experience.
- 51% of organizations task developers who have minimal authentication experience to build customer-facing identity systems.
👉 Read Descope's customer authentication stats and AI agent risk analysis
Context
Customer authentication is no longer just a login problem. It now sits at the intersection of user experience, fraud exposure, developer capacity, and AI agent identity, which means the same programme has to absorb more risk without getting cleaner signals or simpler policy boundaries.
The main governance gap is not that organisations lack awareness. It is that they keep extending legacy auth models, partial MFA coverage, and generalist developer ownership into a world where AI agents, customer accounts, and machine identities all create different access patterns and failure modes.
Key questions
Q: How should security teams reduce password dependence without breaking customer login flows?
A: Start with the journeys that create the most account takeover and support cost, then replace passwords with stronger authentication where recovery and device binding can be controlled. Do not modernise all flows at once. Reduce dependence by segmenting high-risk applications first and measuring abandonment, reset volume, and takeover attempts after each change.
Q: Why do partial MFA deployments still leave organisations exposed?
A: Because attackers do not need universal weakness. They need one weak application, recovery path, or token handling flow that bypasses stronger controls elsewhere. Partial MFA often creates uneven assurance, so the programme reports success while the attack surface remains open in the least protected paths.
Q: What do security teams get wrong about developer-owned customer IAM?
A: They assume implementation skill is enough. In practice, identity design needs specialised policy, lifecycle, and recovery decisions that generalist product teams may not have time or context to own well. Without dedicated governance, auth becomes inconsistent across applications and harder to audit.
Q: How should organisations govern AI agents that touch customer data?
A: Treat each agent as a separate governed identity with explicit scope, audit requirements, and approval boundaries. If an agent can access data, invoke tools, or act on behalf of users, the control model must define what it may do, what it may not do, and how its actions are reviewed.
Technical breakdown
Password dependence and partial MFA coverage
Password-based authentication remains deeply embedded because it is easy to deploy, not because it is strong. Partial MFA coverage creates a false sense of control: some applications get step-up protection while others stay exposed, leaving attackers to target the weakest path. Token theft, prompt bombing, and adversary-in-the-middle attacks then exploit the unevenness between policy intent and real enforcement. In practice, authentication strength is only as good as the least protected application in the journey.
Practical implication: map MFA coverage by application and session path, then remove low-assurance exceptions before you expand AI or workload access.
Why developer-built CIAM becomes a control risk
When generalist developers build customer authentication, they often inherit a complex security domain without the specialist context to tune it safely. That leads to inconsistent enforcement, brittle integrations, and a tendency to postpone hard decisions about login policy, recovery, and session control. The issue is not coding skill in isolation. It is that identity architecture is being treated like a feature layer instead of a governed security system with lifecycle, fraud, and usability constraints.
Practical implication: separate identity architecture ownership from feature delivery ownership and require security review for auth design changes.
AI agents as a new identity boundary
AI agents introduce a different kind of identity challenge because they can act on behalf of people while touching data, tools, and systems at machine speed. That makes access scope, auditing, and user visibility central issues rather than afterthoughts. If organisations treat agents like ordinary application users, they miss the behavioural dimension: agents can overreach, chain actions, and expose data outside intended scope. This is where human IAM patterns stop being sufficient on their own and NHI governance becomes mandatory.
Practical implication: classify each AI agent as its own governed identity and define scope, audit, and approval boundaries before deployment.
Threat narrative
Attacker objective: The attacker’s objective is to gain unauthorised access that can be monetised through account takeover, data theft, fraud, or operational abuse.
- Entry occurs through weak or stolen customer credentials, often made easier by password reuse, poor recovery design, or partial MFA enforcement across applications.
- Escalation follows when attackers use credential abuse, token theft, or MFA bypass techniques to move from initial login to account takeover or unauthorised session control.
- Impact is business disruption, fraud exposure, trust loss, and in AI-enabled environments, over-access or data exposure through improperly governed agent behavior.
Breaches seen in the wild
- Moltbook AI agent keys breach — Moltbook breach exposed 1.5M AI agent keys.
- AI LLM hijack breach — attackers used stolen AWS access keys to hijack Anthropic LLM models on Bedrock.
Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.
NHI Mgmt Group analysis
Password-heavy authentication has become an identity tax, not an identity strategy. Organisations keep paying operational and user-experience costs for controls that the data shows they do not trust. The problem is structural: password dependence persists because the transition cost is high, even when the control itself is demonstrably weak. Practitioners should treat password reduction as a governance priority, not a UI preference.
Partial MFA creates a control illusion because attackers only need one weak application path. A programme can report high MFA adoption while still leaving the estate unevenly protected. That gap matters because token theft and adversary-in-the-middle techniques do not require the entire environment to be weak, only the path the attacker chooses. The practical conclusion is that coverage depth matters more than headline adoption.
