The governance framework that management has built over decades was designed for people. AI agents are not humans. The gap between these two facts is where enterprise risk is currently accumulating most rapidly.
Over the past year, organizations have been forced to confront the fact that AI is being deployed faster than they can manage. As the use of shadow AI expands, gaps regarding who or what is allowed to do are becoming apparent. Our latest research shows that 91% of organizations are already using AI agents, but only 10% have a clear strategy for managing them.
AI agents become operators, acting on their own without the need for a human manager to lead them.
These autonomous digital actors can analyze data, initiate workflows, and act within the enterprise. But while gains in speed, scale, and productivity are easy to see, the shift in power is less obvious.
The real threat to AI adoption in enterprises is not how intelligent the agents are, but rather how much power management delegates to them. It’s about decision-making, and what happens when authority is delegated to a system that an organization doesn’t fully understand, let alone control.
After all, the risk is not that the AI agent will act maliciously. Instead, systems that are not designed with non-human identities in mind will behave as configured.
For years, companies have built their security models around human employees. Employees are hired, qualified, monitored, and ultimately fired upon retirement. Identity management makes this possible. This is how organizations see who their employees are, what they can connect with, and what they are authorized to do.
AI agents break that model. No more logging in at 9am and logging out at 5pm. Works continuously across multiple systems and cloud environments. Capture sensitive data, trigger financial processes, and make customer-facing decisions in seconds.
However, enterprises still treat agents as background software rather than actual, authorized operational entities.
A recent study by Gravitee, an API management platform, found that only 22% of organizations treat AI agents as separate identities, and nearly 90% of companies have reported a suspected or confirmed security incident involving an AI agent.
Let’s consider a common scenario. Companies have deployed in-house AI agents to streamline workforce management. Employees ask agents to submit time off, update pay stubs, and notify managers. Agents automatically connect to HR systems, financial platforms, and collaboration tools to complete requests.
Think about the number of systems an agent needs to access to complete a request. What permissions do they have? Which access points are in use or might be left open? What if something goes wrong?
The efficiency gains are real. But unless each step is governed by clear identity management, businesses may not know exactly what authority is being delegated or how to intervene if a problem arises.
This is why the identity gap is not just a technical problem, but a leadership problem.
Traditional access models assume relatively stable roles and predictable human behavior. AI agents operate through dynamic tasks and delegated authority. You may need temporary and very specific permissions to perform a single action and immediately move on to the next workflow.
Without the ability to continually validate and approve each step, organizations risk increasing the number of non-human attackers with widespread and persistent access to critical systems, often intentionally unauthorized.
We are already seeing this unfold as organizations begin to push AI-generated code and automated actions into real-world environments, often faster than governance models can keep up. Recent incidents like the McDonald’s chatbot breach where weak controls exposed millions of applicant records and Replit’s AI coding agent deleted a live production database show how quickly these gaps can turn into real-world disasters.
AI agents configured to optimize supply chain decisions could trigger large-scale purchasing deals. Customer service agents can potentially reveal sensitive account information. Financial reporting agents may distribute confidential information from multiple sources to a wide range of people.
All of these cases stem from poor governance of autonomy.
Regulatory authorities are also beginning to take action. In some markets, such as Singapore and Australia, policymakers are emphasizing that organizations are responsible for their automated systems.
This poses a compliance challenge for business leaders. How do you prove which system initiated the decision? How do you prove that access was appropriate at the time the action was taken? How do you suspend or revoke privileges if an agent behaves unexpectedly?
To protect AI agents, organizations must be able to answer three fundamental questions: Where are agents located? What can they connect to? What are they allowed to do?
Fortunately, companies don’t have to reinvent the wheel. They already have the practices needed to manage AI agents. Executives simply need to treat AI agents in much the same way they treat human employees.
In practice, this means applying established employee security disciplines to new operational situations. Organizations need agent lifecycle management. The scope and duration of authority should be defined, activity should be continuously monitored, and high-risk actions should require step-up approval. Agents should operate with just-in-time credentials tied to specific tasks rather than broad, long-lived access.
Organizations that succeed with AI implementation are not those that deploy the most AI or the most intelligent AI. They will be the ones implementing it, making it clear that they have the authority to act and a reliable way to prove it. In doing so, you can transform AI from an experiment (or risk) to a true asset.
The opinions expressed in Fortune.com commentary articles are solely those of the author and do not necessarily reflect the author’s opinions or beliefs. luck.
