AI Agents Are the New Non-Human Identity Problem

Through 2025 and into 2026 the operational pattern around AI agents has been consistent enough that multiple research bodies are publishing comparable numbers. Sophos's State of Identity Security 2026 names weak management of non-human identities — including the AI agents now spreading across enterprises through copilots, autonomous workflows, and embedded SaaS integrations — as a primary driver of identity-related breaches. The OWASP Non-Human Identities Top 10 (2025) and the Cloud Security Alliance's NHI research catalogue specific failure modes that are now showing up at scale in agent deployments.

The pattern across the published research is consistent:

Permission scope outstrips function. AI agents typically run with permissions inherited from a human service-account template that was never adapted to the agentic workload, or accumulated through "just add it to the existing role" requests. The result is broad, static grants applied to an actor that needs minimal, dynamic scopes.

Behavioural anomaly modelling on machine identities is weak. Service accounts are expected to be predictable, so unusual activity does not produce a signal. The Sophos 2026 data shows dwell time for NHI-driven incidents materially longer than human-account incidents — consistent with the credential-breach dwell time IBM reports (~246 days mean for stolen-credential incidents).

Identity decisions are made by procurement, not architecture. AI agents land in production through product or business-line requests, not through the identity-governance pipeline that workforce identity goes through. The identity team typically discovers the agent after the breach, not before deployment.

The architectural fix is not a new product category. It is the application of identity discipline — least privilege, lifecycle, audit, anomaly detection — to a population that most organisations still classify as "service accounts" and therefore under-govern.

The cleanest signal from the 2026 research is that AI agents need an identity architecture designed for them, with scoped tokens, on-behalf-of flows, and a runtime decision model that grants the minimum necessary scope per task — not a static role assignment that survives the lifetime of the agent.