AI agents and identity controls: what IAM teams should recheck

TL;DR: 91% of surveyed organisations are already using AI agents, underscoring how access tooling is being pulled into AI workflow governance, according to 1Password and Okta; Okta’s 2026 Businesses at Work report shows 1Password grew 370% year over year in technology. The real issue is not adoption alone, but that existing identity models were built for stable users and struggle with shadow AI, over-privileged agents, and weak auditability.

NHIMG editorial — based on content published by 1Password: AI agent growth, Unified Access, and identity security for the modern enterprise

By the numbers:

• 91% of the organizations they surveyed are using AI agents.

Questions worth separating out

Q: How should security teams govern AI agents that can access multiple tools?

A: They should govern AI agents as identities with explicit runtime boundaries, not as ordinary automation.

Q: Why do AI agents create more identity risk than standard automation?

A: Because standard automation usually follows a fixed script, while AI agents can choose actions, tools, and timing within a live workflow.

Q: What breaks when employees use unapproved AI tools with company data?

A: Governance breaks because the organisation loses visibility into where data and secrets are going, who can access them, and how they are being reused.

Practitioner guidance

• Map AI agent access paths end to end Document where agents obtain credentials, which tools they can call, and which data sources they can reach.
• Separate approved AI workflows from shadow AI use Inventory employee-facing AI tools, extensions, and workflow helpers that can access company data.
• Require per-action audit evidence for agent operations Capture which identity initiated the session, which policy allowed the action, what tool was used, and whether a human approved the step.

What's in the full analysis

1Password's full article covers the operational detail this post intentionally leaves for the source:

• How 1Password positions Unified Access across humans, agents, and machine identities in enterprise workflows
• The specific AI Agent Security Benchmark context behind the company’s product narrative and rollout
• Details on just-in-time credential access for agents and secrets management for AI builders
• The way 1Password connects EPM and SaaS Manager to shadow IT and AI access management

👉 Read 1Password’s analysis of AI agent identity growth and access governance →

AI agents and identity controls: what IAM teams should recheck?

Explore further

View Full Forum →  |  NHI Foundation Course →