TL;DR: AI agents are exposing a structural authorization gap because enterprise identity stacks still prove who an identity is better than what it may do, and EnforceAuth says the problem grows as agent permissions expand across systems. The real failure is assuming static access models can govern runtime, per-action decisions for agents that act instantly and repeatedly.
NHIMG editorial — based on content published by EnforceAuth: AI Security · Identity & Access analysis of the AI agent authorization gap
By the numbers:
- 82 to 1 is the commonly cited ratio of non-human identities to human ones in most enterprises.
Questions worth separating out
Q: How should security teams govern AI agents that can act across multiple systems?
A: Security teams should govern AI agents with runtime authorization, not just identity proof.
Q: Why do AI agents expose gaps that traditional IAM reviews miss?
A: AI agents expose gaps because IAM reviews assume entitlements remain stable long enough to certify them.
Q: What breaks when authorization is only evaluated after an AI agent acts?
A: What breaks is prevention.
Practitioner guidance
- Audit the authorization boundary for every production agent Map each agent to the specific actions it can take, the systems it can reach, and the policy that allows each action.
- Replace static entitlements with policy-as-code enforcement Express agent permissions as versioned rules that can be tested before deployment and evaluated at the moment of action.
- Separate detection from prevention in AI control design Use alerts for investigation, but do not mistake them for authorization.
What's in the full article
EnforceAuth's full research covers the operational detail this post intentionally leaves for the source:
- The five-criteria evaluation checklist used to distinguish real enforcement from detection in agent control design
- The regulated-environment example showing how runtime authorization answers audit questions that static reviews cannot
- The article's reasoning on policy-as-code as the control model for per-action agent governance
- The contrast between authentication proof and actionable permission decisions in production AI deployments
👉 Read EnforceAuth's analysis of the AI agent authorization gap →
AI agent authorization gaps: are your controls keeping up?
Explore further
The Authorization Gap is the right name for what breaks in AI agent governance. The article correctly separates identity proof from permission enforcement, and that distinction is now the main control failure in agentic environments. Traditional IAM answered who with high confidence, then assumed roles and entitlements would govern the rest. That assumption weakens when agents expand their own access across systems and act at machine speed. Practitioners should treat runtime authorization as the governance boundary, not an auxiliary control.
A few things that frame the scale:
- Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them, according to the Ultimate Guide to NHIs.
- The same research also finds that 97% of NHIs carry excessive privileges, which is why permission scope, not just credential validity, now defines the attack surface.
A question worth separating out:
Q: Who is accountable for AI agent actions under regulated environments like DORA?
A: Accountability sits with the organisation that deploys and governs the agent, because regulators expect a defensible decision basis for each action. If the team cannot produce the policy, the inputs, and the version that allowed the action, then the control story is incomplete regardless of how well the agent authenticated.
👉 Read our full editorial: AI agent authorization gaps are exposing enterprise identity controls