Enterprises Are Adopting Agents Faster than They Can Secure and Govern Them – Experts Warn It’s a Disaster Waiting to Happen

The rush to embed AI agents across enterprise workflows has outstripped the evolution of identity and access management (IAM) controls. Traditional IAM solutions were designed around human authentication and static permissions, but today’s agents act continuously, stitching together legitimate credentials in novel ways. This shift creates a hidden attack surface where autonomous processes can execute privileged actions without human oversight, a trend highlighted by Ping Identity’s latest report and corroborated by IBM’s 2025 Data Breach findings.

Governance gaps are now evident in several dimensions: visibility into delegated permissions, the emergence of sub‑agent spawning that fragments audit trails, and the inability of OAuth and OpenID Connect frameworks to handle agent‑to‑agent interactions. Context leakage across systems further erodes security, as agents operate without real‑time re‑evaluation of authorizations. The SANS study reinforces these concerns, revealing that 75% of organizations see a surge in non‑human identities—service accounts, API keys, bots—while most lack the tools to monitor them, leaving a blind spot for potential exploitation.

To mitigate the looming disaster, enterprises must re‑architect IAM for continuous, dynamic identity verification. This includes adopting zero‑trust principles that enforce policy at the moment of action, integrating AI‑aware credential vaults, and deploying real‑time analytics to trace agent behavior across the stack. Vendors are beginning to offer agent‑centric governance platforms, but widespread adoption will hinge on executive commitment and regulatory pressure. As AI agents become foundational to digital operations, robust identity controls will be the linchpin of both security resilience and business continuity.