TL;DR: Agentic AI is already active in IT operations for 66% of organisations, while 56% report shadow AI issues at least monthly, according to Delinea's 2025 AI in Identity Security report. Traditional RBAC and static access models are not built for AI-to-AI credential exchange, auditable identity mapping, or intent-aware privilege control.
NHIMG editorial — based on content published by Delinea: Agentic AI Security: Building the next generation of access controls
By the numbers:
- 66% of organizations actively use Agentic AI in IT operations.
- 56% encounter shadow AI issues at least monthly.
- 30.9% of organizations store long-term credentials directly in code.
Questions worth separating out
Q: How should security teams govern agentic AI access without relying on static RBAC?
A: Security teams should govern agentic AI with task-scoped entitlements, explicit ownership, and high-risk action gates rather than broad static roles.
Q: Why do agentic AI systems create more IAM risk than ordinary automation?
A: Agentic systems create more IAM risk because they can alter their behaviour during execution, choose actions dynamically, and interact with multiple systems without a human following each step.
Q: What do security teams get wrong about shadow AI governance?
A: Teams often treat shadow AI as a discovery issue only, but unmanaged agents also break ownership, attestation, and offboarding processes.
Practitioner guidance
- Inventory every agent identity and delegated credential Map AI personas, agent IDs, tokens, and certificates to owners, purposes, and system boundaries.
- Replace standing roles with task-scoped entitlements Use policy-based access that binds privileges to approved tasks, sensitivity levels, and execution windows.
- Add human approval gates for privileged AI actions Require real-time approval before agents can reach high-impact systems or perform destructive changes.
What's in the full article
Delinea's full blog covers the operational detail this post intentionally leaves for the source:
- Step-by-step guidance for AI-to-AI credential brokering across machine-to-machine workflows
- Practical examples of visual digital identity mapping for AI personas, agent IDs, and model metadata
- A five-step roadmap for discovery, guardrails, JIT access, intent validation, and monitoring
- PAM-oriented handling of high-risk agent actions, including human approval before execution
👉 Read Delinea's analysis of agentic AI security and access controls →
Agentic AI security: what access controls do IAM teams need now?
Explore further
Identity-centric security is now the only workable baseline for agentic AI. Static RBAC assumes the access pattern is known before execution and remains stable long enough to govern through provisioned roles. Agentic systems break that assumption because they can alter tool use and access paths at runtime. The implication is that access governance must be tied to identity, task, and observable intent rather than to a fixed label on the workload.
A few things that frame the scale:
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to Ultimate Guide to NHIs.
- 91.6% of secrets remain valid five days after the targeted organisation is notified, showing that remediation lag is still a structural weakness in identity governance.
A question worth separating out:
Q: Who should approve high-risk actions performed by AI agents?
A: High-risk AI actions should be approved by a human control owner or a delegated authority operating through PAM, especially when the action can affect production, secrets, or sensitive data. Approval should happen before the sensitive action executes, and the approval rule should be tied to the specific risk level, not the general identity of the agent.
👉 Read our full editorial: Agentic AI security needs identity-centric access controls