The rapid, ungoverned adoption of AI agents in corporations is creating a severe identity security crisis, with thousands of autonomous "agentic identities" accessing critical data with little oversight, according to The Register.These agents, which use OAuth tokens and API credentials to function, are proliferating at a staggering rate. Cyata CEO Shahar Tal reports discovering one to 17 agents per employee during client scans. Unlike predictable human or machine accounts, agents are dynamic and non-deterministic, acting around the clock in unpredictable ways, which renders traditional IAM and PAM tools "near impossible at scale," according to Teleport CEO Ev Kontsevoy. This has led to a surge in "shadow AI," where employees use personal accounts on tools like ChatGPT to create powerful, unsanctioned agents with broad access.Security experts warn this creates massive risk, as agents can be manipulated via prompt injection or become "superusers" chaining together sensitive accesses. The consensus is that ground zero for security is discovery and attribution: companies must first identify all agents and tightly associate them with the human who created them to understand and mitigate the blast radius.
You can skip this ad in 5 seconds