TL;DR: AI agent usage is growing about 25% every two months in enterprise environments, yet many teams still cannot see which roles, secrets, and downstream systems agents touch, according to AuthMind’s analysis. The governance problem is not logging volume, but the fact that agentic access happens at machine speed across control points IAM teams do not continuously observe.
NHIMG editorial — based on content published by AuthMind: AI agent identity visibility and the access visibility gap
By the numbers:
- AuthMind's data shows agentic AI usage growing roughly 25% every two months in enterprise environments.
- Only 5.7% of organisations have full visibility into their service accounts.
- 92% of organisations expose NHIs to third parties, raising concerns about supply chain security.
Questions worth separating out
Q: How should security teams govern AI agent access when visibility is incomplete?
A: They should govern the access chain, not just the sign-in event.
Q: Why do AI agents create a different visibility problem from service accounts?
A: AI agents create a behaviour problem as well as an entitlement problem.
Q: What signals show that AI agent access is outside governance boundaries?
A: Look for first-time role assumptions, unusual secret retrieval, access to endpoints outside the normal workflow, and activity that appears only in partial telemetry.
Practitioner guidance
- Map the agent access chain end to end Inventory every point where an AI agent authenticates, assumes a role, retrieves a secret, or calls a downstream system.
- Test SIEM coverage against real agent behaviour Run controlled agent tasks and confirm whether the SIEM sees the role assumption, secret retrieval, and external API call as connected evidence.
- Define first-time and unusual-access alerts for agents Alert when an agent retrieves a credential for the first time, uses an unexpected role, or reaches an endpoint outside its normal workflow.
What's in the full article
AuthMind's full analysis covers the operational detail this post intentionally leaves for the source:
- The end-to-end telemetry mapping for AI agent authentication, role assumption, secret retrieval, and downstream API activity.
- The operational distinctions between identity logs, workload telemetry, and network-level observability in agent governance.
- The specific visibility checkpoints security teams need to reconstruct agent behaviour during review or investigation.
- The practical implementation details behind real-time correlation of agent access across identity and secrets infrastructure.
👉 Read AuthMind's analysis of AI agent identity visibility gaps →
AI agent visibility gaps: what IAM teams need to see now?
Explore further
Access review cadence is a governance assumption built for persistent identities, not machine-speed agents. Quarterly or periodic review processes assume access remains stable long enough to be observed, certified, and revoked after the fact. That assumption fails when an AI agent can authenticate, assume a role, retrieve a secret, and complete its task before the next review window opens. The implication is not simply that review frequency is too slow, but that the review model itself no longer matches the actor.
A few things that frame the scale:
- Only 5.7% of organisations have full visibility into their service accounts, according to the Ultimate Guide to NHIs.
- 79% of organisations have experienced secrets leaks, and 77% of those incidents resulted in tangible damage.
A question worth separating out:
Q: How do organisations make AI agent visibility useful for compliance and incident response?
A: They need a record that links identity events to task execution in real time. That evidence should show which credentials were used, which systems were contacted, and whether the access stayed within approved scope. Without that chain, compliance teams cannot prove authorization and responders cannot reconstruct impact quickly.
👉 Read our full editorial: AI agent identity visibility gap is breaking existing security models