Notifications
Clear all
Topic starter
06/06/2026 2:26 am
TL;DR: Enterprises are shifting from AI technology pitches toward packaged solutions that solve named workflows, with Automation Anywhere’s Peter White saying buyers want measurable outcomes and practical deployment over demos. The governance lesson is that AI agents only matter to identity teams when access, accountability, and outcome controls are defined around the workflow, not the model.
NHIMG editorial — based on content published by WorkOS: Two decades of automation, now supercharged by AI
Questions worth separating out
Q: How should security teams govern AI agents used in business workflows?
A: Security teams should govern AI agents as identity-bearing workflow components, not as generic AI features.
Q: Why do AI agents complicate IAM and NHI governance?
A: AI agents complicate IAM and NHI governance because they often sit between people, legacy systems, and modern APIs, using multiple identities to complete one business task.
Q: What breaks when automation teams ignore access governance for AI workflows?
A: Workflow sprawl becomes the failure mode.
Practitioner guidance
- Define an identity owner for every packaged workflow Assign a named business and technical owner to each automation so there is clear accountability for the credentials, session scope, and downstream actions it uses.
- Inventory service identities created for each automation path Track every token, service account, and delegated credential used by the workflow, including those tied to legacy terminals and on-premises systems.
What's in the full article
WorkOS's full article covers the operational detail this post intentionally leaves for the source:
- How Automation Anywhere packages workflow-specific solutions such as accounts payable automation
- The enterprise buyer feedback that shaped the shift from technology pitches to outcome-based selling
- Healthcare examples showing how AI agents are already being used in oncology trial workflows and prior authorizations
- Peter White’s direct commentary on how organizations are balancing automation, workforce anxiety, and adoption pace
👉 Read WorkOS's interview on how AI agents are changing enterprise automation →
AI agents and workflow automation: what changes for IAM teams?
Explore further
06/06/2026 4:07 am
Outcome-based automation shifts the security problem from the model to the identity boundary. The article shows that enterprises are buying solutions around named workflows, not abstract AI capability. That matters because the real control surface is the account, token, or delegated session that performs the work across systems. For IAM and NHI teams, the question becomes whether each workflow has a bounded identity with an auditable purpose and a revocation path when the process changes.
A few things that frame the scale:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%), according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: Who should own AI workflow access when business and IT teams share responsibility?
A: Ownership should sit with the business process owner and the technical identity owner together, because neither side can fully see the risk alone. The business side understands the task boundaries, while the identity team controls entitlement design, review cadence, and revocation. Shared ownership without explicit accountability usually leaves gaps in offboarding and audit trails.
👉 Read our full editorial: AI agents succeed when they solve named business workflows
