Google Cloud-hosted agentic IAM exposes the new access governance gap

At a glance

What this is: JumpCloud’s Agentic IAM on Google Cloud is an identity governance update for human, non-human, and autonomous agents, with the key finding that AI agent access is outpacing formal IAM policy coverage.

Why it matters: It matters because IAM, PAM, and lifecycle teams now have to govern machine-speed access paths that span human operators, NHI credentials, and autonomous agents in one control model.

By the numbers:

• 66% of organizations now grant AI agents equal or greater system access than human users.
• Only 37% have fully integrated those agents into their formal IAM policies.

👉 Read JumpCloud's analysis of Agentic IAM on Google Cloud

Context

Agentic IAM is the governance problem created when AI agents can request, combine, and use access at machine speed across multiple systems. The issue is no longer just whether identities exist, but whether discovery, registration, authorisation, and audit can keep up with autonomous access paths that change during execution.

For identity programmes, this is a control-plane question, not a tool-selection question. Human IAM, NHI governance, and autonomous-agent oversight are now colliding in the same operational stack, which means access reviews, lifecycle controls, and zero-trust policy enforcement have to be designed for mixed identity populations rather than treated as separate programmes.

Key questions

Q: How should security teams govern AI agents that use enterprise applications and APIs?

A: Security teams should govern AI agents as identities, not as background features. That means assigning ownership, restricting scope, using short-lived credentials, and adding the agent to lifecycle and certification processes. The key test is whether the agent can be discovered, reviewed, and retired with the same discipline used for other production identities.

Q: When does agentic access create more risk than it reduces?

A: Agentic access becomes risky when the agent can reach systems faster than governance can confirm its purpose, scope, and owner. That is usually the point where access reviews, policy exceptions, and shared credentials no longer provide meaningful control. If the identity can move faster than the review process, the programme has lost visibility.

Q: What do IAM teams get wrong about lifecycle management for AI identities?

A: Teams often treat AI identities as temporary integrations rather than governed accounts. That leads to missing offboarding, unclear ownership, and access that survives the business use case. Lifecycle management needs joiner-mover-leaver logic for agents, including retirement rules, entitlement review, and audit trails that show who approved the access and why.

Q: Who should be accountable when an AI agent accesses the wrong resource?

A: Accountability should sit with the business owner of the agent, supported by IAM and platform teams that enforced the controls. If no owner can explain the agent's purpose, scope, and retirement plan, the access should not be considered governed. Frameworks such as zero trust and access certification only work when ownership is explicit.

How it works in practice

Discovery and registration of agentic access

Agentic IAM starts with discovering which agents exist, what systems they touch, and which entitlements they consume. In practice, discovery is difficult because agents may be provisioned through platform integrations, workflow layers, and protocol bridges such as MCP or A2A, rather than through a single directory object. Registration matters because unregistered agent access cannot be governed, reviewed, or retired cleanly. Once agents begin to operate across multiple applications, the identity inventory becomes dynamic rather than static, which changes how entitlement baselines are maintained.

Practical implication: build continuous discovery for agent identities and tie every discovered agent to an owner, policy, and lifecycle state.

Zero Trust controls for machine-speed identities

Zero Trust for agentic access is not just about network location or session authentication. It requires continuous verification of the requesting actor, the device or workload context, the token scope, and the action being attempted. Short-lived tokens, OIDC-backed federation, and policy gates reduce standing access, but they only work if the control plane can evaluate each request fast enough to match agent execution speed. If the review loop is slower than the agent’s decision loop, the control degrades into after-the-fact logging.

Practical implication: move from static trust assumptions to per-request authorisation and short-lived credentials for agent sessions.

Lifecycle governance for AI identities

Lifecycle governance for AI identities is the discipline of creating, modifying, certifying, and offboarding agent access with the same seriousness applied to human and machine identities. The challenge is that many organisations still treat AI agents as feature add-ons instead of governed identities with ownership, scope, and retirement rules. That creates shadow access, especially when agents are embedded in business workflows and connectors. Without lifecycle controls, the identity persists after the task, the pilot, or the business need has changed.

Practical implication: extend joiner-mover-leaver and access review processes to every agent identity before the first production workflow goes live.

NHI Mgmt Group analysis

Agentic IAM is becoming the control plane for mixed identity populations. JumpCloud’s announcement is less about a product feature than about the governance reality that human users, service identities, and autonomous agents are now sharing the same enterprise access fabric. That convergence matters because each identity type brings different lifecycle and privilege assumptions, yet practitioners still need one policy model that can see them all. The implication is that identity architecture can no longer be organised by legacy silos.

