Somewhere inside your organisation, an AI agent has access to a customer database. It logs in with a shared service account, uses a token that was provisioned for a human employee who left six months ago, and operates with permissions that nobody specifically granted — and nobody specifically revoked.
This is not a hypothetical. The Cloud Security Alliance and Strata Identity surveyed enterprise security and IT leaders in late 2025, and the picture that emerged is less a gap than a structural absence. Only 18 percent of organisations expressed high confidence that their current identity systems can effectively handle agent identities. Just 23 percent have a formal, enterprise-wide strategy for agent identity management. And perhaps most telling: only 28 percent can trace an agent's actions back to a human sponsor across all environments.
The rest are operating on workarounds.
The workarounds are familiar to anyone who has watched a technology outpace its own governance. Teams share human credentials with agents because no dedicated alternative exists. Tokens get copied between environments because the provisioning process was designed for people, not autonomous systems. Access reviews — the quarterly ritual where managers confirm who should have access to what — were never designed to account for entities that run continuously, make decisions autonomously, and propagate their own context across sessions.
The identity frameworks that enterprises spent the last two decades building assumed a fundamental constraint: the entity requesting access is a person, or is directly operated by a person. Agentic AI breaks that assumption quietly, not with a dramatic failure but with a slow accumulation of unauditable actions.
Fifty-five percent of respondents in the same survey cited sensitive data exposure as their top concern with AI agents. But the exposure does not come from the agents themselves — it comes from the fact that the identity layer was never redesigned to accommodate them. An agent that inherits a human's credentials inherits that human's access scope. An agent that shares a service account with three other agents inherits an access scope that nobody intended for any single entity.
The security teams know this. Forty percent of organisations are increasing their identity and security budgets specifically to address AI agent risks. But budget is not design. Spending more on the same identity frameworks — the ones that assumed human users — does not produce agent-appropriate governance. It produces more expensive workarounds.
Ownership is another structural gap. Who is responsible for agent identity governance? The survey found the answer fragmented across security teams (39 percent), IT departments (32 percent), and emerging AI security functions (13 percent). No single function owns it in most organisations. And when nobody owns a governance surface, the governance surface does not get designed — it gets patched.
This is the pattern that repeats across every dimension of agentic AI adoption. The technology ships. The governance surfaces that the technology creates — identity, access, traceability, accountability — get addressed with adaptations of existing frameworks rather than purpose-built design. The adaptations work until they do not. By then, the agents have been running for months, the access patterns are entrenched, and unwinding them is an enterprise project in itself.
The question is not whether to govern agent identity. The budget increases say that conversation is already settled. The question is whether the governance will be designed for how agents actually work — continuous, autonomous, context-propagating, multi-session — or whether it will be another layer of human-shaped controls applied to an entity that does not behave like a human.
The difference between those two outcomes is not technology. It is design. Specifically, it is the design work that happens before the identity platform is purchased, before the access policies are written, before the first agent is provisioned with its own credentials. The work of deciding what an agent identity means in your organisation, how accountability flows from agent to human sponsor, what traceability looks like across sessions and environments.
That work has a name. It is governance design. And in most organisations building with AI agents today, it has not started yet.
One workflow at a time.
Sources: Cloud Security Alliance / Strata Identity, "Securing Autonomous AI Agents" survey, 2025-2026. CIO, "Agentic AI in 2026: More Mixed Than Mainstream," 2026.