AI agents are becoming a new identity problem for enterprise security teams
AI agents are expanding the attack surface
For years, security teams have operated on a simple assumption: if they control identities, they can control risk. Employees authenticate through identity providers. Service accounts connect systems. API keys let workloads talk to cloud services and databases.
That model is now under strain as AI agents move from productivity helpers to actors with access to core business systems. What began as tools that summarize meetings, draft emails and help workers find information is increasingly tied to Salesforce, Snowflake, GitHub, Jira, production databases and cloud environments.
Once connected, these agents can retrieve information, trigger workflows, update records, write and deploy code, and take actions across multiple systems. Sometimes they act on behalf of a human. Sometimes they act autonomously. Sometimes, organizations may not be able to tell which.
A new identity layer with little oversight
The security challenge is not just what AI models can say, but what the agents can reach. In enterprise settings, they are effectively becoming identities — and most organizations do not have security and governance models built for them.
The pattern, according to the research, is familiar: a new identity layer gets built on top of existing infrastructure with few of the controls identity teams have spent years putting in place. An agent may be created by one team, used by another, connected to several applications and running on credentials originally provisioned for a different purpose.
Because teams often want these systems to work quickly, broad access can be granted early. The result is a sprawl of high-privilege, low-visibility actors that security teams may not even be able to inventory, much less govern.
Survey shows widespread blind spots
Protect your privacy with Doppler VPN
3-day free trial. No registration. No logs.
A 2026 CSA survey commissioned by Token Security found that 82% of organizations discovered at least one AI agent created without the knowledge of security, IT or governance teams in the past year. Forty-one percent said it happened multiple times.
That finding underscores how quickly agentic systems can outpace traditional IAM controls. AI agents can create, use and rotate identities at machine speed, leaving conventional identity and access management programs struggling to keep up.
The result is a shift in the security conversation. While much of the attention on AI has focused on model risks such as prompt injection, jailbreaks and unsafe outputs, the more immediate enterprise question may be simpler: what can the agent actually access?
Sources:
Read more tech news on the Doppler VPN Blog.