Identity alone is no longer a sufficient governance primitive for agentic systems. The article is right to separate who an agent is from what it is trying to accomplish. In enterprise governance, identity has historically worked because intent was either human-readable or bounded by predictable workflows. That assumption breaks when agents act continuously, consume data autonomously, and make decisions faster than review cycles. The implication is that access governance must stop pretending identity can stand in for behavioural authorisation.
A few things that frame the scale:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%), according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: What should organisations do first when they start governing AI agent behaviour?
A: Start with the highest-impact workflows that touch customers, spend or sensitive data, then define purpose, allowed data, escalation rules and expiry for each one. That approach gives you the fastest risk reduction because it focuses on where intent drift causes the most damage.
👉 Read our full editorial: Intent passports for AI agents: what identity alone misses