Access review cadences were designed for stable identities, not autonomous actors. The assumption that privilege persists long enough to be observed, certified, and revoked was built for human-paced or workload-paced access. That assumption fails when the actor is autonomous because access can be discovered, used, delegated, and abandoned within the same execution cycle. The implication is that review-based governance alone is no longer sufficient for agentic systems.

Unified identity control will increasingly decide which AI deployments are viable in production. Once organisations allow agents to touch operational systems, the question shifts from whether the model is useful to whether its identity can be governed, constrained, and audited at scale. That raises the bar for platform teams, but it also reduces the chance that AI adoption becomes a shadow access problem. Practitioners should treat identity control as a prerequisite for deployment, not an afterthought.

Agentic access exposes the limits of old NHI tooling assumptions. Traditional NHI controls were built around relatively bounded secrets, service accounts, and workload lifecycles. Autonomous agents can select actions, branch across tools, and change their own execution path, which makes simple entitlement inventories incomplete. The implication is that governance must shift from static entitlement tracking to runtime identity control that understands behaviour as well as assignment.

Identity blast radius becomes the decisive metric when agents can scale decisions faster than humans can intervene. The more systems an agent can reach, the more damage a single mis-scoped policy or overbroad token can create. This is where NHI governance and agentic AI governance converge: both disciplines are ultimately about limiting what a given identity can touch when something goes wrong. Practitioners should measure how far a compromised or misbehaving agent can spread before containment kicks in.

From our research:

• 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to Ultimate Guide to NHIs.
• Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them, according to Ultimate Guide to NHIs , Lifecycle Processes for Managing NHIs.
• For broader agent governance, see OWASP Agentic AI Top 10 for runtime identity and tool-use risk patterns.

What this signals

Agentic IAM is now a programme design problem, not a point-in-time product decision. The control question is whether your identity stack can discover, authorise, and retire AI agents at the same speed those agents operate. If not, the organisation will accumulate shadow access even when every individual integration appears approved.

Identity blast radius: this is the right concept for teams planning agent rollout at scale. The practical limit is not how many agents you can provision, but how far each agent can reach before containment, and that limit should shape policy design, not follow it.

For teams mapping this to standards, zero trust and agentic risk governance now converge in the same operational workflow. Using NIST AI Risk Management Framework alongside access policy reviews gives architects a cleaner way to align governance, ownership, and runtime controls.

For practitioners

• Map every agent to a named owner and lifecycle state Create a living inventory of AI agents, the applications they touch, and the business owner responsible for each agent's access and retirement. Require a lifecycle state for every agent so governance can distinguish pilots, production workflows, and decommissioned identities.
• Enforce short-lived access for agent sessions Replace durable credentials where possible with short-lived tokens and request-scoped authorisation checks. Keep the token scope narrow enough that an agent can complete its task without accumulating broad reusable access across systems.
• Extend access reviews to autonomous workflows Add agent identities to certification cycles, but review more than the entitlement list. Verify whether the workflow still needs the access, whether the data paths remain appropriate, and whether the agent is operating within its intended task boundary.
• Tie discovery to zero trust policy enforcement Do not allow discovered agent identities to sit outside policy. Bind discovery results to conditional access, audit logging, and approval workflows so new agents cannot reach production resources before governance catches up.

Key takeaways

• Agentic IAM is the point where AI access, NHI governance, and human IAM stop being separable operational problems.
• JumpCloud’s own figures show a policy gap: AI agents are already getting broad access in many organisations, but formal IAM coverage has not caught up.
• The practical response is to govern agents as identities with ownership, scope limits, and lifecycle controls before production use becomes routine.

Key terms

• Agentic IAM: Identity governance for AI agents that can act across enterprise systems with delegated or autonomous access. It combines discovery, registration, entitlement control, audit, and lifecycle management so agent identities can be governed like other production identities, but with tighter runtime oversight.
• Identity Blast Radius: The maximum practical damage an identity can create if its access is mis-scoped, misused, or compromised. For agentic and non-human identities, blast radius depends on scope, privilege depth, and how quickly governance can contain access across connected systems.
• Lifecycle Governance: The set of processes that create, change, review, and retire access across identities. For AI agents and other non-human identities, lifecycle governance must track ownership, business purpose, retirement, and entitlement drift so access does not outlive its need.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.

This post draws on content published by JumpCloud: New Service Hosted on Google Cloud Provides Discovery, Registration, and Governance of All Agentic Access for the Enterprise. Read the original.