May 28, 2026
Posted by Shelley Leveson
The security conversation around AI agents often focuses on what the models can do. Far less attention has been paid to how those agents are being connected to enterprise systems, what they can access once deployed, and whether organizations can actually govern that access over time.
Earlier this year, Vercel disclosed a breach tied to a compromised third-party AI vendor and an over-permissioned OAuth grant. An employee adopted an AI tool. That vendor was later compromised by an infostealer. The result was a trusted OAuth token becoming a path into internal systems and customer environments.
The incident highlights a growing reality: AI agents are increasingly being granted legitimate access to sensitive infrastructure with limited visibility into how that access is used once deployed.
To better understand how organizations are managing this shift, Akeyless, together with MRA Research, conducted a global survey of 400 IT and security leaders for the 2026 State of AI Agent Identity Security report. The findings point to a rapidly expanding identity surface area and mounting pressure on identity systems originally designed for human users and static workloads.
AI Agents Have Already Moved Into Core Business Systems
AI agents are no longer isolated experiments or limited pilot projects. They are increasingly being embedded into operational workflows, enterprise applications, and production environments.
According to the research, 94% of organizations report some level of AI agent use today, with more than half saying they are deployed broadly across multiple parts of the business. What’s concerning is that more than eight in ten organizations also say their AI agents can access sensitive data.
AI agents are not simply generating content or summarizing information. Many directly interact with systems, APIs, cloud infrastructure, internal tools, and business-critical data.
At the same time, adoption is accelerating quickly. Organizations expect AI agent usage to increase another 44% over the next 12 months.
This creates a different kind of identity challenge than most organizations are used to managing. Traditional IAM systems were designed around human users operating within defined sessions and predictable access patterns. AI agents operate continuously across systems and increasingly trigger actions without direct human involvement.
AI Agents Run on Persistent Access
As AI agents become more deeply integrated, many organizations are still relying on identity patterns built around static, long-lived access.
The research found that organizations commonly use persistent credentials such as API keys, static secrets, OAuth tokens, and service accounts to connect AI agents to systems and data. In fact, every organization surveyed reported using some form of persistent credential within their AI agent environments, while only 45% use short-lived credentials at all.
These approaches are familiar and easy to implement, but they also create access paths that can persist long after they are needed. API keys and secrets are frequently stored in code, workflows, configuration files, and automation pipelines, making them difficult to inventory and easy to unintentionally expose.
Visibility and Governance Are Breaking Down
AI agents do not simply authenticate once and perform a narrow task. They often operate continuously across systems, chaining together actions and accessing data dynamically as workflows evolve. Many organizations struggle to maintain visibility into how these systems are being connected, authenticated, and governed over time.
Only 44% of organizations say they know where all the credentials or secrets used by AI agents are stored. At the same time, many of those credentials are being embedded directly into application code, workflows, and configuration files, creating access paths that can become difficult to track or standardize across environments.
The research also points to growing operational pressure around AI deployment. More than 80% of organizations say developers bypass IAM controls, with half admitting this happens on a regular basis.
This creates a compounding problem for security teams. As AI agents proliferate, visibility gaps and fragmented governance make identity control increasingly difficult to maintain.
The Consequences Are Already Showing
Organizations are already seeing signs of over-permissioned access, credential leakage, and AI-driven activity extending beyond intended boundaries. More than two-thirds suspect AI agents have accessed data beyond their intended scope. More than six in ten have already had to revoke or rotate AI agent credentials due to suspected exposure.
At the same time, only 7% believe their existing controls could prevent a compromised AI agent from operating maliciously or outside intended behavior.
Part of the challenge is the speed mismatch between AI systems and security operations. AI agents can interact with systems, APIs, and workflows continuously and at machine speed, while many organizations still rely on human-driven response processes.
Organizations estimate it takes an average of 14 hours to detect a compromised AI agent, followed by nearly a week to contain and remediate the incident. The operational impact is significant. Organizations report spending more than $1 million on average over the past year responding to AI agent identity and credential-related issues.
Existing IAM Models Are Structurally Misaligned
Traditional IAM assumes human users, defined sessions, and relatively predictable access patterns. AI agents behave differently. They act autonomously, chain actions across systems, and often operate through delegated credentials, service accounts, OAuth tokens, or workload identities.
That mismatch is now being recognized more broadly. The OWASP Top 10 for Agentic Applications identifies identity and privilege abuse as a core agentic risk, noting that agents can inherit permissions, misuse delegated credentials, or execute unauthorized actions when identity boundaries are weak.
The survey data reflects the same pressure. Fewer than half of organizations are fully confident their IAM systems can securely manage AI agents and workload identities. Many are also managing agent access across a patchwork of cloud-native identity services, IAM platforms, PAM tools, secrets managers, custom mechanisms, and manual processes.
High-profile breaches have exposed how difficult these identity ecosystems can be to govern in practice. In the 2024 Cloudflare breach tied to stolen Okta tokens, several exposed service credentials were inadvertently missed during rotation efforts and later used by attackers to access internal systems.
Identity Security Is Becoming a Critical AI Control Layer
Identity security is increasingly becoming the control layer governing what AI agents can access, how broadly permissions extend, and how quickly misuse can spread.
The research points toward a growing need for more dynamic approaches centered around continuous visibility, ephemeral credentials, runtime enforcement, and real-time policy controls.
Nearly all organizations surveyed say they plan to strengthen AI agent security over the next 12 months, signaling that many recognize the gap between how AI systems operate and how identity is currently being governed.
Get the Full Report
Download the full 2026 State of AI Agent Identity Security report to explore the research in detail, including the operational risks organizations are already encountering and the identity security strategies emerging in response.
How Akeyless Helps
Akeyless provides a unified runtime identity security platform for AI agents, machines, and human access. The platform combines dynamic credentials, continuous visibility, and runtime enforcement to help organizations reduce persistent exposure, govern AI agent access in real time, and enforce policy as actions occur across systems and workflows.Wondering what AI agent runtime security looks like in practice and how it could help your organization? Request a demo with the Akeyless team.
