Insights

AI Agents Are Becoming an Identity Problem

A same-day ISMG interview on AI agent sprawl gives owners a practical approval question: every agent needs an identity, owner, permission boundary, audit trail, and shutdown path before it starts acting inside business systems.

Editorial image about AI agent identity management, permissions, audit logs, and business workflow approval.

GovInfoSecurity published a July 3 interview with Entrust CIO Rishi Kaushal about a problem many businesses are about to meet in a very ordinary way: AI agents are becoming identities. They are not just chat windows anymore. They can access systems, read data, execute workflows, trigger actions, and make decisions that look a lot like work performed by a person.

That changes the approval conversation for business owners. If an AI agent can touch customer records, tickets, invoices, files, calendars, code, or internal applications, the owner needs to know how that agent is identified, what it is allowed to do, who owns it, and how its activity is reviewed. Otherwise the business may be adding a new worker to the system without an employee file, a manager, or a badge.

The Risk Is Agent Sprawl

Agent sprawl happens when teams create assistants, workflow agents, automations, connectors, and AI-enabled tools faster than anyone can track them. One department may test a customer-service assistant. Another may connect an AI tool to documents. A manager may approve an automation that moves data between apps. A vendor may add an AI feature to software the business already uses.

Individually, each step can look useful. Together, they can create a messy identity problem. Some agents may run under shared accounts. Some may inherit a user's broad permissions. Some may connect to SaaS tools through OAuth apps or API keys that are not reviewed. Some may continue running after the project owner leaves or the business need disappears.

Microsoft's June security update is one signal that this issue is moving from theory into operations. Microsoft said Defender can now discover more than 25 types of local AI agents and Model Context Protocol servers across managed Windows and macOS devices. That kind of visibility matters because owners cannot govern agents they cannot see.

The Business Decision Is Permission

The practical decision is not whether AI agents are good or bad. The better question is whether the business is ready to grant them access. An agent that summarizes a public policy document is different from one that can open finance files, update a CRM record, send customer messages, change code, or move data between systems.

Owners should treat that difference as an approval gate. Before an AI agent is allowed to act inside business systems, someone should define its purpose, data access, permissions, owner, logs, review schedule, and shutdown process. If those details are unclear, the agent is not ready for production use.

This is especially important for small and midsize organizations because the same person often wears several hats. A business may not have a dedicated identity-governance team. That makes simple rules more important, not less. A short agent inventory and approval checklist can prevent a helpful experiment from becoming an invisible permission problem.

Questions Owners Should Ask

  • Which AI agents, assistants, automations, or MCP-connected tools are already in use?
  • Does each agent have a unique identity, or is it borrowing a human user's account?
  • What systems, folders, mailboxes, databases, tickets, or SaaS apps can each agent access?
  • Who is the business owner responsible for approving and reviewing each agent?
  • Are permissions limited to the agent's actual job, or did it inherit broad access?
  • Can the IT provider or internal team show audit logs of what the agent did?
  • How often are agent permissions reviewed?
  • What is the kill switch if an agent behaves incorrectly, is no longer needed, or is connected to the wrong data?

These questions are not meant to slow down useful automation. They are meant to make sure automation has the same accountability owners would expect from any other system with access to business data.

A Practical Next Step

Owners should ask for a current AI agent inventory before approving more AI-connected workflows. The inventory does not need to be complicated. It should list the agent name, tool or platform, business purpose, system access, data access, owner, authentication method, last review date, and shutdown procedure.

For new requests, make the approval rule simple: no agent gets production access until its identity, permissions, logs, owner, and off switch are documented. If a vendor or IT provider says an AI feature is safe, ask how the agent is authenticated, what it can reach, and where activity is recorded.

AI can make routine work faster, but speed without identity control creates a blind spot. The agent may be digital, but the accountability still belongs to the business.

Sources and further reading

  1. AI Agents Are Creating a New Identity Security Problem
  2. What's new in Microsoft Security: June 2026
  3. Agentic AI - Threats and Mitigations
  4. Artificial Intelligence Risk Management Framework
Was this article useful?
0 net
Follow Tekmyster insights: RSS

Ready for better technical decisions?

Get senior technical judgment before the next move.

Use Tekmyster when you need senior technical judgment before making a larger IT decision, granting vendor access, replacing infrastructure, buying security tools, or continuing with temporary fixes.