Notifications
Clear all
Topic starter
10/06/2026 12:06 am
TL;DR: As AI tools spread across departments, legacy IT becomes a control and visibility bottleneck, with JumpCloud citing that 37% of IT professionals see unauthorized access by automated agents as a serious threat and more than 50% of enterprises say legacy IT slows scaling. Old identity and device foundations no longer match the pace of agentic adoption.
NHIMG editorial — based on content published by JumpCloud: legacy infrastructure, AI adoption, and identity governance in the agentic future
By the numbers:
- 37% of IT professionals view unauthorized access by automated agents as a serious security threat.
- Over 50% of enterprises find legacy IT actively slows their ability to scale.
- 70% of organisations grant AI systems more access than they would give a human employee performing the exact same job.
Questions worth separating out
Q: How should security teams govern AI tools and automated agents in legacy environments?
A: Start by treating AI tools and automated agents as identity subjects with scoped access, owners, and review cycles.
Q: Why do legacy systems make AI governance harder for IAM teams?
A: Legacy systems fragment identity, device, and application control, which makes it difficult to see who or what has access at any moment.
Q: What breaks when automated agents have more access than human workers?
A: The main failure is not just overprivilege, it is loss of proportionality.
Practitioner guidance
- Map unmanaged AI and automation entry points Inventory departmental tools, scripted workflows, and AI assistants that can reach production data or applications without central approval.
- Unify identity and device governance Bring user, service account, and AI-access policy into one operational view so security teams can see privilege, device posture, and tool usage together.
- Re-scope non-human permissions to the task boundary Reduce standing access for bots, scripts, and AI-enabled tools to the minimum required for the current function.
What's in the full article
JumpCloud's full blog post covers the operational detail this post intentionally leaves for the source:
- How JumpCloud frames the Work Transformation Set across identity, device, and productivity layers.
- The self-assessment questions used to judge whether current IT foundations are ready for an agentic future.
- The full budgeting guidance on reinvesting software spend into patching and device management.
- The article's discussion of optionality and vendor fallback planning across critical capabilities.
👉 Read JumpCloud’s analysis of legacy IT, AI adoption, and identity risk →
Legacy IT and agentic AI governance: what breaks first?
Explore further
11/06/2026 1:45 am
Legacy identity tooling is the wrong control plane for agentic work. The article is really describing an identity governance failure, not just an IT modernization problem. When access decisions are split across legacy systems, AI tooling, and departmental shadow adoption, no single control plane can reliably answer who or what is acting. Practitioners should treat that fragmentation as the core risk surface, not the surrounding productivity story.
A few things that frame the scale:
- 70% of organisations grant AI systems more access than they would give a human employee performing the exact same job, according to The 2026 Infrastructure Identity Survey.
- Only 13% of organisations feel extremely prepared for the reality of agentic AI despite the majority racing toward autonomous adoption.
A question worth separating out:
Q: Who should be accountable when departmental AI tools access sensitive systems?
A: Accountability should sit with the business owner, the platform owner, and the identity team together, because no single group can explain the full access chain alone. The owner must justify the access, security must constrain it, and IAM must be able to attest it. Without that shared model, governance becomes symbolic rather than operational.
👉 Read our full editorial: Legacy infrastructure is the bottleneck in agentic AI governance
12/06/2026 3:19 am
Legacy identity tooling is the wrong control plane for agentic work. The article is really describing an identity governance failure, not just an IT modernization problem. When access decisions are split across legacy systems, AI tooling, and departmental shadow adoption, no single control plane can reliably answer who or what is acting. Practitioners should treat that fragmentation as the core risk surface, not the surrounding productivity story.
A few things that frame the scale:
- 70% of organisations grant AI systems more access than they would give a human employee performing the exact same job, according to The 2026 Infrastructure Identity Survey.
- Only 13% of organisations feel extremely prepared for the reality of agentic AI despite the majority racing toward autonomous adoption.
A question worth separating out:
Q: Who should be accountable when departmental AI tools access sensitive systems?
A: Accountability should sit with the business owner, the platform owner, and the identity team together, because no single group can explain the full access chain alone. The owner must justify the access, security must constrain it, and IAM must be able to attest it. Without that shared model, governance becomes symbolic rather than operational.
👉 Read our full editorial: Legacy infrastructure is the bottleneck in agentic AI governance
