Notifications
Clear all
Topic starter
06/06/2026 11:11 am
TL;DR: Enterprises are deploying AI agents faster than they are building governance, with Gartner projecting 40% of enterprise applications will embed task-specific agents by end-2026, up from less than 5% in 2025. The core problem is structural: traditional IAM assumes stable identities and reviewable privilege, but agents act at runtime, chain decisions, and change access patterns too quickly for periodic controls to hold.
NHIMG editorial — based on content published by Strata Identity: agentic AI governance and identity orchestration for AI agents
By the numbers:
- Gartner projects that 40% of enterprise applications will embed task-specific AI agents by the end of 2026, up from less than 5% in 2025.
- Only 18% of MCP server deployments implement any form of access scoping for tool permissions.
- 96% of technology professionals identify AI agents as a growing security threat, and 66% believe this risk is immediate.
Questions worth separating out
Q: How should security teams govern AI agents that can use internal tools and APIs?
A: Security teams should govern AI agents at runtime, not just at provisioning or review time.
Q: Why do AI agents create more identity risk than traditional service accounts?
A: AI agents create more identity risk because they make decisions during execution, not only during setup.
Q: What breaks when MCP access is not centrally enforced?
A: When MCP access is not centrally enforced, agents can bypass the sanctioned protocol and reach the same data through alternative connectors or direct application paths.
Practitioner guidance
- Map every agent path to a distinct identity Assign each AI agent a separate, verifiable identity and stop using shared service accounts or hardcoded API keys for production workflows.
- Move access decisions to runtime enforcement Evaluate authorisation at the moment an agent invokes a tool, not during periodic certification.
- Put MCP behind a policy checkpoint Route every MCP request through an enforcement layer that validates identity and logs the call before the backend system sees it.
What's in the full article
Strata Identity's full analysis covers the operational detail this post intentionally leaves for the source:
- Runtime identity orchestration patterns for agent-to-agent and agent-to-tool workflows
- The MCP Proxy and Bridge enforcement model for authenticating tool requests before backend access
- How ephemeral token minting and OAuth OBO with DPoP support provenance-preserving delegation
- The Agentic Identity Sandbox used to test privilege drift and policy behavior under stress
👉 Read Strata Identity's analysis of agentic AI identity governance and MCP risk →
AI agent governance gaps: are your IAM controls keeping up?
Explore further
06/06/2026 11:51 am
Agentic AI identity risk is a runtime governance problem, not an access review problem. Access reviews assume identities are stable enough to be certified after the fact. Agents make and complete decisions too quickly for that model to hold. The implication is that identity programmes must stop treating review cadence as the primary control surface for machine action.
A few things that frame the scale:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, inappropriately sharing sensitive data, and revealing access credentials, according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: What should IAM teams do when agent-to-agent delegation is involved?
A: IAM teams should preserve provenance across the delegation chain and avoid credential handoffs that erase the original requester. Every downstream action should remain tied to the initiating subject, the task scope, and the policy that authorized it. That is what makes the workflow auditable and the accountability model defensible.
👉 Read our full editorial: Agentic AI identity risk is outrunning enterprise IAM controls
