Notifications
Clear all
Topic starter
09/06/2026 11:59 pm
TL;DR: AI agents are in production at 72% of organisations, yet 92% say they cannot scale them safely and 66% grant them equal or greater access than human employees, according to JumpCloud’s Agentic IAM Pulse Report. The core problem is not adoption, but governance designed for static identities being applied to actors that can act without consistent human oversight.
NHIMG editorial — based on content published by JumpCloud: The Agentic IAM Pulse Report: Closing the Governance Gap to Accelerate with AI
By the numbers:
- 72% of organizations have AI agents in use, but 92% report serious limits in safely scaling their deployments.
- 66% of organizations grant AI agents equal or greater system access than human employees.
- 55% of organizations lack a centralized kill switch to cut AI agent access across all systems.
Questions worth separating out
Q: What breaks when AI agents are granted production access without strong governance?
A: The main failure is that agent privilege grows faster than oversight.
Q: Why do AI agents complicate IAM and PAM programmes?
A: AI agents complicate IAM and PAM because they do not fit a purely human access model and often outpace service-account assumptions.
Q: How do security teams know if AI agent governance is actually working?
A: Look for evidence that every production agent has a named owner, a narrow access scope, logged approvals for high-risk actions, and a working revocation path across systems.
Practitioner guidance
- Separate testing controls from production controls Require stricter approval, scope, and logging requirements once an agent moves from sandbox use into financial, HR, or other business-critical workflows.
- Assign a single accountable owner for each agent Map every production agent to one named security or business owner who can approve access, review behaviour, and accept remediation responsibility.
- Implement a centralized revocation path Build one control that can disable agent credentials, API tokens, and downstream access across systems without relying on separate manual steps in each platform.
What's in the full report
JumpCloud's full research covers the operational detail this post intentionally leaves for the source:
- The four-stage framework for AI agent governance and how it maps to production identity controls
- Breakdowns of access, supervision, and accountability patterns across deployed agent environments
- The report's data behind the move from testing to business-critical agent use
- The full context for JumpCloud Agentic IAM and its role in anchoring human, non-human, and autonomous identities
👉 Read JumpCloud's Agentic IAM Pulse Report on AI agent governance →
AI agents in production: are your controls keeping up?
Explore further
10/06/2026 2:33 am
AI agent governance is now an access paradox, not a tooling gap: the report shows organisations are granting agents equal or greater access than human employees while supervision declines in production. That combination means the control problem is no longer just provisioning. It is whether the enterprise can justify broad machine access without equivalent accountability. Practitioners should treat agent privilege as a blast-radius decision, not an automation convenience.
A few things that frame the scale:
- 92% of organisations acknowledge that their non-human IAM practices lag behind or are merely on par with their human identity and access management efforts, according to The 2024 Non-Human Identity Security Report.
- 23.7% of organisations share secrets through insecure methods such as email or messaging applications.
A question worth separating out:
Q: Who should be accountable when an AI agent causes a security or business incident?
A: Accountability should sit with a named owner outside the agent itself, usually a security or business leader with authority to approve scope and contain misuse. If the organisation defaults to IT alone, governance becomes operationally vague and incident response slows because no one owns the decision to restrict or stop the agent.
👉 Read our full editorial: AI agent governance gaps widen as production use expands
