The Identity Crisis No One Planned For: AI Agents Are Multiplying Faster Than Companies Can Control Them

AI agents are multiplying inside enterprises faster than security teams can track them, creating an unprecedented identity governance challenge. Okta and others are racing to build frameworks that treat autonomous agents as managed identities — before the gap between deployment speed and security controls becomes catastrophic.
The Identity Crisis No One Planned For: AI Agents Are Multiplying Faster Than Companies Can Control Them
Written by Lucas Greene

Sometime in the next twelve months, the number of AI agents operating inside large enterprises will surpass the number of human employees. That’s not a theoretical projection. It’s already happening at some companies. And most of them don’t have the faintest idea how to govern these digital workers — who created them, what they can access, or what they’re doing right now.

The problem is deceptively simple. Every AI agent needs an identity. It needs credentials. It needs permissions. It needs someone — or something — accountable for its actions. But the infrastructure that manages human identities inside organizations was never designed for machines that can spawn other machines, act autonomously, and make decisions at speeds no human can audit in real time.

This is the governance gap that Okta, the identity and access management giant, is now racing to fill. As Fortune reported, the company has positioned AI agent identity as the central challenge of enterprise security in 2026, arguing that without proper identity frameworks, organizations are essentially handing keys to autonomous systems without knowing which doors those keys open. Todd McKinnon, Okta’s CEO, has been blunt about the stakes: the explosion of agentic AI represents the largest expansion of the identity attack surface since the move to cloud computing.

He’s not wrong.

Consider the math. A single enterprise might employ 50,000 people. Each person has, on average, access to dozens of applications, databases, and internal tools. That’s already millions of permission relationships to manage. Now add AI agents — not dozens, but potentially hundreds of thousands — each requiring its own identity, its own scope of access, its own audit trail. The combinatorial explosion is staggering. And it’s arriving at a moment when most companies are still struggling to manage the identities they already have.

The urgency is compounded by how AI agents actually work in practice. Unlike a human employee who logs in once and works within a predictable set of applications, an AI agent might authenticate across multiple systems in seconds, chain together API calls, delegate tasks to sub-agents it creates on the fly, and take actions that have real-world consequences — placing orders, modifying records, sending communications — all without a human in the loop. The traditional model of identity governance, built around the assumption that a person sits behind every action, simply doesn’t hold.

Okta’s response, as detailed by Fortune, involves extending its identity platform to treat AI agents as first-class entities — not bolted-on service accounts or shared credentials, but individually managed identities with lifecycle controls, least-privilege access policies, and continuous verification. The company has introduced what it calls “Agent Identity Management,” a framework that assigns each AI agent a unique, auditable identity tied to its creator, its purpose, and its permitted actions.

That sounds clean on paper. The reality is messier.

One of the thorniest issues is accountability. When an AI agent makes a mistake — sends the wrong data to a partner, executes an unauthorized transaction, or inadvertently exposes sensitive information — who is responsible? The developer who built the agent? The business unit that deployed it? The platform that hosted it? Current legal and compliance frameworks don’t have clear answers. And identity governance, while necessary, is only one layer of a much larger accountability stack that enterprises need to build.

Microsoft has been grappling with this too. The company’s Copilot agents, now embedded across its productivity suite, operate with delegated permissions from users — meaning the agent inherits the access rights of the person who invoked it. That’s a reasonable starting point, but it creates its own risks. If a senior executive’s Copilot agent is compromised, the attacker effectively gains that executive’s access to everything. Microsoft has responded by tightening its Entra ID policies around agent authentication and introducing more granular consent flows, but the fundamental tension remains: convenience versus control.

Google’s approach with its Agentspace platform, launched earlier this year, takes a slightly different tack. Rather than inheriting user permissions wholesale, Google’s agents operate within what the company calls “scoped trust boundaries” — predefined zones of access that limit what an agent can do regardless of who triggered it. It’s a more restrictive model, and some enterprise customers have pushed back, arguing it slows down the very automation they’re trying to achieve. But Google’s security team has held firm, betting that the downside risk of an uncontrolled agent far outweighs the productivity hit.

