Most Organizations Now Use AI Agents for Sensitive Security Tasks

The rapid integration of AI agents into identity‑centric workflows marks a pivotal shift in enterprise security. According to Semperis’ State of Identity Security in the AI Era, an overwhelming 93% of surveyed firms across the U.S., Europe, Asia‑Pacific and Australia already rely on or intend to use autonomous agents for tasks ranging from password resets to VPN provisioning. This acceleration offers operational speed and cost savings, yet it also places AI‑driven processes directly in contact with privileged credentials, SSH tunnels and encryption keys—an exposure that 92% of respondents acknowledge. As AI‑generated attacks become more sophisticated, the potential for large‑scale credential theft grows, underscoring the urgency for robust defensive measures.

Compounding the risk is the proliferation of non‑human identities (NHIs) that often receive the same permissions as human users. The study reveals that many organizations struggle with “zombie” agents—abandoned or over‑privileged bots that can be hijacked by threat actors. Only 65% of firms have a formal registration, authentication and authorization workflow for AI identities, and a troubling 6% admit they do not track these agents at all. When AI agents share the same trust boundaries as employees, the attack surface expands dramatically, making traditional identity governance frameworks insufficient.

Industry leaders are responding by treating AI agents as distinct NHIs and enforcing least‑privilege, just‑in‑time access controls. Semperis recommends deploying user and entity behavior analytics (UEBA) to flag anomalous agent activity and establishing rapid recovery protocols for compromised identity systems. With 83% of organizations planning to prioritize AI identity governance within the next year, the market is likely to see a surge in specialized tools that provide granular visibility, automated policy enforcement, and resilient incident response capabilities. Companies that embed these guardrails now will be better positioned to reap AI’s efficiency gains while mitigating the heightened risk of credential‑based breaches.