According to TheRegister.com, corporate use of AI agents is creating a massive, ungoverned security crisis, with experts comparing it to letting “thousands of interns run around in our production environment.” Shahar Tal, CEO of cybersecurity firm Cyata, states these “agentic identities” are completely ungoverned, and discovery scans often reveal thousands of unknown identities already in corporate systems. By 2026, Gartner predicts 40 percent of all enterprise applications will integrate with task-specific AI agents, a huge jump from less than 5 percent in 2025. The problem is exacerbated by a “hyper-consumerized consumption model” where employees easily create agents and delegate their own access, leading to widespread “shadow AI.” Red teams have already demonstrated risks, like at Block, where an AI agent was manipulated via prompt injection to deploy info-stealing malware.
The identity crisis that’s not human or machine
Here’s the core problem: our entire corporate security playbook for the last few decades is built on a simple binary. You have human identities (employees) and machine identities (service accounts, scripts). IAM and PAM tools are designed for that world. But AI agents smash that model to pieces. As Teleport CEO Ev Kontsevoy told The Register, agents aren’t human, but they don’t behave like scripts either. They’re dynamic, context-aware, and act in unpredictable ways. They might try a task five different ways, creating new access paths each time. So how do you apply “least privilege” to something that’s inherently non-deterministic? You basically can’t with the old tools. It’s like trying to put a leash on smoke.
Why this is exploding now
Look, the drive for productivity is overpowering caution. Every vendor’s pitch is the same: give our agent more data access, and it will do more work for you. And it’s stupidly easy for a single engineer to spin up an agent using a personal account for ChatGPT or Cursor, hook it into a dozen MCP servers and data sources, and create what Tal calls a “super-connected” agent. The IT and security teams have zero visibility. None. That’s the “shadow AI” problem. And because these agents often proxy a human’s access tokens, a compromised agent doesn’t just leak its own data—it can leak everything that human has access to. The blast radius is potentially enormous.
What does a fix even look like?
The experts quoted have a starting point, but it’s a massive uphill climb. Step one is brutal honesty: discovery. You have to find all the agents, sanctioned and unsanctioned. Then, as Nudge Security’s Russell Spitler says, you have to “pop the bubble” of immaculate conception and tightly tether every agent to the human who created or manages it. You need to understand the scope of access that human has proxied to the bot. From there, it’s about continuous monitoring, risk profiling, and trying to put behavioral guardrails in place. But let’s be real: this is a brand-new field. We’re talking about securing autonomous, reasoning entities that outnumber humans in some environments 82-to-1. Traditional perimeter security is dead, and now our internal identity fabric is fraying. It’s a foundational shift that demands new tools and a new mindset, fast. As the agent count skyrockets toward that 2026 prediction, the window to get this under control is closing. The “thousands of interns” already have the keys. Now we have to figure out how to get them back.
