Vendors are positioning for a world where AI agents operate across the enterprise, making decisions, accessing systems, and executing workflows with minimal human involvement. Orchestration layers, policy-driven architectures, and agentic control planes are taking shape.
Yet most organizations have not answered a more basic question: Where are my agents?
That question surfaced repeatedly in recent discussions with Okta around its Okta for AI Agents offering and expanding Identity Security Posture Management (ISPM) strategy. Enterprises are moving quickly to adopt AI, but most still lack visibility into what agents exist in their environments, who created them, and what those agents can access.
This explains why identity is emerging as one of the foundational control layers of the AI era. Before enterprises can govern AI agents, they must first find them.
The Scale of the Problem Is Not Theoretical
The urgency becomes clear when you look at the numbers. Research cited by Okta and originally published by Anthropic suggests that a typical environment with five MCP servers, 58 tools, 10,000 users, and thousands of agents could generate more than 5.8 billion access decisions per day. The vast majority of those decisions are ungoverned if identity security controls are not in place.
Okta’s threat intelligence team reported that 95 percent of the Security Copilot plugins it analyzed relied on basic authentication or static API key credentials, both of which are inherently vulnerable to exposure.
A tangible example of how unmanaged identities and third-party integrations can become enterprise-scale attack paths emerged in the Salesloft Drift supply chain attack. Threat actors exploited compromised OAuth tokens tied to the Drift integration, gaining access to downstream Salesforce environments and exposing customer data. The incident was not driven by a novel software vulnerability. It was enabled by a compromised identity and a trusted integration path.
The attack surface only grows as AI agents multiply. And unlike traditional applications, agents are not being created through IT processes. Business users are building them through platforms like Microsoft Copilot Studio and Salesforce AgentForce. Developers are connecting AI applications to enterprise resources through APIs and OAuth permissions. Employees are authorizing external AI tools to access corporate systems in minutes. The result is a rapidly expanding population of machine actors that security teams cannot see.
Discovery Before Governance
Okta’s current approach reflects where most customers actually are. The company is focused on discovery and visibility, because accountability has to precede governance. You cannot establish ownership, enforce policies, or assess risk for agents you do not know exist.
Discovery is emerging across three control surfaces: sanctioned AI platforms, shadow AI, and the endpoint. Organizations need visibility into agents operating within managed environments, browser-based AI tools connecting through OAuth grants, and local or hybrid agents operating outside traditional governance frameworks. Together, these surfaces reflect that the major challenge is identifying machine actors that increasingly operate outside traditional IT workflows.
The emphasis on discovery also reflects the current maturity level of the market. When unsanctioned or shadow agents are identified, the most common response is often to remove access rather than bring those agents into a formal governance framework. Governance comes later.
Maturing human identity governance was a decade-long journey. Extending foundational concepts such as lifecycle management, least-privilege access, access certifications, and policy enforcement to AI agents will introduce both conceptual and integration challenges, but the transition is likely to occur more quickly. Organizations are not starting from scratch. The underlying governance frameworks, workflows, and control mechanisms already exist. The challenge is adapting them to a rapidly growing population of non-human identities while addressing new questions around delegated authority, autonomous decision making, and agent-to-agent interactions.
What remains unresolved is how to govern autonomous agents operating independently or coordinating with other agents. High-risk actions such as financial transactions, privilege changes, or sensitive data access will continue to require stronger controls and human oversight, while lower-risk actions become increasingly automated. The precise threshold will vary by organization, but it is clear that identity controls must evolve from governing access to governing actions.
Resilience Is Also an Identity Problem
There is one dimension of this shift that gets less attention than governance but is equally important: cyber resilience.
Most resilience programs today focus on recovering infrastructure, applications, and data. The goal is to restore systems to a known-good state and resume operations. That model works when the things that fail are systems. It becomes more complicated when the things that fail are decisions.
As AI agents become participants in business processes, a recovery event requires reconstructing more than systems and data. Organizations will need to understand what actions an agent took, why it took them, what permissions enabled those actions, who delegated authority, and what downstream decisions were influenced.
Those are accountability questions, and answering them requires the same identity infrastructure that governance does: audit trails, ownership records, permission maps, and delegated authority logs. Identity becomes the connective tissue between human actors, machine actors, permissions, and business outcomes.
This is where the discussion moves beyond security and into operating models. In AI-mediated environments, resilience increasingly depends on the ability to reconstruct business state, not simply restore infrastructure. Organizations will need to recover not only systems and data, but also the chain of decisions, permissions, and delegated actions that shaped business outcomes.
What Security and Identity Leaders Should Do Now
The governance conversation is important. But for most organizations, the immediate priority is simpler and more urgent.
First, treat agent discovery as a security control, not an IT housekeeping exercise. Unknown agents with access to enterprise systems, data, and workflows represent unmanaged risk.
Second, resist the temptation to treat discovery and governance as separate phases. Organizations that begin mapping agent identity, ownership, permissions, and activity now will be in a fundamentally different position than those that wait until agent populations become unmanageable. The window to get ahead of this is narrowing.
Third, extend identity security programs to cover agents explicitly. The questions you ask about human identities apply directly. What can this entity access? What should it be allowed to access? What would a least-privilege model look like? Where are the gaps? Agent identities that inherit excessive permissions, lack clear ownership, or operate without audit trails are the shadow IT problem of the AI era.
The vendors building toward integrated discovery and governance are reading the market correctly. But the tool is only useful if the organizational will to use it exists. That starts with acknowledging that the agents are already out there, and that most organizations do not yet know where.
