TL;DR: AI agents often surface as programmatic identities tied to OAuth, API tokens, or service accounts, and Token Security argues that discovery must combine platform logs, credential data, and ownership context to make them governable. The real issue is not just visibility but the collapse of assumptions that access, intent, and accountability remain stable enough for conventional IAM and review cycles.
NHIMG editorial — based on content published by Token Security: How to Discover and Manage Identity in the Age of Autonomous Systems
By the numbers:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%).
- Only 5.7% of organisations have full visibility into their service accounts.
- 92% of organisations expose NHIs to third parties, raising concerns about supply chain security.
Questions worth separating out
Q: How should security teams discover AI agents in enterprise environments?
A: Security teams should correlate identity and runtime signals across OAuth grants, API traffic, cloud logs, secrets stores, and code repositories.
Q: Why do AI agents create a different governance problem from normal workloads?
A: AI agents create a different governance problem because they combine programmatic credentials with flexible, runtime decision-making.
Q: What breaks when AI agents are not included in identity inventory processes?
A: When AI agents are excluded from inventory processes, teams lose visibility into who owns them, what they access, and whether they still need access at all.
Practitioner guidance
- Correlate discovery across identity and runtime sources Join OAuth grant records, API gateway logs, cloud audit trails, vault activity, and code repository signals so agent identities can be confirmed from multiple angles rather than from a single alert stream.
- Require ownership before access is left in place Map every discovered AI agent to a named business owner and a documented purpose, then remove or quarantine credentials that cannot be tied to a legitimate operational need.
- Right-size agent permissions to actual behaviour Compare the systems an agent really touches with the scope implied by its tokens, service accounts, and OAuth grants, then narrow access where the observed behaviour exceeds the stated use case.
What's in the full article
Token Security's full blog covers the operational detail this post intentionally leaves for the source:
- Step-by-step discovery inputs across SaaS, cloud, code repositories, and runtime telemetry for locating AI agents.
- Practical examples of naming, tagging, and log sources that help distinguish agents from ordinary automation.
- A structured approach to prioritising discovered agents by business ownership, crown-jewel access, and risk.
- FAQ examples showing how the vendor frames agent inventory, shadow AI, and unmanaged access in practice.
👉 Read Token Security's guide to discovering and managing AI agent identities →
AI agent discovery and inventory: what IAM teams need now?
Explore further
AI agent discovery is becoming an identity inventory problem, not a tooling problem. The article is right to focus on logs, token use, and ownership because autonomous systems rarely present themselves as a neat application object. The real governance task is to reconcile what the agent is doing with who owns it and which programmatic identity gives it reach. Practitioners should treat discovery as the front end of lifecycle control, not a one-time scan.
A few things that frame the scale:
- Only 5.7% of organisations have full visibility into their service accounts, according to Ultimate Guide to NHIs.
- 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures.
A question worth separating out:
Q: How should organisations govern AI agents after they are discovered?
A: Organisations should place AI agents under the same lifecycle controls used for other non-human identities. That means assigning ownership, validating least privilege against actual usage, reviewing access on a recurring basis, and revoking credentials when the agent is retired or repurposed. Governance only works when discovery is followed by sustained lifecycle control.
👉 Read our full editorial: Identity discovery for autonomous systems is becoming a governance gap