TL;DR: Agentic AI systems plan, remember, and execute across enterprise systems, creating four attack paths through poisoned training data, compromised vector databases, ungoverned agent identity, and cascading bad state, according to Commvault. Traditional human-centric IAM and recovery models do not account for machine-speed delegation, context corruption, or state consistency across agents.
NHIMG editorial — based on content published by Commvault: Key Takeaways on agentic AI security risks and identity governance gaps
By the numbers:
- 80% of identity breaches involved compromised non-human identities such as service accounts and API keys.
- Only 5.7% of organisations have full visibility into their service accounts.
- NHIs outnumber human identities by 25x to 50x in modern enterprises.
Questions worth separating out
Q: What breaks when AI agents are governed like normal software accounts?
A: You lose visibility into delegation, runtime scope changes, and machine-speed action chains.
Q: Why do AI agents complicate zero trust and least privilege?
A: Because the useful access decision is no longer a static entitlement question.
Q: How do security teams know if an agentic AI system is actually governed?
A: Look for evidence that identity, retrieval, and state are jointly controlled.
Practitioner guidance
- Classify every production AI agent as a governed identity Map each agent to an owner, purpose, permitted tools, and revocation path.
- Treat retrieval layers as protected control assets Apply access controls, integrity monitoring, and audit logging to vector databases and related context stores.
- Extend recovery playbooks to identity and state Test whether you can restore not only models and data but also active agent permissions, delegation chains, and state lineage.
What's in the full article
Commvault's full post covers the operational detail this analysis intentionally leaves for the source:
- A deeper breakdown of the four agentic AI threat vectors and how each one manifests in production.
- Examples of how state inconsistency spreads across multi-agent workflows and complicates recovery.
- The source article's full FAQ section on agentic AI security, identity, and resilience.
- Additional context on why current security frameworks miss retrieval and delegation failures.
👉 Read Commvault's analysis of agentic AI security risks and identity gaps →
Agentic AI identity risk is outpacing current IAM controls?
Explore further
Agentic AI identity governance is now a structural access problem, not a model-only problem. Once agents plan, remember, and act across systems, the control question shifts from what the model says to what the identity can do. That breaks the old boundary between AI security and IAM. Practitioners need to treat agent identity, not just prompt safety, as part of the control plane.
A few things that frame the scale:
- 80% of identity breaches involved compromised non-human identities such as service accounts and API keys, according to the Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, which helps explain why machine identity risk is so often discovered late rather than governed early.
A question worth separating out:
Q: Who owns risk when an AI agent causes production impact?
A: The risk sits with the organisation that granted the agent authority, not with the model alone. Ownership should span the system owner, identity team, data owner, and security operations function because agentic behaviour crosses those boundaries. If no named owner can revoke, review, and recover the agent, accountability is incomplete.
👉 Read our full editorial: Agentic AI identity governance gaps are widening across enterprise systems