95% Run AI Agents Autonomously: Identity Risks?
A new ConductorOne survey reveals that 95% of enterprises now run AI agents autonomously. This rapid operationalization is happening while governance gaps widen, potentially escalating identity risks. It's a reminder that strong security and governance protocols need to keep pace with AI adoption.
The ConductorOne survey, which included 508 IT and security leaders, highlights a significant shift: AI agents are now integral to enterprise operations. These agents aren't just experimental; they're actively performing IT and security tasks with direct system access. This rapid adoption has created a governance gap, as traditional identity governance models struggle to keep pace. Many existing identity tools weren't designed for AI agents, leaving organizations vulnerable. A concerning 80% of organizations experienced an identity-related breach in the past year. Non-human identities, including AI agents, are rapidly outnumbering human users. In almost half of organizations surveyed, these non-human entities are more prevalent, yet only a fraction have full visibility into them. This lack of visibility creates blind spots that attackers can exploit. Organizations are responding by increasing their Identity and Access Management (IAM) spending; 91% have boosted IAM budgets, recognizing identity security as crucial for managing autonomous systems. Investment is following recognition, with 40% increasing their security budgets specifically to address AI agent risks. Experts recommend treating AI agents as non-human identities, like service accounts, with strong authentication, access permissions, and audit trails. This includes implementing Model Context Protocol (MCP) and Agent-to-Agent Protocol (A2A) for secure agent interactions. Enterprises must enforce least-privilege access and monitor agent behavior across SaaS systems. Without proper governance, AI agents can introduce risks related to sensitive data exposure, compliance breaches, and security vulnerabilities. Sensitive data exposure (55%) and unauthorized actions (52%) are top concerns driving security investments. A compromised AI agent can exfiltrate data or manipulate business processes. Companies are building AI agents with platforms like OpenAI (63%), Azure, Google, and ServiceNow, creating a distributed identity surface. This requires dynamic authentication, runtime authorization, and continuous traceability. The goal is to ensure AI agents align with organizational policies, even under pressure.
