The Replicant in Your Directory: AI Agents and the Identity Security Gap

By Grady Summers, CEO, Netwrix
Security was built for people. AI agents are exposing the gap.
Forty-four years after Blade Runner imagined replicants walking among us, security teams are managing their own version of a non-human workforce.
These replicants already have accounts, permissions, and access to sensitive data. They are AI agents, service accounts, OAuth applications, workload identities, and the growing number of machine identities that already outnumber people in many enterprise environments.
That distinction matters because identity security was built around human behavior. People join companies, change roles, take vacations, and eventually leave. Those lifecycle events became the foundation of identity governance. Machine identities rarely follow that pattern.
According to the Non-Human Identity Management Group, machine identities now outnumber human users by as much as 50 to one in many environments. Some exist for minutes. Others remain active years after the application or automation that created them has been forgotten.
Most organizations still struggle to answer basic questions about who owns them, why they still exist, or what they can access.
Trust scales faster than governance
In 2025, a threat actor tracked as UNC6395 obtained an OAuth token associated with Salesloft's Drift chat integration and used it to move through Salesforce environments across hundreds of organizations.
The token wasn't dangerous because it exploited a software vulnerability. It was dangerous because it was already trusted.
From there, attackers reached AWS credentials, Snowflake tokens, and additional secrets stored where they shouldn't have been. One trusted machine identity became the path to several more.
AI agents don't create this problem. They accelerate it. Organizations are deploying AI agents that create identities, inherit permissions, interact across systems, and expand the number of trusted credentials operating inside the environment.
If security teams don't know those identities exist—or don't understand what they can access—the attack surface grows quietly in the background.
Identity programs were built for people
I've spent my career in identity and security, and identity was at the center of nearly every incident my teams investigated. Stolen credentials. Forgotten permissions. Access that outlived the employee or system it was originally issued to.
AI isn't creating a new identity problem. It's exposing one that already existed.
Human identity programs assume someone owns an account, reviews access periodically, and eventually removes it. AI agents don't naturally fit that lifecycle. They can be created automatically, inherit permissions from other identities, interact with systems at machine speed, and even create additional identities as they work.
The result is an identity population growing faster than most governance processes were designed to handle.
How Mature Is Your AI Security Program?
Organizations often know they're adopting AI faster than they're governing it but don't know where the gaps are.
The Netwrix AI Maturity Assessment benchmarks your organization's identity, data, and AI governance practices, identifies strengths and blind spots, and provides practical recommendations to help reduce AI-related risk.
Visibility isn't enough
Our 2026 Data and Identity Security Report found that organizations where AI significantly expanded the number of identities in their environment reported a 43% breach rate over the previous year, compared with 11% among organizations where AI hadn't significantly changed their identity footprint.
The surprising part wasn't the breach rate. It was who got breached.
Organizations where AI rapidly expanded identity counts generally reported stronger governance practices than their peers. They were more likely to monitor shadow AI, govern non-human identities, and maintain continuous visibility into sensitive data.
They invested in the playbook. They still got breached.
Security teams need continuous answers to four questions: What identities exist? Who owns them? What can they access? When should they no longer exist?
Without those answers, every new AI deployment quietly expands the number of trusted identities operating inside the environment.
The accountability question
When an AI agent contributes to a security incident, who owns that identity? Who approved its permissions? Who reviews its access? Who decides when it should be retired?
For a service account, there's usually a trail. For an agent operating at machine speed, creating downstream identities, and interacting across systems, that line back to a person can disappear quickly.
Knowing where sensitive data lives is only half the equation. Knowing every identity that can reach that data, maintaining a current inventory, and ensuring each identity has a clear owner is the other half.
The trusted identities that matter most aren't always the ones security teams are watching. Increasingly, they're the ones nobody remembers creating.
To learn how organizations are adapting identity security for AI, read the 2026 Data and Identity Security Report.
Sponsored and written by Netwrix.
What's Your Reaction?
Like
0
Dislike
0
Love
0
Funny
0
Wow
0
Sad
0
Angry
0
Comments (0)