TL;DRAI

82% delle organizzazioni scopre AI agent creati senza controllo della security, 65% subisce incident. Gli agent accedono a sistemi critici (Salesforce, database) senza governance adeguata. Per manager tech, la governance degli agent influisce su decisioni di stack/integrazione: a quali sistemi accede, quale scope ha, quali credenziali assegna. Governance continua per controllare scope creep.

For years, security teams built their programs around a simple premise of if you control the identities, you can control the risk. Employees authenticate through identity providers. Service accounts connect systems. API keys let workloads talk to cloud services and databases.

The actors have been very predictable. And as a result, the identity security and governance model have followed that predictability. Now, this premise is breaking.

AI agents entered the enterprise quietly, summarizing meetings, drafting emails, helping employees find information. Most security teams didn't think hard about them at first. They looked like productivity tools, because that is exactly what they were.

Then, organizations started connecting them to critical business services such as Salesforce, Snowflake, GitHub, Jira, production databases, and cloud environments. Now, they retrieve information, trigger workflows, update records, write and deploy code, and take actions across multiple systems.

Sometimes on the behalf of a human, sometimes autonomously, and sometimes in ways where it's genuinely unclear which.

bleepingcomputer.com

Every AI Agent Is an Identity. Most Organizations Don't Treat Them That Way

AI agents can access data, trigger workflows, deploy code, and interact with critical business systems, often with little oversight. Token Security breaks down why AI agents are becoming a new identity and governance challenge.

venerdì 19 giugno 2026 New tab

TL;DRAI

978 words~4 min read

The actors have been very predictable. And as a result, the identity security and governance model have followed that predictability. Now, this premise is breaking.

Sometimes on the behalf of a human, sometimes autonomously, and sometimes in ways where it's genuinely unclear which.

Every AI Agent Is an Identity. Most Organizations Don't Treat Them That Way

Every AI Agent Is an Identity. Most Organizations Don't Treat Them That Way

Other newsrooms on this story

Related reading

When AI Agents Act, Who Is Liable?

Non-Human Identity Governance: Field Tips for 2026

AI Agent Identity Redefines Governance And Expands The Attack Surface

Critical IAM Priorities In The Age Of Machine Identities

AI Agents Are Becoming Employees, So Why Aren’t We Governing Them Like One?

The invisible workforce – why AI agents need new identity rules

Other newsrooms on this story

Related reading

When AI Agents Act, Who Is Liable?

Non-Human Identity Governance: Field Tips for 2026

AI Agent Identity Redefines Governance And Expands The Attack Surface

Critical IAM Priorities In The Age Of Machine Identities

AI Agents Are Becoming Employees, So Why Aren’t We Governing Them Like One?

The invisible workforce – why AI agents need new identity rules