AI agents don’t just need identities. They need accountability.
That distinction matters more than most enterprise security teams have fully reckoned with. The conversation I have most often with security and technology leaders right now is not about whether to deploy agentic AI. It is about what happens once those agents are operating across production systems, and no one can fully answer what they did, what they accessed, or why.
The identity problem is real and growing. The Sophos State of Identity Security 2026 report, based on responses from 5,000 IT and cybersecurity leaders, found that 71% of organizations experienced at least one identity-related breach in the past 12 months. Weak management of non-human identities was cited as a root cause in 41% of those breaches. And just one in three organizations regularly rotates or audits service accounts and non-human identities at all. Those numbers reflect the credential problem. They do not yet fully capture what agentic AI adds on top of it.
Why AI Agents Change the Identity Problem
Every AI agent spun up inside a production environment introduces a new identity: credentials to access systems, permissions to execute workflows, pathways through sensitive data. In many of the enterprise environments I work with, machine accounts already outnumber human accounts. Agentic AI is accelerating that gap at a rate most security architectures were not designed to absorb.
But the harder problem is not the volume of identities. It is what those identities do once they are operating.
A human user authenticates, takes an action, and leaves an audit trail. The behavior is intermittent, bounded, and readable by traditional security tooling. AI agents operate differently. They run continuously across multiple systems simultaneously. They retrieve context dynamically, make probabilistic decisions without explicit human instruction, and chain actions across workflows in ways that are difficult to reconstruct after the fact. Standard DLP, SIEM, and identity management tools were not designed to parse that kind of behavior in real time.
The result is a governance gap that sits below the application layer, at the infrastructure level, where most security controls were never designed to reach.
The Shift From Identity Governance to Action Governance
Knowing that an agent exists is not the same as knowing what it can do, what it has done, or whether those actions were within policy. Most enterprises that have deployed agentic AI can answer the first question. Far fewer can answer the second and third.
This is the accountability problem. And it requires a different frame than traditional identity governance.
Identity governance asks: who has access? Action governance asks: what did they do with it, can we verify it, and can we prove it to a regulator or an incident response team after the fact?
That shift is not incremental. It requires rethinking where governance lives in the stack and what it is designed to produce.
Why Governance Can’t Be Bolted On Later
After 30 years of building enterprise infrastructure, the pattern I have seen is consistent: governance that is bolted on after deployment is perpetually behind.
With traditional software, adding governance after the fact is inefficient but recoverable. With agentic AI, it is a different problem. Agents are already moving from pilots into production workflows. Once they are operating at scale across distributed systems, the ability to instrument them retroactively, to add visibility, auditability, and control after the fact, becomes exponentially harder. The surface is larger, the behavior is more complex, and the audit gaps compound with every workflow the agent runs.
The organizations that get this right are not retrofitting. They are designing governance in from the start. That means visibility at the infrastructure layer into how agents access compute, data, and systems. It means role-based controls that govern what agents are permitted to do, not just what they are permitted to access. It means audit trails that are continuous and tamper-resistant, built into the agent-to-infrastructure stack rather than dependent on what agents choose to report upward. And it means governance policies that produce evidence, not just documentation. Policies are not enough. Demonstrable, auditable proof of what happened is what regulators and boards are increasingly going to require.
What Security Leaders Should Do Now
The organizations getting ahead of this are auditing their current posture now, before scale makes the gaps harder to close. The questions worth asking immediately:
Do we have complete visibility into every non-human identity operating in our environment, including every AI agent in production? Can we reconstruct exactly what an agent did, what systems it accessed, and what data it touched during any given workflow? Are the controls governing agent behavior enforced at the infrastructure layer, or are they dependent on application-level reporting that agents themselves generate? And if we had to demonstrate compliance with an AI governance framework tomorrow, could we produce the evidence to do it?
These are not hypothetical questions. For organizations running agents in production today, they are operational requirements that most current security stacks were not built to answer.
The Accountability Standard Is Coming
The next phase of enterprise AI will not be defined by which organizations deploy agents fastest. It will be defined by which organizations can prove what those agents did, demonstrate that they operated within policy, and show the audit trail to back it up. Accountability and auditability are becoming the baseline for operating AI at enterprise scale. The organizations building that foundation now, before the regulatory and operational pressure intensifies, will be the ones that can keep scaling. The ones that wait will spend the next several years trying to retrofit governance onto systems that were never designed to support it.
Join our LinkedIn group Information Security Community!
