TL;DR: AI agents in enterprise environments created risk through inherited permissions, tool invocation, data movement, and runtime behaviour, according to Zenity’s 2025 year-in-review. The governance gap is that traditional IAM and monitoring models were built for stable identities and not for agents that decide and act during execution.
NHIMG editorial — based on content published by Zenity: Zenity 2025 Year in Review, Building AI Security for the Enterprise
By the numbers:
- 72% of organisations have experienced or suspect they have experienced a breach of non-human identities - 46% confirmed, 26% suspected.
Questions worth separating out
Q: How should security teams govern AI agents that inherit enterprise permissions?
A: Treat the agent as a non-human identity with runtime behaviour, not just as a model wrapper.
Q: Why do AI agents complicate traditional IAM and PAM controls?
A: Because traditional IAM and PAM assume access is relatively stable and reviewed over time.
Q: What breaks when agent visibility is not paired with runtime enforcement?
A: Teams can see that an agent exists and still fail to stop unsafe behaviour.
Practitioner guidance
- Inventory every agent identity and tool path Map where agents operate across SaaS, cloud, and endpoint environments, then record which authenticated sessions, APIs, and tools each one can reach.
- Move control points to execution time Require policy checks when the agent attempts an action, especially where data could be sent to an unapproved domain or a tool could change state in a critical system.
- Correlate posture with runtime evidence Join entitlement data, data-flow context, and runtime anomalies into one investigation workflow so analysts can see how an issue unfolded.
What's in the full article
Zenity's full year-in-review covers the operational detail this post intentionally leaves for the source:
- Environment-by-environment coverage for SaaS-managed, home-grown, and device-based agents
- The Issues and Correlation Agent workflow for reconstructing agent incidents across multiple signals
- Inline Prevention behaviour across Copilot Studio, Azure AI Foundry, and endpoint environments
- Tool-layer coverage for MCP servers and the policy patterns used to block unsafe destinations
👉 Read Zenity's year-in-review on building AI security for the enterprise →
AI agent runtime control: what security teams need now?
Explore further
Agent governance is now an identity problem, not just an AI problem. Zenity's review shows that the operational risk comes from permissions, tool use, and data movement after an agent is connected to business systems. That places AI agents inside the same governance domain as service accounts, workload identities, and privileged automation. The implication is that IAM teams cannot treat agent security as a separate control tower; it belongs inside identity governance, entitlement review, and privileged access policy.
A few things that frame the scale:
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities, according to The State of Non-Human Identity Security.
- The 2024 ESG report found that 72% of organisations have experienced or suspect they have experienced a breach of non-human identities, including 46% that confirmed one and 26% that suspected one.
A question worth separating out:
Q: How can organisations reduce risk from AI agents without slowing delivery?
A: Use policy that is specific to the action, not to the whole environment. That means defining which destinations, tools, and data classes are allowed, then blocking unsafe actions at execution time. Done well, this preserves speed while making the agent's boundaries explicit enough for governance.
👉 Read our full editorial: AI agent governance moved from visibility to real-time control