A global survey of 285 IT and cybersecurity professionals finds that while 58% estimate their organization has already deployed somewhere between one to 100 artificial intelligence (AI) agents, only 21% maintain an inventory or registry of active AI agents that enables them to monitor actions performed in real time back to the original source compared to 31% that can trace actions back to an AI agent after an action has been taken.
Conducted by the Cloud Security Alliance (CSA) on behalf of Strata Identity, a provider of an identity orchestration platform, the survey also finds another 32% expect to have an ability to track AI agent activity within the next 12 months.
By then, a full 70% of organizations expect to be managing anywhere from dozens to hundreds of AI agents, the survey finds.
However, while respondents said they are able to identify AI agents that have performed a task, only 28% said they can reliably trace AI agents to an initiating system or human across all environments, versus 46% that said they can in some environments.
Specific identity challenges that have been encountered include ownership and accountability gaps (43%), an inability to discover/register agents in real-time (40%), policy inconsistencies across environments (39%), no visibility into AI agent activity (39%), over-privileged access (38%), lifecycle management issues (37%) and lack of integration with identity providers across environments (36%).
Additionally, well under half of respondents said they have end-to-end session tracing (45%) or context-aware audit logging tools (43%), the survey finds.
Hillary Baron, assistant vice president of research for the CSA, said it’s clear that most organizations lack a formal governance strategy for AI agents, which results in most of the AI agents that are deployed being over permissioned. In fact, only 23% of respondents said their organization has a formal, organization-wide strategy for governing AI agents. Additionally, only 18% of respondents say they are “highly confident” their current identity and access management (IAM) system’s ability to manage agent identities effectively, compared to those that are moderately (35%) or slightly (29%) confident. Another 18% said they have no or uncertain confidence.
One of the root causes of that lack of confidence is that in many cases AI agents are inheriting permissions that have been assigned to specific end users, noted Baron. Unlike a human, however, an AI agent is going to simply access any and all available data regardless of how sensitive it is.
The top identity management challenge encountered so far has been accessing or modifying sensitive data (69%), followed by initiating system changes such as code deployments (68%) and approving financial transactions (62%). The top two concerns are sensitive data exposure or leakage (55%), followed closely by unauthorized or unintended actions (52%), the survey finds.
Mark Callahan, senior director of product marketing for Strata Identity, said most organizations will soon find that, as a result of those concerns, they will need to make sure there are zero standing permissions assigned to AI agents. A total of 40% of respondents reported that they are increasing their overall identity and security budgets to accommodate AI agents, with 34% allocating a dedicated budget line and another 22% reallocating funds from other security areas, the survey finds.
Overall, the survey finds AI agents are being deployed most often on public clouds (66%), followed by on-premises IT environments (37%) and private clouds (36%). A total of 38% are deploying them across hybrid IT environments. The most widely used platforms are OpenAI (63%), Azure AI Agent Foundry (58%), Google Vertex Agents (38%), ServiceNow (31%) and Anthropic Claude (23%).
Well over two thirds of respondents said having a human in the loop for those workflows is either essential (20%) or very important (48%), the survey finds.
In all probability, the number of cybersecurity incidents involving AI agents is only going to increase in the weeks and months ahead. The challenge and the opportunity now is to determine how best to minimize the number of those incidents before internal IT and cybersecurity teams become overwhelmed.
