AI agents are increasingly integral to organizational production environments, yet the identity infrastructure managing their access remains inconsistent. A Cloud Security Alliance survey of 228 IT professionals reveals that 85% of organizations employ AI agents, with task automation leading at 67%. However, fragmented ownership complicates authentication and access; 52% of organizations use application identities for agents, while others rely on generic accounts or human identities. Consequently, distinguishing AI actions from human ones is challenging. Responsibility for AI access management is dispersed across security, development, and engineering teams, lacking centralized ownership. Moreover, 57% are moderately confident about AI access appropriateness, yet many face gaps in credential management and monitoring practices. Most AI agents inherit permissions, often receiving excessive access. Organizations rely on policy-based controls and human reviews rather than real-time validations. A critical need for real-time visibility and identity separation is highlighted, as managing AI agent permissions and access grows increasingly complex.
Source link
