Agent swarms expose a shared-state governance gap, not just an automation problem. The article shows that the hard part is not orchestration scale, but how authority is expressed when many agents coordinate through files. That makes the real control question one of identity, scope, and revocation across a shared workspace. Practitioners should treat swarm coordination as an access-governance problem, not a tooling feature.
A few things that frame the scale:
- Organisations maintain an average of 6 distinct secrets manager instances, creating fragmentation that undermines centralised control, according to The State of Secrets in AppSec.
- 43% of security professionals are concerned about AI systems learning and reproducing sensitive information patterns from codebases.
A question worth separating out:
Q: What is the difference between a filesystem workspace and an identity control plane?
A: A filesystem workspace stores and shares artifacts, while an identity control plane decides who or what may access those artifacts and for how long. The workspace manages coordination. The identity layer manages authority, attribution, and revocation, which is what production swarms actually need.
👉 Read our full editorial: AI agent swarms need identity controls beyond shared filesystems