AI agent sprawl: what IAM teams need to do about the risk

TL;DR: Enterprise AI agents are expanding the attack surface faster than traditional cybersecurity can govern, with the source article citing 75% of organisations experiencing a SaaS security incident in the past 12 months and 86% of cyber leaders reporting at least one AI-related incident last year. The core problem is not automation itself, but that autonomous agent behaviour breaks IAM assumptions about stable access, predictable intent, and reviewable privilege.

NHIMG editorial — based on content published by ZioSec: The SaaSpocalypse: Navigating Enterprise AI Agent Risks with OpenClaw and Beyond

By the numbers:

• 75% of organizations experienced a SaaS security incident in the past 12 months, a 33% spike from 2024.
• 88% of organizations reported confirmed or suspected AI agent security incidents in the last year, and the healthcare sector reached 92.7%.
• 97% of AI-related security breaches involved AI systems lacking proper access controls.

Questions worth separating out

Q: How should security teams govern AI agents that can act across multiple business systems?

A: Treat each AI agent as a non-human identity with an owner, a purpose, and a narrow capability set.

Q: Why do AI agents create more risk than traditional automation?

A: Traditional automation follows predetermined rules, while AI agents can select actions and interact with systems in ways that are harder to predict and certify.

Q: What breaks when AI agent access is not tightly scoped?

A: The main failure is blast-radius expansion.

Practitioner guidance

• Inventory every AI agent as a non-human identity Record each agent's owner, business purpose, tool set, data sources, and downstream systems.
• Constrain agent capability with explicit allowlists Limit every agent to approved tools and destinations only, and review those permissions whenever the workflow changes.
• Tie agent approval to business-unit accountability Require named approval for each agent's scope, then make the owner accountable for reviews, logging, and exception handling.

What's in the full article

ZioSec's full article covers the operational detail this post intentionally leaves for the source:

• The article's deeper breakdown of OpenClaw's capability-management approach for limiting agent tool use.
• The vendor's wider governance framework for AI trust, risk, and security management across business units.
• The article's discussion of how to integrate agent controls with IAM, DLP, and SIEM workflows.
• The source's examples of AI risk scenarios across multi-agent and SaaS-heavy environments.

👉 Read ZioSec's analysis of the SaaSpocalypse and AI agent risk →

AI agent sprawl: what IAM teams need to do about the risk?

Explore further

View Full Forum →  |  NHI Foundation Course →