A new SANS Institute survey exposes a dangerous asymmetry between the explosive proliferation of non-human identities and the outdated governance mechanisms meant to contain them, leaving enterprises critically exposed as agentic AI systems gain autonomous access to core infrastructure, according to ITPro.The research found that while three-quarters of organizations are deploying AI agents requiring privileged credentials, five percent of security leaders are completely unaware whether such systems even exist within their environments. The credential hygiene picture is equally bleak: ninety-two percent of firms fail to rotate machine secrets on a standard ninety-day cycle, with many teams paralyzed by the fear that changing a key will trigger cascading service outages."Organizations are giving AI systems real decision-making power faster than they're building the governance to control it," warned SANS instructor Richard Greene. Unlike static service accounts, AI agents interpret instructions dynamically and can hallucinate or escalate actions unpredictably. Yet no single protective measure, whether human-in-the-loop approvals, sandboxing, or comprehensive audit logging, is deployed by more than forty percent of respondents, creating a vast and largely unsupervised attack surface populated by autonomous software operating with effectively perpetual credentials.
You can skip this ad in 5 seconds




