Live insights briefing on AI agent identity risk

At a glance

What this is: This is a live insights briefing on survey findings about AI agent identity risk and the control gaps enterprises are facing.

Why it matters: It matters because IAM teams are being asked to govern autonomous software identities with access patterns that were not designed into legacy controls.

By the numbers:

• The briefing is based on insights from 400 global security and IT leaders.

👉 Register for Akeyless and MRA Research's live briefing on AI agent identity risk

Context

AI agent identity risk is the governance gap that appears when autonomous software is granted access, tools, and execution authority without the control model keeping pace. In this case, the briefing is anchored in findings from a survey of 400 global security and IT leaders, which makes it a useful trigger for discussing how enterprise IAM changes as agents become operational.

The core issue is not whether AI agents need access. It is whether organisations can scope, review, and revoke that access with enough precision to keep blast radius under control. For practitioners, the question is how existing identity processes handle machine-speed decision-making, ephemeral privilege, and delegated tool use without losing visibility.

Key questions

Q: How should organisations govern AI agent identities before they spread across the enterprise?

A: Start by treating each AI agent as a non-human identity with an owner, a purpose, and a review cycle. Grant the minimum access needed for the task, log every tool use, and make revocation fast enough to match the agent's speed. If you cannot review or remove access quickly, the governance model is incomplete.

Q: What is the difference between governing an AI agent and governing a service account?

A: A service account usually supports a stable workload, while an AI agent can change behaviour, choose actions, and invoke tools dynamically. That means the control focus must extend beyond static credentials to task boundaries, policy checks, and continuous oversight. The difference is not just automation, but decision-making authority.

Q: Why do AI agents create more identity risk than conventional automation?

A: AI agents can combine autonomy, broad tool access, and rapid execution in ways that expand blast radius faster than humans can intervene. Conventional automation follows a fixed path, but agents may branch, retry, or improvise within permitted tools. That makes scope control and revocation timing far more important.

Q: Should security teams require just-in-time access for AI agents?

A: Yes, when the agent's task is time-bound and the environment can enforce short-lived entitlements. JIT access reduces standing privilege, but it only works if the organisation can define the task clearly, monitor usage in real time, and revoke access automatically when the job ends. Otherwise, the process becomes theater.

NHI Mgmt Group analysis

AI agent identity risk is becoming an identity governance problem, not a niche AI problem. Once agents can act across tools and systems, the security question shifts from model behaviour to access boundaries, reviewability, and revocation. That moves the issue squarely into IAM, PAM, and workload identity governance. Practitioners should treat agents as identities with operational consequences, not as software features.

The most dangerous failure mode is over-scoping access before teams understand the agent's real task boundary. When access is granted too broadly, every downstream action becomes harder to attribute, contain, and reverse. That is why agent identity design must start from least privilege and lifecycle control, not from convenience. The practical conclusion is simple: scope first, automate later.

Ephemeral agent behaviour creates what we can call identity blast radius. That is the combined risk that comes from speed, autonomy, and broad entitlements acting together. If access review and rotation processes are slow, the organisation is effectively accepting continuous exposure. Practitioners should measure how quickly agent access can be reduced, not just how quickly it can be granted.

Survey-driven AI governance is now a signal that the market is standardising around the control problem, not the novelty problem. As more vendor briefings and research reports focus on the same risks, the field is moving toward common language around privilege, visibility, and accountability. That should push teams to compare policies, not marketing claims, and to align agent governance with broader identity architecture.

Existing IAM programmes will only cope if they extend lifecycle thinking to agents. Agent onboarding, entitlements, monitoring, and offboarding need to be treated as a single control chain. Teams that still separate AI experimentation from identity governance will create blind spots. The practitioner takeaway is to fold agent identity into normal governance, instead of building a parallel process.

From our research:

• Only 44% of organisations have implemented any policies to manage their AI agents, despite 92% agreeing that governing AI agents is critical to enterprise security, according to The 2026 Infrastructure Identity Survey.
• 69% of security leaders agree identity management must fundamentally shift to address agentic AI systems, according to The 2026 Infrastructure Identity Survey.
• For deeper context on the control model behind this shift, see OWASP NHI Top 10 and map agent governance to NIST AI Risk Management Framework principles.

What this signals

Identity blast radius is the right mental model for agentic risk. When an AI agent can take multiple actions under a single identity, the size of the potential failure is determined by privilege scope, not by model accuracy alone. With 70% of organisations granting AI systems more access than human employees, the governance gap is already structural rather than hypothetical. Teams should measure how far an agent can move when one entitlement fails.

The next control question is whether the organisation can reverse an agent's authority as quickly as it can grant it. That is why lifecycle management, access review, and revocation paths must be designed together. Where those steps are split across different teams, the response time will lag the speed of agentic execution.

Security programmes should align agent governance with external control frameworks instead of inventing ad hoc policies. The OWASP Agentic AI Top 10 and NIST AI Risk Management Framework both reinforce the same direction: constrain autonomy, narrow privileges, and make accountability auditable.

For practitioners

• Define agent identity ownership Assign a named business and security owner for every AI agent that can authenticate, call tools, or write data. Ownership should include access approval, periodic review, and emergency revocation paths so agent activity never sits in an unmanaged gap.
• Scope agent access by task Map each agent to a narrow task boundary and grant only the minimum tool and data access needed to complete that task. Revisit the grant whenever the workflow changes, because agent capability creep usually starts with small exceptions.
• Add lifecycle controls to agent accounts Treat agent accounts like any other non-human identity by enforcing onboarding, review, rotation, and offboarding steps. Use the same governance calendar you apply to service accounts so agent privileges do not persist beyond the use case.
• Instrument agent activity for reviewability Log which identity, tool, and policy decision led to each agent action. That evidence is necessary when teams need to investigate overreach, explain automated changes, or prove that access was still justified at the time of execution.

Key takeaways

• AI agents are now identity governance subjects, not just AI features, because they operate with access that can alter systems and data.
• Survey evidence shows the policy gap is already large, which means unmanaged agent access is becoming a routine control failure rather than an edge case.
• Practitioners should fold AI agents into standard IAM and lifecycle controls now, because waiting for a dedicated model will only widen the blast radius.

What to expect at the briefing

Akeyless's live briefing covers what practitioners need to hear directly:

• Live discussion of the 2026 State of AI Agent Identity Security report with survey findings from 400 global security and IT leaders
• Speaker perspectives from Callum Budd of MRA Research and Suresh Sathyamurthy of Akeyless on where identity controls are breaking down
• Practitioner-focused discussion of where AI agent identity risks are increasing and how teams are responding
• A direct look at the survey's best-practice recommendations for securing AI agents at scale

👉 The full briefing includes the survey findings, speaker discussion, and the next-step guidance for security teams.

Deepen your knowledge

AI agent identity risk and lifecycle governance are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If your team is building controls for autonomous access, the course maps directly to that starting point.