93% of Organizations Use or Plan to Use AI Agents for Sensitive Security Tasks

AI agents are moving from experimental tools to core components of enterprise security workflows, handling tasks ranging from password resets to VPN provisioning. The survey’s 93% adoption figure underscores how quickly organizations are entrusting these non‑human identities with privileged access, even as 92% report AI residing on endpoints that can reach SSH keys and encryption material. This rapid integration outpaces traditional identity controls, creating blind spots that attackers can exploit, especially when AI‑driven credentials are left unmanaged.

The rise of non‑human identities (NHIs) forces a shift from perimeter‑centric defenses to continuous, identity‑centric security. Experts highlighted that only a third of firms feel prepared to contain a breach stemming from AI‑exposed admin credentials, revealing a glaring gap in detection and response capabilities. Zero‑trust frameworks, which require every identity—human or machine—to be authenticated, authorized, and monitored for each transaction, are becoming the baseline for protecting AI‑enabled assets. Automated discovery, risk classification, and policy‑enforced credential rotation are essential to keep the expanding NHI surface under control.

To mitigate these risks, organizations should adopt a layered strategy: first, inventory every AI agent and its associated service accounts; second, enforce least‑privilege access and short‑lived credentials; third, integrate automated governance tools that provide real‑time alerts on anomalous behavior. Human oversight remains critical, ensuring that policy changes are reviewed and that AI agents operate within clearly defined boundaries. As AI adoption accelerates, firms that embed robust identity governance now will be better positioned to scale securely while avoiding the costly fallout of credential‑based attacks.