AI agent identity sprawl is exposing IAM gaps in enterprise access

At a glance

What this is: This is 1Password’s summary of Omdia’s view that AI agents intensify identity sprawl and expose gaps in how enterprises provision, audit, and revoke access.

Why it matters: It matters because IAM, PAM, and NHI programmes now have to govern autonomous-seeming access patterns without relying on human authentication assumptions or static credential handling.

👉 Read 1Password's analysis of AI agent identity sprawl and access risk

Context

AI agent identity sprawl is the growth of machine identities that need access to multiple enterprise systems, often on the same terms as human users but without human authentication methods or review rhythms. In this case, the governance gap is not theoretical: existing IAM approaches were built for bounded accounts and predictable lifecycles, not agents that can create new identities whenever authentication is needed.

Omdia’s framing is useful because it connects app sprawl, device sprawl, and identity sprawl into one access problem. The arrival of AI agents turns that problem into a governance test for NHI, IAM, and PAM teams because the same access path can now be requested, reused, and expanded by software that does not fit classic user-account assumptions.

Key questions

Q: How should security teams govern AI agents that need access to multiple applications?

A: Treat each agent as a governed identity with explicit entitlements, audit trails, and revocation paths. Map every app connection, secret, and workflow step to an owner and a purpose. If the access cannot be scoped to a task and removed cleanly, the agent has been granted standing privilege, not controlled access.

Q: Why do AI agents complicate least privilege in enterprise IAM?

A: AI agents complicate least privilege because their access is often continuous, multi-tool, and task-shifting, while classic IAM assumes stable roles and predictable login sessions. That means access scope must be defined at runtime boundaries, not only at provisioning. Without that, least privilege becomes a label on excessive access rather than a real control.

Q: What do organisations get wrong about hardcoded credentials for AI agents?

A: They treat embedded credentials as a quick integration choice instead of a control compromise. Hardcoded secrets are difficult to rotate, easy to copy, and hard to trace once an agent starts using them across systems. The result is weak auditability and a larger blast radius if the credential is exposed or reused.

Q: How do identity teams decide whether an AI agent needs a separate governance model?

A: Use a separate model when the agent can operate continuously, touch multiple applications, and request or reuse access without a human approval gate for each action. Those behaviours break human IAM assumptions and require NHI-style lifecycle control with stronger visibility, tighter scoping, and explicit offboarding.

Technical breakdown

Why AI agents create identity sprawl

AI agents are not just another application integration. They behave like software that can request data, trigger workflows, and chain actions across tools, which means every integration point becomes an identity decision. The access burden expands quickly because the agent may need multiple credentials, multiple permissions, and persistent linkage to business systems. That creates sprawl at the identity layer, not just at the app layer. Traditional IAM often assumes a stable human operator behind each account, but agents can multiply identities faster than governance processes can track them.

Practical implication: inventory every agent-to-app relationship as an identity object, not just an integration.

Why hardcoded credentials fail for agentic access

Hardcoded credentials are a control failure because they collapse authentication, storage, and authorization into one brittle implementation choice. Once a password or API key is embedded in code or workflow logic, it becomes difficult to rotate, difficult to scope, and easy to reuse outside its intended boundary. For agents, that is especially dangerous because the software may operate continuously and touch sensitive systems without a human sitting in the loop. A plaintext secret also breaks auditability, since the credential can outlive the task and the operator who created it.

Practical implication: eliminate embedded secrets from agent workflows and replace them with centrally governed credential handling.

How continuous access changes least privilege

Least privilege for AI agents is different from least privilege for people because the access window is not tied to a workday or login session. Agents may operate continuously, switch between tools, and request data at machine speed, which makes standing access especially risky. The control challenge is not simply how much access exists, but whether the access scope can be tied to a specific task and revoked cleanly after use. In practice, this pushes IAM teams toward time-bound, auditable access models that can survive rapid agent activity without creating permanent privilege.

Practical implication: define task-scoped access boundaries for agents and make revocation part of the workflow, not an afterthought.

Threat narrative

Attacker objective: The objective is to abuse agent-enabled access to reach sensitive business data, trigger unauthorized actions, or expose high-value credentials.

1. Entry occurs when developers give AI agents broad access to applications and sensitive data through embedded credentials or weakly governed integrations.
2. Escalation follows as the agent reuses those credentials across multiple systems, expanding access beyond the original task boundary and creating audit gaps.
3. Impact emerges when unauthorized actions, data leakage, or fraudulent workflow execution occurs without a clear human trace to contain or explain the damage.

