ProBackend
agent sprawl and shadow ai
3 hours ago5 min read

Agents as Identities: The IAM Gap Every Enterprise Is Ignoring

AI agents are quietly becoming privileged insiders in enterprise systems — yet most security teams have no inventory, governance model, or least-privilege controls for them. An opinion piece by Todd Thiemann (principal analyst, Omdia) on TechTarget provides one of the clearest frameworks for understanding identity security for AI agents, while a 2026 survey finds 82% of organizations have discovered AI agents created without security's knowledge, and 54% have already suffered agent-related security incidents. The identity layer that IAM teams spent a decade building was designed for humans and service accounts, not autonomous agents that create, use, and rotate credentials at machine speed.

Research notes

SECTION OUTLINE + VERIFIED FACTS

1. The Premise Is Breaking — AI Agents Are Identities Now (Thiemann/Omdia Framework)

  • Todd Thiemann (principal analyst, Omdia) provides one of the clearest frameworks for understanding identity security for AI agents in his TechTarget opinion piece
  • For years, security controlled risk by controlling identities: employees authenticate through IdPs, service accounts connect systems, API keys let workloads talk to cloud services
  • AI agents entered enterprises quietly as productivity tools, then got connected to critical business services: Salesforce, Snowflake, GitHub, Jira, production databases, cloud environments
  • Agents now retrieve information, trigger workflows, update records, write/deploy code across multiple systems — sometimes autonomously, sometimes unclear which
  • This makes them identities, not just tools — and most enterprises have no security/governance models for them
  • Thiemann's framework: treat agents as first-class identities with owners, access, behavior, risk, and lifecycle controls

2. The Sprawl Problem: High-Privilege, Low-Visibility Actors

  • Pattern is consistent across organizations: new identity layer built on existing infrastructure with almost none of the controls IAM teams spent a decade putting in place
  • An agent might be created by one team, used by another, connected to five different applications, running on credentials provisioned for a completely different purpose
  • Got broad access early because someone needed it to work and didn't want to slow things down
  • Result: sprawl of high-privilege, low-visibility actors most security teams can't inventory, let alone govern

3. The Numbers: Agents Doubling, Security Standing Still (Gravitee/CSA Data)

  • Enterprise AI agent fleets have roughly doubled since December 2025 (Gravitee State of AI Agent Security Report, April 2026, n=750 CIOs/CTOs/VPs)
  • 48% of production AI agents are running unsecured (Gravitee)
  • Only 9.5% of organizations secure more than 80% of their agents (Gravitee)
  • Mean monitoring coverage: 52%, barely moved since Dec 2025 (46.96% → ~52%) despite fleet doubling
  • 81.7% of organizations plan to deploy more agents in next 12 months, with 28% planning significantly more
  • Gartner predicts Fortune 500 will have over 150,000 agents by 2028, up from fewer than 15 in 2025
  • 82% of organizations discovered at least one AI agent created without knowledge of security, IT, or governance teams in past year; 41% found this happening multiple times (CSA 2026 survey)

4. The Incident Rate: This Is Already Happening

  • 54% of organizations have experienced or suspected an AI agent security/data privacy incident in past 12 months (Gravitee, April 2026)
  • 34.9% confirmed an incident occurred; Telecoms (67.3%) and Financial Services (54.7%) lead sector incidence rates
  • 65% of organizations experienced a security incident involving an AI agent in the past year, with 61% reporting exposure/mishandling of sensitive data (CSA 2026 survey)

5. Six Failure Patterns Behind the Incidents

  • Excessive permissions and over-privileged access: most consistently reported failure pattern — agents granted broader access than their function requires, often rooted in shared service accounts or inherited credentials
  • Data retention and privacy violations: agents storing, caching, or processing data beyond what's needed
  • Other patterns from Gravitee report include: misconfigured integrations, lack of pre-deployment governance, and deliberate adversarial exploitation (new pattern in April 2026)
  • Only 19.7% of organizations say all their agents are fully secured and governed before going live
  • No single pre-deployment control is used by even 40% of organizations: named person accountable (37.8%), security review from IT/CISO (35%), documented process to pause/revoke access (34.1%)

6. What Security Teams Need: Discovery, Purpose, Continuous Governance (Thiemann's Prescription)

  • Discovery/Inventory: Need to answer who owns this agent, who can invoke it, what systems connected, what credentials used, what can it read/write/delete/execute
  • Purpose-based governance: Security can't be purely permission-based — must account for agent intent. Sales prep agent only needs read access to CRM, not delete database tables
  • Least privilege policy drift: When you understand what an agent is supposed to do, you can evaluate whether permissions match scope — and in practice they rarely do; gap widens over time
  • Continuous governance: Access reviews/audits are point-in-time checkboxes and false security. Agents change, instructions update, user bases shift, integrations expand — governance must be continuous to catch agents accessing applications outside normal pattern
  • AI agents create, use, and rotate identities at machine speed, outpacing traditional IAM controls

7. The Path Forward: Treat Agents as First-Class Identities (Thiemann's Conclusion)

  • Enterprises that succeed won't block agents entirely — they'll make them governable and promote secure AI innovation
  • Treat agents as first-class identities with owners, access, behavior, risk, and lifecycle controls (Thiemann/Omdia)
  • AI agents are becoming privileged insiders; security and identity programs must catch up before those insiders become invisible attack paths
  • Need: consistent identity models, centralized enforcement, clear ownership, and continuous visibility (Gravitee)

TITLE NOTES

  • Draft title "Agents as Identities: The IAM Gap Every Enterprise Is Ignoring" is an original rewrite — does not copy or closely mirror any source headline
  • Thiemann's TechTarget opinion piece provides strategic framework; our title focuses on the IAM governance gap
  • Gravitee headline: "Adoption Is Outpacing Control — The State of AI Agent Security 2026"

SOURCE VERIFICATION SUMMARY

  • Dark Reading article (Todd Thiemann, Omdia principal analyst): Verified URL provided by user. Opinion piece on identity security for AI agents — one of the clearest frameworks available.
  • BleepingComputer article (sponsored by Token Security, June 2026): Verified via web_extract. Contains CSA 2026 survey stats (82%, 41%, 65%, 61%), identity sprawl narrative, continuous governance argument.
  • Gravitee State of AI Agent Security Report (April 2026, n=750): Verified via web_extract. Contains deployment scale data (doubling in 4 months), 48% unsecured, 54% incidents, six failure patterns, pre-deployment governance gaps.
  • CSA 2026 Survey: Referenced in BleepingComputer article as commissioned by Token Security. Stats: 82% discovered agents without security knowledge, 41% multiple times.
  • Gartner 2026 prediction: Cited in Gravitee report — Fortune 500 will have 150,000+ agents by 2028.

CATEGORIES TO USE

  • Primary: "Agent Sprawl and Shadow AI" (id: 9060b5cd-f42c-4727-b4a7-25e9d78cc52d) — domain: AI & Cybersecurity Governance
  • Secondary: "Access Management & IAM Security" (id: 3a7987b3-d077-48cb-a37f-45d127ea7a76) — domain: Security & Compliance

Research notes

More blogs