The startup world is moving fast here too. Companies like Astrix Security, Opal, and ConductorOne have all raised significant funding rounds in the past six months to address machine identity and agent governance specifically. Astrix, which focuses on non-human identity security, closed a $45 million Series B in early 2026, citing explosive demand from enterprises that suddenly realized their AI agent deployments had outpaced their security controls. The company’s pitch is straightforward: you can’t secure what you can’t see, and most organizations can’t see half the agents operating inside their networks.

That visibility problem is real. Shadow AI — agents deployed by individual employees or teams without IT oversight — has become the 2026 equivalent of shadow IT. Except it’s faster, harder to detect, and potentially more dangerous. A marketing team spins up an AI agent to automate campaign analysis. A finance analyst creates one to reconcile invoices. A sales rep builds one to draft and send follow-up emails. None of these agents go through a formal provisioning process. None have managed identities. And all of them are accessing corporate data.

The regulatory picture is tightening in response. The EU’s AI Act, which entered its enforcement phase in February 2026, includes specific provisions around AI system identification and traceability. Organizations deploying AI agents in the EU must be able to identify each agent, document its purpose, and demonstrate that appropriate access controls are in place. Non-compliance carries fines of up to 3% of global revenue. That’s gotten the attention of every multinational with European operations.

In the United States, the picture is more fragmented but moving in the same direction. The SEC has signaled interest in how AI agents operating in financial services are governed, particularly around trading and advisory functions. NIST’s updated AI Risk Management Framework, published in March 2026, explicitly addresses agentic AI identity as a core risk vector. And several state-level privacy laws now include provisions that apply to automated decision-making systems, which AI agents clearly qualify as.

So where does this leave the average enterprise CISO? Overwhelmed, mostly. The to-do list is daunting: inventory all AI agents currently operating, assign managed identities to each one, implement least-privilege access controls, establish audit trails, define accountability chains, and build monitoring systems that can detect anomalous agent behavior in real time. All while the business side of the organization is deploying new agents faster than security teams can assess them.

Okta’s bet is that identity will be the control plane for all of this — the single layer through which every agent action is authenticated, authorized, and audited. It’s an ambitious vision, and one that plays directly to the company’s strengths. But it also assumes that identity alone is sufficient to manage the risks of autonomous AI systems, and there are plenty of security researchers who argue it isn’t. Identity tells you who is acting. It doesn’t always tell you whether the action itself is appropriate, safe, or aligned with organizational intent.

That’s where the next wave of governance tools comes in. Companies like Anthropic and OpenAI have both published frameworks for agent alignment and constraint — mechanisms that operate at the model level to limit what an agent will do, regardless of what it’s permitted to do. The distinction matters. An agent might have the credentials to access a customer database and the technical ability to export its contents. Whether it should do so in a given context is a judgment call that identity management alone can’t make.

The convergence of identity governance, access management, behavioral monitoring, and AI alignment represents something genuinely new in enterprise security. Not a single product or platform, but an entirely new discipline that organizations will need to build competency in — and fast. The companies that figure this out first won’t just be more secure. They’ll be the ones that can actually deploy AI agents at scale without courting disaster.

And the window for figuring it out is closing. Every week, the ratio of non-human to human identities inside the average enterprise shifts further toward machines. Every week, new agent frameworks make it easier for anyone — not just developers — to create and deploy autonomous AI systems. Every week, the attack surface grows.

The identity crisis isn’t coming. It’s here. The only question is whether enterprises will govern their way through it or learn the hard way why they should have.

Subscribe for Updates

AgenticAI Newsletter

Explore how AI systems are moving beyond simple automation to proactively perceive, reason, and act to solve complex problems and drive real-world results.

By signing up for our newsletter you agree to receive content related to ientry.com / webpronews.com and our affiliate partners. For additional information refer to our terms of service.

Notice an error?

Help us improve our content by reporting any issues you find.

Get the WebProNews newsletter delivered to your inbox

Get the free daily newsletter read by decision makers

Subscribe
Advertise with Us

Ready to get started?

Get our media kit

Advertise with Us