AI agents are outpacing identity governance in the enterprise

At a glance

What this is: C1’s survey says autonomous AI agents have moved into production at most large enterprises, while visibility and governance controls lag behind the new operating model.

Why it matters: IAM teams now have to govern AI agents alongside service accounts and human users, which means approval workflows, visibility, and access review models all need rework.

By the numbers:

• 95% of organizations report AI agents performing IT or security tasks autonomously, compared to 96% that said they planned to operationalize agents just one year ago.
• 80% of organizations experienced at least one identity-related breach in the past year, with phishing and social engineering (52%) and malware or ransomware (46%) leading attack vectors.
• 47% of organizations report more non-human identities than human users, yet only 22% say they have full visibility into those identities.
• 91% of organizations increased IAM spending, signaling that identity security is becoming a foundational control as autonomous systems expand.

👉 Read ConductorOne's 2026 Future of Identity Report on autonomous AI agents

Context

AI agent identity risk is no longer an emerging edge case. C1’s survey describes a workplace where autonomous software is already performing operational tasks through delegated access, which means identity control points now have to account for machine-speed decisions as well as human approval flows.

That shift matters because traditional IAM programmes were built around stable subjects, predictable request paths, and review cycles that assume access persists long enough to be observed. Once agents begin selecting actions at runtime, the governance problem becomes less about entitlement assignment and more about controlling what the actor can do in motion.

For practitioners, this is a non-human identity problem first and an agentic AI problem second. The immediate question is not whether AI exists in the environment, but whether the identity layer can distinguish human intent, service identity scope, and autonomous execution authority with enough precision to govern all three.

Key questions

Q: How should security teams govern AI agents that act autonomously in enterprise systems?

A: Treat autonomous agents as runtime identity subjects with explicit scope, expiration, and ownership. The controls that matter most are task-bounded permissions, clear tool entitlements, and logging tied to each action path. If an agent can act without human approval, governance must happen before and during execution, not only in later reviews.

Q: Why do autonomous AI agents create more identity risk than ordinary automation?

A: Ordinary automation follows a fixed script, while autonomous agents can choose actions and timing inside a session. That makes entitlement scope, delegation chains, and auditability less predictable. The risk grows when an agent can expand beyond the original request and reach systems that were never intended for that task.

Q: What breaks when access reviews are used to govern AI agents?

A: Access reviews fail when they are asked to govern access that may only exist briefly or may change mid-session. By the time a review happens, the risky action may already be complete. Reviews still matter for ownership and policy validation, but they do not replace runtime controls for autonomous behaviour.

Q: What does unified governance across human, non-human, and AI identities change for IAM teams?

A: It replaces separate control silos with one identity inventory, one ownership model, and differentiated policy depth by actor type. That helps teams see which identities are human, machine, or autonomous, and apply the right lifecycle, review, and approval model without leaving gaps between programmes.

Technical breakdown

Autonomous AI agents as identity subjects

When an AI agent performs work autonomously, it is not just a tool consumer. It becomes an identity subject that can act, delegate, and request resources through enterprise systems. That changes the control plane: access is no longer only about who authenticated, but also about what runtime authority was granted, how long it remained valid, and whether the actor could initiate new actions without a human approval gate. In identity terms, the agent sits closer to a non-human identity with dynamic behaviour than to a traditional application service account. The governance challenge is that the actor can move between systems during a single task, creating a wider and less predictable access path than static automation.

Practical implication: classify agents explicitly in identity inventories and govern them as runtime actors, not as ordinary application integrations.

Why human approval workflows break under AI-speed operations

Human-centred governance assumes there is time to request, approve, log, and recertify access before the action completes. Autonomous agents compress those steps into a single execution window, which means review artefacts may arrive after the action is already done. That creates a mismatch between the pace of identity governance and the pace of machine execution. In practice, this is where standing entitlements, broad tool permissions, and delayed certification cycles become risky. The problem is not only over-privilege. It is the fact that the governance event is scheduled while the security event is live.

Practical implication: move high-risk agent actions into pre-authorised, tightly scoped controls that can be enforced at execution time.

Identity sprawl across service accounts, API keys, and agents

The report’s agent findings sit inside a broader identity sprawl problem. Service accounts, API keys, automation workflows, and AI agents all expand the non-human identity estate, but many organisations still lack full visibility into those identities or the privileges they carry. That matters because the same governance blind spots that affect a dormant service account also affect an active agent, except the agent may change state mid-session. The result is a shared control failure across the machine identity stack: incomplete inventory, weak auditability, and long-lived credentials that outlast the business need they were created for.

Practical implication: build one inventory and one review process for all non-human identities, then segment control depth by actor behaviour and privilege level.

Threat narrative

Attacker objective: The objective is to exploit over-delegated identity paths so autonomous or compromised actions can reach systems, data, or operations beyond intended scope.

1. entry: AI agents gain legitimate access through delegated enterprise integrations and authorised system connections rather than through overt compromise.
2. escalation: Runtime activity expands beyond the original human request when the agent reaches additional tools, data sets, or operations that were not tightly bounded at provisioning time.
3. impact: Excessive or poorly governed delegation creates identity-related breach conditions, audit blind spots, and operational actions that occur outside the intended control boundary.

