"These new agentic identities are absolutely ungoverned, We're letting things happen right now that we would have never let happen with our human employees, We're letting thousands of interns run around in our production environment, and then we give them the keys to the kingdom. One of the key pain points that I hear from every company is that they don't know what's happening"
"In the agentic AI world, the value proposition is: give us access to more of your corporate data, and we will do more work for you, Agents need to live inside the existing ecosystem of where that data lives, and that means that they need to live within the existing authentication and access infrastructure that SaaS providers already provide to access your data."
Corporate environments host proliferating AI agents that hold accounts, tokens, and credentials enabling access to apps and data. Traditional identity security controls and least-privilege practices were designed for human users and are not applied consistently to agentic identities. Organizations are granting agents OAuth and repository tokens so agents can interact with Gmail, OneDrive, and source code repos, increasing the risk of data leakage and credential misuse. Many companies lack visibility and governance over agent activity, effectively giving wide access without audit or controls. Agent integrations need to operate within existing authentication and access infrastructure, but governance, monitoring, and policy enforcement are currently insufficient.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]