AI agents are not just another workload class, they are a distinct identity boundary. They act on behalf of people, but they also observe, select, and move data in ways that traditional customer IAM does not model well. Dynamic authorisation boundaries: this is the named concept that matters here, because the access boundary shifts as the agent behaves, not just when it is provisioned. Practitioners should stop treating agent access as a static entitlement problem.
Developer ownership without identity specialisation is now a governance risk. When teams ask generalist developers to own customer auth, they blur product delivery and security control in ways that make consistency harder to sustain. That is especially risky once agents and workload identities enter the same environment, because the policy surface expands faster than most teams can review it. Identity architecture needs dedicated ownership and lifecycle accountability.
Customer IAM, NHI governance, and agentic identity are converging into one control conversation. The post-password future will not be governed by separate playbooks for people, services, and agents if organisations continue to share the same applications, data, and enforcement pipelines. That convergence demands one operating model with different control rules by actor type. Practitioners should prepare for a single governance plane with multiple identity behaviours.
From our research:
- 98% of organizations that reported an AI-related security incident lacked proper AI access controls, according to AI Agents: The New Attack Surface report.
- 80% of organizations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorized systems, inappropriately sharing sensitive data, and revealing access credentials.
- For a broader identity lens, see Ultimate Guide to NHIs for lifecycle and governance patterns that help define scope before expansion.
What this signals
Dynamic agent boundaries are becoming the next IAM design problem. Once AI systems can act, the old assumption that access can be reviewed as a stable entitlement no longer holds. Organisations should expect scope drift, delegated actions, and audit ambiguity to become the normal failure mode unless agent governance is built in from the start.
With 98% of organisations that reported an AI-related security incident lacking proper AI access controls, the operating lesson is clear: governance lag is now a material control risk, not a theoretical one.
For practitioners extending identity programmes into agents, the next step is to align customer IAM, NHI governance, and policy enforcement around actor type, not application convenience. That is where the OWASP Agentic Applications Top 10 becomes relevant as a design and review lens.
For practitioners
- Reduce password dependence in the highest-risk journeys Prioritise customer-facing flows where password reset, recovery, and takeover risk create the largest business impact, then replace them with stronger authentication paths first.
- Measure MFA coverage by application and session path Do not rely on enterprise-wide adoption claims. Review which apps, channels, and recovery paths still allow weaker authentication or unsupported exceptions.
- Separate identity architecture ownership from feature teams Assign accountable owners for auth policy, recovery design, and session controls so developers are not left to make security trade-offs ad hoc.
- Classify AI agents as governed identities before broad deployment Define scope, auditability, and approval boundaries for any agent that can access customer data or invoke actions, then review those controls as a lifecycle issue.
Key takeaways
- Password-heavy authentication continues to act like an identity tax, creating cost and risk even when teams know better options exist.
- Partial MFA and developer-led auth ownership leave control gaps that attackers can exploit through the weakest journey, not the average one.
- AI agents need explicit identity governance because their access, behaviour, and audit surface do not fit traditional customer IAM assumptions.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 and OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | OA-03 | AI agents in customer identity create dynamic access and tool-use risk. |
| OWASP Non-Human Identity Top 10 | NHI-01 | Password, token, and session abuse are core NHI identity failures. |
| NIST CSF 2.0 | PR.AA-01 | Authentication assurance and access management are central to the article. |
Treat customer-facing secrets and sessions as governed non-human identity assets with lifecycle controls.
Key terms
- Customer identity and access management: Customer identity and access management is the set of controls used to authenticate and authorise external users across digital services. It covers registration, login, recovery, session management, and risk handling. In practice, it must balance fraud resistance, usability, and auditability while keeping recovery paths from becoming the weakest point.
- Passkey: A passkey is a phishing-resistant authentication method based on public key cryptography. The credential is bound to a device or platform and avoids reusable shared secrets, which makes it harder to steal or replay. For identity teams, passkeys reduce password dependence but still need lifecycle and recovery governance.
- Agentic identity: Agentic identity is the identity posture used to govern software that can make runtime decisions and act on behalf of a person or process. It requires defined scope, observable behaviour, and explicit accountability. The challenge is that the identity boundary can move as the agent selects actions, tools, and data in context.
- Authentication recovery: Authentication recovery is the process used to restore account access after a lost factor, forgotten password, or lockout. It is often one of the weakest parts of the identity journey because it is designed for convenience as well as control. If recovery is weak, attackers can bypass stronger front-door authentication.
What's in the full article
Descope's full blog post covers the operational detail this post intentionally leaves for the source:
- The full breakdown of each customer authentication statistic and its business impact context.
- The underlying survey framing behind developer ownership, MFA coverage, and passkey adoption.
- The article's per-metric comparisons across auth friction, security posture, and user behaviour.
- The AI agent adoption and trust figures that support the article's forward-looking analysis.
Deepen your knowledge
NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.
Published by the NHIMG editorial team on 2025-12-15.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org