Breaches seen in the wild

• Moltbook AI agent keys breach — Moltbook breach exposed 1.5M AI agent keys.
• AI LLM hijack breach — attackers used stolen AWS access keys to hijack Anthropic LLM models on Bedrock.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Autonomous AI agents turn identity governance into a runtime control problem. Access reviews, certification cycles, and human approval workflows were designed for access that persists long enough to be observed and remediated. That assumption fails when an autonomous actor can select actions and execute them inside a single operational window. The implication is not simply more governance, but a redesign of the decision model that governs action as it happens.

Unified governance across human, NHI, and AI identities is no longer optional. C1’s data shows enterprises are already running mixed identity estates where non-human identities outnumber human users in many environments. That makes separate governance tracks for people, service accounts, and agents increasingly brittle. Practitioners need one identity control plane with different policy depth by actor type, or risk leaving the machine side of the estate outside the programme boundary.

AI agent identity risk exposes the limit of human-paced security operations. The rise of autonomous execution compresses request, approval, and use into a pattern that traditional IAM reporting was never built to capture. When the actor is autonomous, visibility alone is insufficient unless it is tied to runtime authority and task scope. Security teams should treat this as a governance re-baselining moment, not a tooling tweak.

Ephemeral delegation is creating identity blast radius that most programmes still cannot measure. The problem is not just how many identities exist, but how far each identity can reach before controls react. That is especially true when agents inherit tools and permissions through chained delegation. Practitioners should assume the blast radius of one poorly bounded agent session can extend across systems faster than a review cycle can close it.

Agentic enterprise adoption is accelerating a category shift in identity security tooling. The market is moving from human-first IAM and point NHI controls toward unified governance models that can observe, authorise, and audit autonomous behaviour. That does not mean every organisation needs the same architecture on day one. It does mean the old division between IAM for people and ad hoc controls for machines is breaking down.

From our research:

• 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%), according to AI Agents: The New Attack Surface report.
• 52% of organisations say they can track and audit the data their AI agents access, leaving 48% with a compliance and investigation blind spot.
• That same research also shows 98% of companies plan to deploy even more AI agents within the next 12 months, which makes governance redesign a near-term requirement rather than a future project.

What this signals

Ephemeral delegation debt: enterprises are accumulating access paths for AI agents faster than their identity programmes can inventory or review them. With 95% of organisations already running autonomous agents for operational tasks, the governance problem is now about containing machine-issued actions before they outrun human review cycles.

The practical signal for IAM leaders is that non-human identity governance and agent governance are converging into the same control plane. The right response is to treat agent scope, service account scope, and lifecycle offboarding as one operational discipline, then apply tighter runtime rules where autonomy exists.

Security teams that already rely on the Ultimate Guide to NHIs should extend that model with agent-specific policy boundaries and audit evidence. The shift is not theoretical, and the market data suggests adoption pressure will keep rising as organisations normalize autonomous execution.

For practitioners

• Inventory autonomous agents separately from generic automation Create a distinct classification for AI agents that perform operational work without human approval gates. Record their tool access, data reach, execution scope, and owning team so the identity estate reflects runtime behaviour, not just application ownership.
• Bind agent privileges to task scope and expiration Limit each agent to the smallest reachable set of systems needed for the task and make that access expire at task completion. Do not let broad standing access survive between runs, especially where an agent can initiate its own follow-on actions.
• Rework access reviews for machine-speed actions Use reviews to validate policy design, ownership, and exception handling rather than to chase actions that already completed. For agents, the meaningful control is the boundary set before execution, not the retrospective certification cycle.
• Unify governance for service accounts and AI agents Put service accounts, API keys, and autonomous agents under one lifecycle and audit model, then add actor-specific controls for approval, logging, and revocation. This avoids leaving agent access outside the same offboarding and recertification discipline applied to other non-human identities.

Key takeaways

• AI agents are now operational actors in enterprise identity estates, so governance has to follow runtime behaviour rather than human review rhythms.
• The survey’s scale matters: 95% autonomous agent adoption, 80% identity-related breaches, and only 22% full NHI visibility point to a control gap, not a pilot problem.
• IAM teams should unify human, NHI, and agent governance while tightening task scope, expiration, and auditability around autonomous execution.

Key terms

• Autonomous AI Agent: A software identity that can decide what action to take, which tool to use, and when to execute without waiting for a human approval step. In identity governance, that means the actor must be managed as a runtime subject with bounded scope, auditable actions, and explicit ownership.
• Identity Blast Radius: The total reach an identity has across systems, data, and operations before controls limit or stop it. For autonomous and non-human identities, blast radius is shaped by delegation scope, standing privilege, and how quickly access can be revoked or expired during a task.
• Runtime Governance: The control discipline that evaluates and constrains access while an identity is active, not only at provisioning or review time. It matters most when the actor can make independent decisions during execution, because retrospective controls may arrive after the risky action is complete.
• Non-Human Identity: Any machine or software identity used to access systems, including service accounts, tokens, API keys, certificates, bots, workloads, and AI agents. These identities often carry privileges that outlast business need, which makes lifecycle, visibility, and revocation central governance concerns.

Deepen your knowledge

AI agent governance and identity blast radius are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If your programme still treats autonomous systems like ordinary automation, the course is a practical place to reset the model.

This post draws on content published by ConductorOne: Future of Identity Report finds enterprises rapidly operationalizing AI agents while governance gaps widen. Read the original.