Strata commissioned a survey through the Cloud Security Alliance in early 2026. The headline finding: only 23% of organizations have a formal, enterprise-wide strategy for agent identity management.
That number alone would be alarming. The context makes it worse.
37% rely on “informal practices.” Ownership is fragmented — security teams (39%), IT departments (32%), and emerging AI security functions (13%) all claim partial responsibility, and none have full accountability. Nearly 80% of organizations deploying autonomous AI agents cannot reliably tell you what those systems are doing or who is responsible for them.
This is the AI agent identity crisis. Not the philosophical kind. The operational kind.
Here’s what it looks like in practice: only 28% of organizations can trace an agent’s actions back to a human sponsor across all environments. Only 21% maintain a real-time inventory of active agents. The authentication methods are sobering — 44% use static API keys, 43% rely on username and password combinations, and 35% depend on shared service accounts. These are the credentials we retired for human users a decade ago. For agents, they’re standard.
The Gravitee State of AI Agent Security 2026 report puts a number on the consequences: 88% of organizations reported confirmed or suspected AI agent security incidents in the last year. In healthcare, it’s 92.7%. These aren’t hypothetical risks. They’re happening at the intersection of production autonomy and missing identity governance.
The industry knows this is a problem. The response has been impressive in volume and narrow in scope.
Okta’s agent identity platform reaches general availability April 30. It governs access. Cisco’s Zero Trust framework now extends to agents — agent discovery, agentic IAM, and policy enforcement. Microsoft’s Agent Governance Toolkit, open-sourced in April, enforces runtime policies at sub-millisecond latency. Token Security built a product specifically for giving AI agents an identity and a leash.
Every one of these products addresses the enforcement layer: how to control what agents can access, how to authenticate them, how to monitor their behavior. This is necessary infrastructure.
But enforcement assumes the identity model already exists. Before you govern access, someone has to decide: which agents get which permissions, under what conditions, reviewed how often, escalated to whom, and revoked when? Before you enforce a policy, someone has to write the policy. Before you monitor behavior, someone has to define what acceptable behavior looks like.
That’s governance design. It’s organizational work — understanding the workflow, the data boundaries, the stakes, the people involved, the failure modes that matter. It can’t be automated by an enforcement toolkit any more than a firewall can write your security policy.
The Strata/CSA survey found that 40% of organizations are increasing their identity and security budgets specifically for AI agent risks. 34% have established dedicated budget lines. The money is flowing toward enforcement. The design work — the decisions about what to enforce — remains unfunded, unowned, and unstructured.
Less than half of organizations feel confident they could pass a compliance review focused on agent behavior. With EU AI Act high-risk obligations arriving in August and Colorado becoming the first US state to enforce AI governance requirements in June, the compliance question is no longer theoretical. Neither regulator cares whether you have an enforcement toolkit. Both will ask: what are your rules, and how did you design them?
The identity crisis isn’t that agents lack identity management tools. It’s that nobody has done the organizational work of deciding what those tools should enforce.