Notifications
Clear all
Topic starter
12/06/2026 9:43 pm
TL;DR: AI agents are already in production at 72% of organisations, yet most are deployed without registration, access review, or offboarding, according to JumpCloud’s Agentic IAM Pulse Report. The governance gap is not theoretical: when the actor is autonomous, access review assumes a stable subject and a reviewable window that no longer exists.
NHIMG editorial — based on content published by JumpCloud: HR for Agents and AI agent lifecycle governance
By the numbers:
- 72% of organizations already have AI agents in production.
- 55% of organizations lack a centralized kill switch for their AI agents.
- 33% say their only option to shut one down is to go system by system.
Questions worth separating out
Q: What breaks when AI agents are deployed without lifecycle governance?
A: Without lifecycle governance, AI agents become unowned identities with unclear purpose, uncontrolled access, and no reliable offboarding path.
Q: Why do AI agents complicate IAM and IGA programmes?
A: AI agents complicate IAM and IGA because they behave like identities but are often created and retired outside normal joiner-mover-leaver processes.
Q: How do organisations know whether AI agent governance is working?
A: Agent governance is working when every agent has a registered owner, a defined scope, an audit trail, and a tested shutdown path.
Practitioner guidance
- Register every agent before provisioning access Create a mandatory intake record for each agent with purpose, human owner, system scope, and expiration criteria before any token or API permission is issued.
- Assign one accountable owner per agent Make a named owner responsible for access requests, change approvals, and retirement decisions so accountability does not disappear into the engineering backlog.
- Test a centralized shutdown path Verify that security or IT can disable the agent from a single control point and that all dependent credentials, connectors, and workflows are revoked together.
What's in the full article
JumpCloud's full article covers the operational detail this post intentionally leaves for the source:
- A practical HR for Agents™ lifecycle model for onboarding, management, and offboarding
- Examples of how IT should scope agent access to production systems and analytics datasets
- The centralised kill-switch problem and why system-by-system shutdown creates zombie agents
- The article's framing for why IT, not HR, should own agent identity governance
👉 Read JumpCloud's analysis of HR for Agents and AI agent lifecycle governance →
HR for agents: what does AI agent lifecycle governance need now?
Explore further
12/06/2026 11:59 pm
HR for agents is a useful shorthand, but the real issue is lifecycle governance for autonomous identities. The article is right to shift the question away from HR processes and toward IT ownership, because agents operate in systems, not personnel files. The governance problem is that many programmes still treat agent deployment as a workflow shortcut rather than a managed identity lifecycle. Practitioners should read this as a warning that unmanaged agent sprawl will outrun human-centric approval models.
A few things that frame the scale:
- 70% of organisations grant AI systems more access than they would give a human employee performing the exact same job, according to The 2026 Infrastructure Identity Survey.
- Only 44% of organisations have implemented any policies to manage their AI agents, despite 92% agreeing that governing AI agents is critical to enterprise security.
A question worth separating out:
Q: Who should be accountable for AI agent lifecycle management?
A: Accountability should sit with the organisation’s identity and access function, usually IT in partnership with security, because agents consume APIs, data, and infrastructure permissions. HR processes are useful as an analogy, but they do not own technical access. The accountable team must be able to provision, review, and revoke access across the agent’s full lifecycle.
👉 Read our full editorial: HR for agents exposes the missing lifecycle model for AI access
