Why companies must train their people on agentic AI

COMMENTARY: Agentic adoption accelerated in the past year, and identity security has gone from an IT concern to a board-level priority, one commanding unprecedented urgency, visibility, and investment.

Non-human identities (NHIs) now drive agentic access across systems. Service accounts and principals, API keys, and tokens already outnumber human users in most digital environments.

[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]

Our data indicates AI agents will outnumber employees by the end of this year. NHIs don’t ask for access. They operate 24x7, often with elevated permissions, and hold the keys to our most sensitive systems. The result: under-governed NHIs that create invisible risks that escalate faster than any security team can react.

The workforce gap meets the identity gap

Today, we don’t have enough people to secure the systems we’ve built. The cybersecurity workforce faces a global shortage of 4 million professionals, and fewer than 14% of organizations feel confident they have both the talent and the skills needed to meet their security objectives. Identity and cloud security skills are particularly scarce. Organizations can deploy advanced identity solutions and multi-cloud architectures, but without trained teams, these tools are underutilized or misconfigured. This leaves NHIs to operate unchecked.

Managing NHIs does not represent a technology problem. It’s a people problem. Teams must understand the unique behaviors, lifecycles, and risk profiles of machine identities. We must have continuous training today to help them learn how to do that. Unlike traditional identity management, NHIs evolve constantly. New autonomous workflows and agentic AI capabilities appear weekly or even daily. Without ongoing education, skills stagnate, and risk compounds.

Why training must lead the charge

We need people who are trained, empowered, and equipped to manage NHIs with the same rigor we apply to human identities. Yet, 90% of organizations reported skills gaps within their security teams. That means the very people tasked with protecting our most sensitive systems often lack the knowledge needed to govern machine identities effectively.

Security leaders, identity architects, DevOps teams, and compliance officers must understand the unique lifecycle of NHIs: how they are created, how they are granted access, how they are monitored, and how they are decommissioned. Without that expertise, controls fail in a world where identities are ephemeral, automated, and increasingly intelligent.

Here's what continuous training looks like:

Tools alone are insufficient. The workforce executing and improving these processes determines security outcomes. Continuous training does not just mitigate risk, it enables innovation. Trained teams can deploy AI initiatives confidently, integrate multi-cloud architectures, and automate processes safely.

With 78% of organizations now using AI in at least one business function, the need for skilled professionals who understand how to secure NHIs has become more urgent than ever. Security becomes a strategic enabler rather than a reactive afterthought.

The community has been clear: we need more than theory to unlock agentic AI. We need skills, a common language, and a workforce capable of operating at the speed of autonomous systems. Organizations that invest in continuous NHI security and management education will protect their assets and gain a competitive edge.

Today, companies must train their teams, or risk falling further behind in the AI race.

Danny Brickman, co-founder and CEO, Oasis Security

SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.