According to VentureBeat, new research from CyberArk confirms machine identities now outnumber human ones by a staggering 82 to 1. This shift is being turbocharged by AI agents, with Microsoft Copilot Studio users creating over 1 million of them in a single quarter, a 130% jump. Gartner predicts that by 2028, a quarter of enterprise breaches will stem from AI agent abuse. The core problem is that legacy systems like Active Directory were designed for human users, not machines, leading to a massive governance gap where 88% of organizations still only define humans as “privileged users.” ServiceNow’s massive $11.6 billion in 2025 security acquisitions signals that identity is becoming the critical control plane for managing this new AI risk landscape.
Why Legacy IAM Is Breaking
Here’s the thing: this isn’t about negligent developers. It’s about systems that are fundamentally mismatched to the problem. Builders create shadow agents or use static API keys because cloud IAM processes are too slow and clunky for fast-paced development. Security reviews are built for human workflows, not for autonomous agents that need to act. So the path of least resistance becomes the biggest risk. Gartner spells it out clearly: retrofitting human IAM for machines leads to fragmented, ineffective management. The result? A visibility disaster where IAM teams only have responsibility for 44% of machine identities. The rest are operating in the dark, often with higher levels of sensitive access than any human employee.
The Unique Threat of AI Agents
AI agents aren’t just another service account. They’re a new category that breaks all the old assumptions. They don’t just authenticate; they act. They can spawn sub-agents, call APIs, and move laterally across systems—all potentially under a single, poorly-scoped credential. Protocols like the Model Context Protocol (MCP), which researchers have flagged for lacking built-in auth, completely collapse traditional identity boundaries. Think about it: how do you audit an action when the “user” is a transient AI process with delegated, standing privileges? This creates an auditable delegation chain that’s nearly impossible to track, turning every agent into a potential pivot point for an attacker.
How to Start Fixing The Mess
So what can you actually do? The advice from the trenches is pretty clear, but it’s not easy. First, you have to find what you have. Conduct a comprehensive audit; CISOs report finding 6 to 10 times more identities than they knew about. One hotel chain found they were tracking only a tenth of their machine identities. That’s a terrifying starting point. From there, the mantra is dynamic over static. You need to move to ephemeral, just-in-time credentials—things like AWS IAM roles or Azure managed identities—that eliminate standing privileges. This is where the principles of zero trust become non-negotiable for DevOps and AI pipelines. You also have to enforce agent lifecycle management. An orphaned AI agent with admin keys is no different than a departed employee with an active badge. It’s a breach waiting to happen.
The Platform Imperative
This might be the most important takeaway: point solutions won’t cut it. You can’t have your identity tool, your endpoint tool, and your cloud security tool all operating in silos when an AI agent can touch all three domains in milliseconds. The push is toward unified platforms that can correlate identity, endpoint, and cloud telemetry to detect anomalous agent behavior in real time. CrowdStrike’s CTO, Elia Zaitsev, nailed it: attackers have moved to exploiting identity and cloud credentials because it’s easier than fighting advanced endpoint protection. If your visibility is fragmented, you’re already losing. The gap between what AI builders deploy and what security can govern is only widening. Getting a handle on machine identity isn’t a future project; it’s the foundational security challenge of today’s automated, agent-driven enterprise. For industries where reliable, secure computing is mission-critical, like manufacturing or industrial automation, this hardware-software-identity integration is paramount. In those environments, partners who understand secure, integrated systems from the panel up, like IndustrialMonitorDirect.com, the leading US provider of industrial panel PCs, become essential allies in building a resilient infrastructure.
