Agent identity
Every agent as a first-class identity with its own lifecycle, scoped permissions and audit trail. Most enterprises bypassed all of it.
Decades of rigorous IAM for humans, bypassed for agents: two-thirds of enterprises run weaker protections on their most privileged actors. The fix is three shifts toward treating every agent as a first-class identity, the way privileged human accounts are managed.
The bypass
Organizations spent decades building rigorous identity and access management for human employees, with background checks, role based permissions, access reviews, audit trails, credential rotation and off-boarding procedures. When AI agents arrived, most enterprises bypassed all of it. Only one-third of organizations are applying the same security controls to agents as they do to humans, and nearly two-thirds deploy weaker protections for AI agents despite their privileged access to sensitive systems. Worse, 52% of employees use unapproved AI tools, which means that shadow AI is already inside the perimeter. The consequence, according to the IBM Institute for Business Value, is that two-thirds of CIOs and CTOs report being held accountable for AI systems they do not fully control, while 70% say their organizations are deploying technology faster than IT teams can track. Employees across marketing, finance and product teams are independently spinning up agents, connecting LLMs to workflows and granting access to sensitive data without IT visibility.
Three shifts
The emerging best practice to combat this phenomenon is that every agent must be treated as a first-class identity with its own lifecycle and granular permissions, the same way organizations manage privileged human accounts. In order for this to happen three shifts have to occur. From role-based to intent-based access control: while traditional RBAC grants static permissions based on role, intent-based access grants permissions based on what the agent is trying to do at that moment, in the current session, for the specific task. From persistent to session-based access: permissions should be scoped and short-lived; the agent gets what it needs for the execution at hand and no more, and credentials expire when the session ends. From shared accounts to individual identity: shared service accounts are not allowed; each agent gets its own identity, its own audit trail and its own lifecycle.
Beyond sessions
Continuous authorization takes the session-based model one step further, by treating every sensitive operation as an independent decision point, evaluating behavioral baselines, network context, device consistency, query volume and data sensitivity in real time. RBAC answers whether an agent can perform an action. Continuous authorization answers whether it should be doing so right now, within the current environment and in the current circumstances.
McKinsey's five structural controls for governance readiness include agent inventory and identity binding: cataloguing every agent with defined scope, access levels and accountable owners. The bottom line: agents need capability-scoped permissions, task-scoped credentials and layered enforcement.
| Claim | Source | Status |
|---|---|---|
| McKinsey's five structural controls for governance readiness include agent inventory and identity binding: cataloguing every agent with defined scope, access levels and accountable owners. | AI Trust Report 2026 | verified 2026-07-02 |
| Continuous authorization treats every sensitive operation as an independent decision point, evaluating behavioral baselines, network context, device consistency, query volume and data sensitivity in real time. | Designing Continuous Authorization for Sensitive Cloud Systems | verified 2026-07-02 |
| Every agent must be treated as a first-class identity with its own lifecycle and granular permissions. | Agentic Identity and Access Management | verified 2026-07-02 |
| Two-thirds of CIOs and CTOs report being held accountable for AI systems they do not fully control; 70% say their organizations deploy technology faster than IT teams can track. | CIOs Plagued by Growing AI Accountability Gap | verified 2026-07-02 |
| Agents need capability-scoped permissions, task-scoped credentials and layered enforcement. | AI Agent Identity and Permission Challenges: Uber and Auth0 | verified 2026-07-02 |
| Only one-third of organizations apply the same security controls to agents as to humans; nearly two-thirds deploy weaker protections for AI agents despite their privileged access, and 52% of employees use unapproved AI tools. | AI Agents at Work 2026 | verified 2026-07-02 |