Notifications
Clear all
Topic starter
12/06/2026 9:36 pm
TL;DR: More than 60% of enterprises already have significant agentic AI usage, while about 50% of production AI agents are unknown to security teams and usage is growing at least 25% every two months, according to AuthMind. That gap means governance breaks at discovery, not just at policy enforcement, because identity systems cannot govern what they never formally registered.
NHIMG editorial — what this means for AI and NHI governance
By the numbers:
- more than 60% of enterprises already have significant agentic AI usage
- approximately 50% of AI agents operating in production environments are unknown to security teams
- agentic AI usage is growing by at least 25% every two months
Questions worth separating out
Q: How should security teams govern AI agents that were never formally provisioned?
A: Security teams should govern them through runtime discovery, ownership mapping, and behavioural controls rather than relying only on directory records.
Q: Why do unknown AI agents create a higher identity risk than approved ones?
A: Unknown agents bypass the normal lifecycle steps that make access governable, including approval, recertification, and offboarding.
Q: What breaks when AI agent access is visible only after a policy violation?
A: What breaks is the timing of governance.
Practitioner guidance
- Build a runtime AI agent inventory Correlate network activity, cloud telemetry, and identity events to establish which agents are actually operating, what they are doing, and which human owner is accountable for each one.
- Separate approved agents from observed agents Compare formally provisioned AI agents with identities discovered in production traffic, then flag any agent that lacks an approved owner, documented purpose, or lifecycle record.
- Automate containment for policy-breaking agent actions Trigger credential disablement, incident creation, and owner notification when an agent accesses secrets, production assets, or other resources outside its intended scope.
What's in the full announcement
AuthMind's full press release covers the operational detail this post intentionally leaves for the source:
- How the identity observability model reconstructs an access path from network traffic and cloud telemetry
- How the platform classifies discovered agents by type and behavioural profile
- How automated remediation is triggered, including credential disabling and ITSM ticket creation
- How the vendor frames shadow agents, unauthorized access activity, and spawned agents in its own product language
👉 Read AuthMind's announcement on AI agent identity observability and remediation →
Shadow AI agents and identity observability: are controls keeping up?
Explore further
12/06/2026 11:47 pm
Identity observability is becoming a discovery control for AI agents, not just a detection control. The article reflects a category shift: the first problem is not policy violation, but finding identities that were never cleanly provisioned into governance systems. That matters because AI agents can operate with production access while remaining invisible to recertification and ownership processes. Practitioners should treat runtime observability as a prerequisite for any credible AI agent governance model.
A few things that frame the scale:
- only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation, according to AI Agents: The New Attack Surface report.
- Another finding from the same research shows that 80% of organisations report their AI agents have already performed actions beyond their intended scope, including access to unauthorised systems, inappropriate data sharing, and revealed credentials.
A question worth separating out:
Q: Who should be accountable for AI agent identity governance?
A: Accountability should sit with the business or technical owner that can explain the agent’s purpose, approve its access, and answer for its behaviour across the full lifecycle. If no owner can do that, the agent is already outside governance. Frameworks such as NIST Cybersecurity Framework and Zero Trust Architecture both depend on clear accountability and continuous verification.
👉 Read our full editorial: AI agent identity observability exposes the shadow agent problem
