Art Gilliland, CEO at Delinea.gettyHere's a simple way to think about what AI agents do inside an enterprise: They connect to your most sensitive systems and data, execute workflows on your behalf and make operational decisions at a volume and velocity no human can match. Gartner projects that 40% of enterprise applications will incorporate them by 2026, up from less than 5% in 2025. And most are completely ungoverned. That’s the part that should keep security leaders up at night. We spent decades building identity governance frameworks for human access. Then we gave AI agents broader access than most employees have, and with less oversight.The AI Security Confidence ParadoxDelinea’s 2026 Identity Security Report, "Uncovering the Hidden Risks of the AI Race," surveyed more than 2,000 IT decision makers across seven countries, and what we found can be best described as an AI security confidence paradox: Organizations feel significantly more secure than they actually are. Eighty-two percent said they were confident in their ability to discover non-human identities, including AI agents. Only 30% can validate that discovery. Ninety percent face some level of identity visibility gap. What should concern boards the most is that 90% of security teams are under pressure to loosen identity controls to keep AI initiatives moving, and fewer than one in three consistently enforce security requirements when they conflict with speed.The controls to govern AI agents already exist. Organizations are just choosing not to apply them when speed is on the line. Given the speed at which an AI breach can create damage, that’s not a sustainable position.AI Agents Are Privileged IdentitiesAI agents access sensitive data, connect to infrastructure and execute actions in your environment. They make decisions, coordinate workflows, create identities and act on behalf of users without waiting for approval. They behave exactly like a privileged human user, except faster, at higher volume and with no one watching.Privileged access management (PAM) was built precisely for this problem. Least privilege, just-in-time access, session recording and zero standing privileges also apply directly to AI agents. But it is impossible to enforce these principles in AI-driven environments manually, so the controls must be automated to keep up.​The legacy models will not work for ephemeral infrastructure running AI workloads. With agentic AI, authorization needs to be real time, with access granted just-in-time and for only what is needed to do the job. The Static Credential ProblemWhen an AI agent is provisioned with standing credentials, such as API keys, service account tokens or database passwords, they provide persistent access. They exist when the agent is active as well as when it isn’t. They can be stolen, reused and exploited. Once an attacker is inside as an authenticated user, they’re invisible to traditional controls. It’s cheaper and easier to log in than to break in.The major AI providers have reached the same conclusion. Anthropic’s secure deployment guidance explicitly recommends proxy credential injection. OpenAI co-authored an IETF draft in early 2026 that identified static API keys as an antipattern and prescribed short-lived, scoped credentials. NVIDIA injects credentials from the host so agents never hold them directly. The infrastructure to close that gap, including credential vaulting, ephemeral injection, session proxying and real-time audit, already exists in modern enterprise PAM. You Can’t Govern What You Haven’t FoundOrganizations are broadly permitting AI usage without visibility into what those systems are accessing. AI tools deploy on employee workstations, in developer environments and through unsanctioned configurations that security teams don’t manage. The agents they don't know about are the ones creating the most risk.Discovery must come first—a complete inventory across endpoints, internal servers, cloud and SaaS. From there, risk prioritization matters more than uniform enforcement. AI agents with access to production databases, financial systems or sensitive customer data require different controls than those managing internal workflows. Creating a risk-scored inventory will allow organizations to prioritize applying governance to the areas that matter most.​Humans In The Loop—But The Right LoopThe value of AI is its ability to make decisions and take action at speed. Not every session warrants human review, but some decisions do.Risk scoring is what will make the trade-off work. Low-risk, well-understood actions run automatically within defined policy guardrails. Higher-risk connections, such as an agent accessing a sensitive system it hasn’t touched before or requesting permissions outside its normal scope, should trigger human review. Automate, observe and audit everything else. The best thing is that AI can help with that, too. When governance is built in instead of bolted on, AI initiatives move faster. At Delinea, we've reduced support tickets by 30% using AI. That's a massive productivity gain for our human-led team, and we're doing it in a way that meets the security requirements our customers audit us against.Organizations that get governance right will deploy AI further and faster than those that don’t. It changes the conversation from debating whether a deployment is allowed to deciding where it makes business sense to use AI next.The controls exist. What’s missing is a prioritized starting point:• Inventory What's Running: Map AI agents across endpoints, cloud, SaaS and developer environments, including the ones your security team didn't provision. You can't govern what you haven't found.• Eliminate Standing Credentials: Replace static API keys and service account tokens with short-lived credentials injected at runtime. If an agent doesn't need persistent access, don't give it any.• Build Governance In, Not On: Treat security as part of the deployment decision, not a checkpoint after. Stop asking whether a deployment is allowed and start deciding where to go next.The Playbook Already ExistsOrganizations already have a governance model for identities with elevated access operating across sensitive systems: PAM. AI agents fit that definition completely, and must be provisioned with the same rigor applied to human users before the gap between deployment and governance gets much harder to close.​​Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?