Notifications
Clear all
Topic starter
09/06/2026 11:48 pm
TL;DR: AI agents are entering enterprises with no owner, no approval record, and no access review, while one survey found 74% of organisations already run credentialed AI agents or automations and 5% of security leaders cannot confirm whether agentic AI is present, according to SANS. The joiner problem is no longer theoretical: identity governance now has to treat agents as first-class subjects, not invisible integrations.
NHIMG editorial — based on content published by Opnova: Blog Joiner for AI Agents, the workforce nobody hired
By the numbers:
- 74% of organizations are already running AI agents or automations that require credentials.
- 5% of security leaders can't confirm whether agentic AI is running in their environment at all.
- Non-human identities like service accounts, API keys, bots, and AI agents grew 44% year-over-year between H1 2024 and H1 2025.
Questions worth separating out
Q: How should security teams onboard AI agents into identity governance?
A: Treat AI agents as first-class identities that must exist in a governance system before credentials are issued.
Q: Why do AI agents complicate Joiner workflows more than service accounts?
A: AI agents complicate Joiner because they are often created at engineering speed, with access embedded in code, workflow tools, or delegated scopes that bypass the HR-backed identity record.
Q: What breaks when AI agent ownership is missing?
A: When ownership is missing, the enterprise loses accountability, approval traceability, and a clear decommissioning trigger.
Practitioner guidance
- Create a governed identity record before issuance Require every AI agent to have an owning team, purpose, classification tier, and lifecycle state before any API key, service account, or OAuth grant is created.
- Gate provisioning on named human approval Block agent credential creation until a responsible human approves the request and confirms why the agent needs the requested scope.
- Set birthright access by task criticality Use the agent's intended function, system sensitivity, and segregation-of-duties impact to determine the minimum starting privilege.
What's in the full article
Opnova's full blog post covers the operational detail this post intentionally leaves for the source:
- The four-part Joiner/Mover/Leaver structure for AI agents and how each phase changes governance.
- Examples of how human Joiner steps map to agent approval, classification, and entitlement aggregation.
- The regulatory context for banks, insurers, healthcare systems, and critical infrastructure operators.
- The specific control questions regulators are likely to ask once agent inventories become audit targets.
👉 Read Opnova's blog on AI agent joiner and identity governance →
AI agent joiner workflows: what IAM teams are missing?
Explore further
10/06/2026 2:17 am
AI agent joiner exposes an inventory failure, not just an onboarding gap. The enterprise problem is not that agents are hard to provision, but that most programmes cannot prove they exist in the first place. When there is no canonical identity object, ownership record, or lifecycle state, Joiner becomes invisible at the exact point governance is supposed to begin. The implication is simple: discovery and authoritative registration are now part of Joiner, not a separate hygiene exercise.
A few things that frame the scale:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, inappropriately sharing sensitive data, and revealing access credentials, according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: Who should approve AI agent access and lifecycle decisions?
A: A named human owner should approve both provisioning and later lifecycle changes, because the agent itself cannot accept accountability. The approval chain should include the business purpose, system scope, and segregation-of-duties impact so the organisation can answer audit questions without reconstructing the event after the fact.
👉 Read our full editorial: AI agent joiner governance is breaking the enterprise identity model
