A few years ago, security teams worked to put walls, locks and processes around human and service identities. Today, this model begins to show fissures: a new kind of identity - the self-contained agents of IA - is rapidly deploying through business environments and does not fit well in traditional governance tools.
We're not just talking about test chatbots.. We talk about custom copilots, custom-made GPTs integrated into critical flows, code agents that raise local servers and "bots" designed to run tasks and make decisions without direct human supervision. They are in production, interact with sensitive systems and can invoke other actors in action chains. And they do it at a speed and with a persistence that exceeds any human rhythm.
The problem is that, in most organizations, these agents exist outside the existing identity checks. Platforms such as IAM, PAM or IGA were born to two very different worlds: human users, with regular roles and reviews, and deterministic workloads that perform repetitive tasks. The IA agents are neither the one nor the other: they are hybrid, adaptive, objective-oriented and capable of changing behavior according to context. That mixture alters the risk profile of the root.
When you treat an autonomous agent like a conventional non-human account, blind spots appear.. We end up overdimensioning permissions for operational security, losing traceability on who is responsible, and letting the agent's behavior evolve outside the original purpose. These conditions, which have already led to past identity-related incidents, are now amplified by the autonomy and scale of these systems.
To understand why another look is needed, it is necessary to take back principles that are now tensioned by the agents: continuous discovery, clear property, minimum dynamic privileges and traceability with identity context. Concepts like Zero Trust and risk management of IA already place identity at the centre of defense. The NIST Zero Trust frame and AI Risk Management Framework are useful references to understand why an identity that cannot be seen cannot be ruled.
Visibility: the first step against "A in the shadow". Many agents do not even go through formal supply processes: they appear in clouds, SaaS, development environments and local machines. This silent proliferation generates what some call "shadow AI," a risk documented by experts who already alert about the dangers of tools put in place by employees outside of IT control. Without continuous and behavioural-based discovery, spot inventories or quarterly reviews become obsolete when new agents sprout and disappear within minutes.
Lack of visibility has practical consequences: persistent access with unmanaged credentials, excessive permissions and entry points that an attacker can exploit with less effort than seeking software vulnerabilities. Reports of security gaps repeatedly show that abuse of credentials is one of the simplest ways for an attacker, so reducing that area is urgent (see sectoral analyses such as those of the Verizon DBIR).
Property and liability: avoid orphan accounts. Orphan accounts have always been a headache; with agents they multiply. A team creates an agent for a test or project, the author changes his role or leaves the company, and the agent remains active with valid credentials and unchanged permits. Without a process that assigns and maintains responsibility, such identities can automatically become committed identities.
This is why life cycle governance must impose explicit ownership and maintenance processes: labelling, operational manager, automatic reviews and removal or revocation when the agent's utility ends. It is not a bureaucratic issue, it is a measure to block attack vectors before they become incidents.
Principle of less privilege, but dynamic. A common pattern is to grant extensive permits to agents not to "break" adaptive behaviors. This shortcut becomes dangerous: an oversized agent can move through systems at an unattainable speed for a human, becoming a pivot for large-scale side movements. The guidelines of good practice of cloud and security suppliers recommend the principle of less privilege; in the world of agents this principle must be dynamic: temporary permits, concessions for purpose and automatic cancellations on unused permits (see, for example, AWS best practices).
Implementing it requires three things: controls that can emit ephemeral credentials at high speed; telemetry that allows to distinguish actually used permits; and automation that adjusts privileges according to observed behavior. Without these elements, the least privilege is left in a policy phrase and not in effective control.
Tracability with identity context: the basis of trust and compliance. In multiagent architectures, a simple record of events is not enough. The actions are chained between APIs, platforms and agents, and without identity correlation it is impossible to reconstruct a sequence rigorously to forestall an incident or produce evidence for auditors. In addition, emerging regulators and standards - such as European IA initiatives - increasingly require the ability to explain automated decisions and the processing of personal data. The lack of identity-focused records makes it very costly to meet these obligations (see the progress of the European legislation on IA).
It is therefore critical to link logs, actions and decision-making to the identity context of the agent: who created it, with which permits it operated at the time, what data it touched and what other agents invoked. Many logmanagement and audit guides (e.g., NIST document on record management) emphasize the quality and correlation of information for effective research.
What to do in practice? It is not a question of stopping adoption: the aim is to apply identity principles, but adapted to self-employed actors. This involves designing a specific life cycle for agent identities: continuous detection, automatic registration at birth, assignment of an owner, granting of temporary permits by purpose, real-time monitoring, and deactivation or recycling when the agent is no longer useful.
Technology should help to scale these tasks. Tools that automate the supply of ephemeral credentials, detect abnormal identity behavior and correlate telemetry between domains accelerate governance without interrupting innovation. At the same time, internal policies that require minimum documentation to create regular automatic agents and reviews reduce the "power" of the shadow.
Identity as a control plan. As the IA agents are incorporated up to date in companies, identity management is no longer a mere access mechanism and becomes the security control plan of the IA. Managing the identities of agents on a continuous basis makes it possible to recover visibility, hold teams responsible, avoid excessive privileges and generate understandable evidence for audits and regulators.
If it sounds like an arduous task, it is, but it is also inescapable: ignoring this change is accepting that parts of the most critical infrastructure are off the radar. For CISUS and security teams, the priority today should be to define and implement a life cycle of identities for agents that combine active discovery, dynamic policies of privileges and traceability with context. This combination will allow the accelerated adoption of agents to not end up becoming the risk accelerator that many fear.
For those who want to deepen frameworks and public guides that help structure this work, documents and resources such as the Zero Trust framework of the NIST SP 800-207, NIST RMF, the best practice guides of cloud suppliers on IAM and the literature on record management of the NIST SP 800-92. Also useful are the analyses that warn about the proliferation of "Shadow AI" and its risks in corporate environments ( Harvard Business Review).
The adoption of IA agents is unstoppable. The good news is that identity - well rethought and automated - offers a practical way to maintain control and governance without stopping innovation. Turning agents into first-class identities, managed continuously and with clear responsibility, is the safe bet for the IA to work for the company and not against it.
18-year-old Ukrainian youth leads a network of infostealers that violated 28,000 accounts and left $250,000 in losses
The Ukrainian authorities, in coordination with US agents. They have focused on an operation of infostealer which, according to the Ukrainian Cyber Police, was allegedly adminis...
RAMPART and Clarity redefine the safety of IA agents with reproducible testing and governance from the start
Microsoft has presented two open source tools, RAMPART and Clarity, aimed at changing the way the safety of IA agents is tested: one that automates and standardizes technical te...
The digital signature is in check: Microsoft dismands a service that turned malware into apparently legitimate software
Microsoft announced the disarticulation of a "malware-signing-as-a-service" operation that exploited its device signature system to convert malicious code into seemingly legitim...
A single GitHub workflow token opened the door to the software supply chain
A single GitHub workflow token failed in the rotation and opened the door. This is the central conclusion of the incident in Grafana Labs following the recent wave of malicious ...
WebWorm 2025: the malware that is hidden in Discord and Microsoft Graphh to evade detection
The latest observations by cyber security researchers point to a change in worrying tactics of an actor linked to China known as WebWorm: in 2025 it has incorporated back doors ...
Identity is no longer enough: continuous verification of the device for real-time security
Identity remains the backbone of many security architectures, but today that column is cracking under new pressures: advanced phishing, real-time proxyan authentication kits and...
The dark matter of identity is changing the rules of corporate security
The Identity Gap: Snapshot 2026 report published by Orchid Security puts numbers to a dangerous trend: the "dark matter" of identity - accounts and credentials that are neither ...