Breaches seen in the wild

• Moltbook AI agent keys breach — Moltbook breach exposed 1.5M AI agent keys.
• AI LLM hijack breach — attackers used stolen AWS access keys to hijack Anthropic LLM models on Bedrock.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Identity sprawl is no longer just an inventory problem. AI agents turn identity sprawl into a control-plane issue because each new tool connection becomes a new identity dependency, not just another app link. Omdia’s framing is directionally right, but the deeper point is that governance teams are now dealing with identities that can multiply during runtime rather than at onboarding. The practitioner takeaway is that discovery, entitlement mapping, and de-provisioning must move at the same tempo as agent activity.

Hardcoded credentials are a governance failure, not a convenience shortcut. The article makes clear that embedding secrets into agent workflows creates exposure, weak traceability, and poor revocation options. That failure mode is especially serious for NHI governance because the same secret can be copied into code, pipelines, and agent prompts with no clean offboarding event. Practitioners should treat plaintext credential use as an architectural exception that should not survive production adoption.

Time-bound access is the minimum viable control for agentic identity. Agents do not fit human login assumptions, and they do not fit static service-account assumptions either when they continuously move across tools. That means access governance has to be tied to task completion, not calendar cycles. For NHIMG, this is a classic NHI control gap: access that outlives the task becomes standing privilege by another name.

Agentic AI security is becoming a test of identity programme maturity. The organisations that can distinguish between human identity controls, NHI controls, and agentic workflows will reduce risk faster than those trying to stretch one model across all three. Omdia’s argument validates a broader market shift toward access governance that is auditable, contextual, and lifecycle-aware. The practitioner conclusion is that AI agent security now belongs in the identity operating model, not in an isolated innovation track.

From our research:

• 71% of NHIs are not rotated within recommended time frames, increasing the risk of compromise over time, according to Ultimate Guide to NHIs.
• Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them.
• That gap is why the Top 10 NHI Issues remains a useful next reference for teams building lifecycle controls for agent identities.

What this signals

Identity sprawl is becoming a lifecycle problem before it becomes a tooling problem. Once agents start appearing in production workflows, teams need a clear catalogue of who owns the access, which secrets are involved, and what offboarding looks like. Without that, agent governance becomes a series of exceptions that are hard to certify later and even harder to unwind.

The control gap is visible in the numbers: 71% of NHIs are not rotated within recommended time frames, according to the Ultimate Guide to NHIs. That tells IAM leaders the challenge is not only creating agent access, but ensuring the access can be retired before it becomes permanent operational debt.

Task-scoped access will become the baseline expectation for agentic workflows. Teams that can tie credentials to a discrete job, a named owner, and an auditable expiry point will have a cleaner path to scale. Those that cannot will keep inheriting standing privilege through automation, which is exactly the pattern governance programmes are meant to eliminate.

For practitioners

• Map every agent integration as a governed identity Document each agent, tool, credential, and approval path as a distinct identity relationship so security teams can see where access starts, expands, and ends.
• Remove embedded secrets from agent workflows Replace plaintext API keys and passwords with centrally managed credentials so agents never authenticate through copied secrets in code or prompts.
• Bind access to task completion Use time-bound access, explicit revocation, and auditable handoff points so agent permissions expire when the work is done, not when someone remembers to review them.
• Separate human, NHI, and agent governance Do not force one access model across all identity types. Define where human authentication, service-account control, and agentic workflow governance differ in practice.

Key takeaways

• AI agents expand identity sprawl because they need broad, multi-system access that existing IAM models were not built to govern well.
• The main risk is not only access volume but uncontrolled credential handling, weak traceability, and poor revocation when agent workflows go live.
• Identity teams should treat agent access as task-scoped, auditable, and lifecycle-managed, or else it becomes standing privilege in disguise.

Key terms

• Agentic AI Identity: An identity used by an AI system that can make runtime decisions and act across tools, data sources, or workflows. In practice, it must be governed like a non-human identity with tighter scope control, stronger auditability, and clearer offboarding than a typical application account.
• Identity Sprawl: The uncontrolled growth of identities, permissions, and access paths across an environment. For AI agents, identity sprawl happens when each new tool connection or workflow creates another governed object that security teams must track, review, and revoke.
• Hardcoded Credential: A secret, such as an API key or password, embedded directly in code, workflow logic, or configuration. It is risky because it is hard to rotate, easy to copy, and often impossible to trace once multiple systems or agents begin reusing it.
• Task-Scoped Access: Access granted for a specific job, workflow, or objective rather than as an enduring entitlement. For agents, task-scoped access is the practical way to keep permissions aligned to purpose, reduce standing privilege, and make revocation part of normal operations.

Deepen your knowledge

NHI Foundation Level course, the industry's only accredited NHI security programme, covers NHI governance, agentic AI identity, and machine identity security. If you are responsible for identity strategy, access governance, or lifecycle control, it is worth exploring.

This post draws on content published by 1Password: AI agent identity sprawl and access risk in extended access management. Read the original.