Wednesday, 15 July 2026 PDT | 02:54 PM
The 1 News Alt Logo Text Smart News for Global Indians

The reality of agentic artificial intelligence risks in the modern enterprise

AI News July 16, 2026 02:32 AM
The reality of agentic artificial intelligence risks in the modern enterprise

ARTIFICIAL INTELLIGENCE (AI) agents are already inside the enterprise. They are autonomous, non-deterministic, and multiplying. Unlike conventional software that follows defined logic, an AI agent reasons its way to an outcome — which means its behavior cannot be fully predicted at deployment. Across Asia-Pacific, IDC forecasts AI and GenAI investments will reach $175 billion by 2028, with agentic systems increasingly central to that spend. The governance structures needed to contain that risk are not keeping pace.

AI agents operate through machine identities — service accounts, API tokens, and credentials that grant access to systems and data. Gartner identifies machine Identity Access Management (IAM) as one of the least mature areas within most IAM programs, despite being among the fastest growing in scale and risk exposure. The numbers bear this out: machine identities now outnumber human users, yet a vast majority of organizations still define only human identities as privileged users.

The most common failure mode is over-permissioning. AI agents are frequently granted broader access than their task requires — partly because the people building them optimize for capability, not constraint, and partly because purpose-built tooling for non-human identity governance is still maturing. Research globally across enterprise deployments found that 77% of organizations rely on existing IAM platforms for machine identity visibility, but only 2% have deployed a dedicated non-human identity security tool. The gap between exposure and coverage is significant.

The consequences are already materializing. 80% of organizations report their AI agents have performed unintended actions — including accessing or sharing sensitive data. These are structural gaps in how AI identities are managed.

What makes the current moment risky is the combination of high confidence and low maturity. While technology leaders report confidence in their ability to manage AI agent risk, organizations lack clear accountability during deployment regarding what those agents access and the decisions they influence. That gap between perceived and actual governance capability is precisely where incidents become breaches. The risk profile also changes sharply as agentic systems become more autonomous, as multi-agent architectures scale, and as those agents interact with systems outside the organization’s direct control.

The organizations that will navigate this well are those that have built governance into the foundation rather than layered it on after deployment. That means treating every AI agent as a distinct identity — with defined ownership, scoped access entitlements, and a clear lifecycle. It means applying the same rigor to agent access reviews that mature organizations apply to privileged human accounts. And it means continuous visibility, not point-in-time audits.

The industry is moving toward what we at SailPoint call an Agentic Fabric — a capability purpose-built to discover, govern, and continuously monitor AI agent identities at scale, across the full range of deployment environments — from packaged SaaS agents to custom-built autonomous systems. The core principle is identity-first governance: no agent operates without a known owner, defined permissions, and the ability to be audited or revoked.

As AI governance expectations tighten and procurement increasingly screens for governance maturity, the organizations that can demonstrate clear accountability for their AI systems will hold a structural advantage.

The productivity case for AI agents is real. So is the risk. What determines which side dominates is not the sophistication of the agent — it is the quality of the governance built around it.

Eric Kong is the GVP, ASEAN, SailPoint.