As companies are evolving their use of artificial intelligence, a hidden governance crisis takes place – a few security programs is ready to face: the rise of IA agents without sale.
These agents are not speculative. They are already integrated through corporate ecosystems – temporarily access, execute rights, launch workflows and even make commercial decisions. They work behind the scenes of ticketing systems, orchestration tools, SaaS platforms and safety operations. And yet, many organizations have no clear answer to the most fundamental governance questions: to whom does this agent belong? What systems can they touch? What decisions are they? What access did he have accumulated?
It is the dead angle. In identity security, what no one has becomes the greatest risk.
From static scripts to adaptive agents
Historically, non -human identities – such as service accounts, scripts and robots – were static and predictable. They were attributed to narrow roles and to closely carried access, which makes them relatively easy to manage with inherited orders such as the rotation of identification information and the vault.
But the agent Ai has a different identity class. These are adaptive and persistent digital actors who learn, reason and act independently between the systems. They behave more like employees than machines – to interpret data, to initiate actions and to evolve over time.
Despite this change, many organizations are still trying to govern these IA identities With obsolete models. This approach is insufficient. AI agents do not follow static manuals. They adapt, recombine the capacities and extend the limits of their design. This fluidity requires a new paradigm of governance of identity – rooted in responsibility, monitoring of behavior and monitoring of the life cycle.
Property is the control that operates other checks
In most identity programs, property is treated as administrative metadata – a formality. But with regard to AI agents, property is not optional. It is fundamental control that allows responsibility and security.
Without clearly defined property, critical functions decompose. The rights are not examined. The behavior is not monitored. The limits of the life cycle are ignored. And in the event of an incident, no one is responsible. The security checks that seem robust on paper become without meaning in practice if no one is responsible for the actions of identity.
The property must be operationalized. This means attributing a human steward appointed for each IA identity – someone who understands the goal, access, behavior and impact of the agent. The property is the bridge between automation and responsibility.
The risk of real world ambiguity
The risks are not abstract. We have already seen examples of the real world where AI agents are deployed in customer support environments have presented unexpected behaviors – generating hallucinated responses, increasing trivial problems or taking out a language incompatible with brand guidelines. In these cases, the systems worked as planned; The problem was interpretative, not technical.
The most dangerous aspect of these scenarios is the lack of clear responsibility. When no individual is responsible for the decisions of an AI agent, organizations are not exposed – not only at the operational risk, but with the consequences of reputation and regulatory.
This is not a problem of Iat Voyou. It is a problem of not demanded identity.
The illusion of shared responsibility
Many companies operate by assuming that ownership of AI can be managed at the team level – Devops will manage service accounts, engineering will oversee integrations and infrastructure will be the owner of the deployment.
AI agents do not remain confined to a single team. They are created by developers, deployed via SaaS platforms, act on HR and security data and have an impact on workflows through commercial units. This interfunctional presence creates a diffusion – and in governance, the diffusion leads to a failure.
The shared property is too often reflected in any property. AI agents require explicit responsibility. Someone must be appointed and responsible – not as technical contact, but as owner of the operational control.
Silent privilege, accumulated risk
AI agents pose a unique challenge because their risk footprint is quietly developing over time. They are often launched with narrow glasses – perhaps manage the supply of accounts or summarize support tickets – but their access tends to grow. Additional integrations, new training data, wider objectives … and no one stops to reassess whether this expansion is justified or monitored.
This silent drift is dangerous. AI agents do not only contain privileges – they exercise them. And when decisions of access are made by systems that no one examines it, the probability of disparagration or abusive use increases considerably.
This is equivalent to hiring an entrepreneur, giving them wide access to the building and never performing a performance review. Over time, this entrepreneur could start changing business policies or affecting systems to which they have never been supposed to access. The difference is: human employees have managers. Most AI agents do not do so.
Regulatory expectations are evolving
What started as a safety lake quickly becomes a compliance problem. The regulatory managers – of the EU AI Act to local laws governing automated decision -making – begin to demand traceability, explanation and human surveillance for AI systems.
These expectations directly correspond to the property. Companies must be able to demonstrate who has approved the deployment of an agent, who manages his behavior and who is responsible in the event of damage or abusive use. Without owner named, the company may not deal with operational exposure – it can be negligent.
A responsible governance model
The regulation of AI agents effectively means integrating them into existing identity management and access frameworks with the same rigor applied to privileged users. This includes:
- Assign an individual named to each IA identity
- Monitoring behavior of drift signs, climbing of privileges or abnormal actions
- Apply life cycle policies with expiration dates, periodic examinations and deprovisation triggers
- Validate the ownership of the control doors, such as integration, change of policy or access modification
It is not only the best practice – this is necessary. The property must be treated as a live control surface, not a check box.
Have it before it has you
AI agents are already there. They are integrated into your work flows, analyzing the data, making decisions and acting with increasing autonomy. The question is no longer whether you use AI agents. You are. The question is whether your governance model caught them.
The way to follow begins with the property. Without this, all other controls become cosmetics. With him, the organizations obtain the basics they need to evolve the AI safely, safely and aligned with their risk tolerance.
If we do not have the identities of AI acting in our name, we have indeed rendered control. In cybersecurity, control is everything.
Rosario Mastrogiaomo is the director of SPHERE strategy. With a vast experience in identity security, privileged access management and identity governance, its role is to develop strategies and guide businesses towards robust cybersecurity postures.
He specializes in identity hygiene, taking advantage of AI -centered technologies to automate and secure large -scale identities. His professional career included management positions in eminent financial institutions, such as Barclays, Lehman Brothers and Neuberger Berman, where he has perfected his skills in complex and highly regulated environments.
