AI agent authorization gaps: what IAM teams are missing

TL;DR: AI agents are exposing the long-standing authorization gap in enterprise IAM, where policy decisions were left inside application code and service-by-service logic, while Gartner says more than half of agentic AI initiatives will stall on unresolved identity and authorization questions. The practical lesson is that deterministic, centrally governed authorization is now a core control, not an implementation detail.

NHIMG editorial — based on content published by Cerbos: AI agent authorization gaps and runtime access control

By the numbers:

• Gartner tracked agent deployment in large enterprises going from around 11% in early 2025 to roughly 42% by late 2025.
• More than 95% of identities use less than 3% of the entitlements they have been granted.
• Only around 14% of organizations say they have adequate governance for agents today.

Questions worth separating out

Q: How should security teams govern authorization for AI agents in enterprise apps?

A: Security teams should centralize authorization in a policy decision layer, keep enforcement in the application or gateway, and make the rules deterministic, versioned, and testable.

Q: Why do AI agents expose IAM weaknesses that human users do not?

A: AI agents expose IAM weaknesses because they can generate high-volume, chained, cross-service actions at runtime, which breaks assumptions built around human-paced requests.

Q: What breaks when authorization remains inside application code?

A: When authorization stays in application code, policy logic fragments across teams, services drift from one another, and no single control point can explain or revoke access consistently.

Practitioner guidance

• Externalize high-risk authorization decisions Move privileged and agent-facing checks out of application code into a dedicated decision layer so the rules can be versioned, tested, and audited consistently across services.
• Map delegated access paths end to end Trace how a human request becomes agent activity, then service calls, then data access, so you can see where policy breaks as delegation expands across systems.
• Treat policy propagation as an incident response metric Measure how quickly authorization changes reach every enforcement point, because delayed revocation leaves a live window for agent-driven misuse.

What's in the full article

Cerbos' full blog post covers the operational detail this post intentionally leaves for the source:

• A practical explanation of the Policy Administration Point, Policy Decision Point, Policy Enforcement Point, and Policy Information Point roles in a live authorization stack
• Cerbos' view of how centralized control and decentralized enforcement work together across API gateways, service meshes, and application services
• The implementation path for moving authorization logic out of application code and into a policy decision layer without a full rebuild
• The author's argument for policy as code, open source decision points, and interoperability through the AuthZEN interface

👉 Read Cerbos' analysis of AI agent authorization and runtime access control →

AI agent authorization gaps: what IAM teams are missing?

Explore further

View Full Forum →  |  NHI Foundation Course →