The newest Cloud Security Alliance research on the state of AI cybersecurity contains a set of numbers that should be uncomfortable for anyone running an identity and access management program in 2026. Seventy-one percent of CISOs say AI now has access to core business systems. Only 16% report that they govern that access effectively. Ninety-two percent of organizations lack full visibility into AI identities. Ninety-five percent doubt they could detect agent misuse if it occurred.
The headline is that AI is a security problem. The honest framing is that AI is an identity problem, and the identity problem has been in front of security organizations for two years without producing the structural response the data demands.
The shape of the gap is straightforward. Traditional identity governance assumes a stable set of entities: employees, contractors, service accounts, and a relatively small number of machine identities. Modern AI deployments introduce a new category — agents that authenticate, hold long-lived credentials, hold broad permissions across multiple systems, and operate at speeds that no human review process can keep up with. The existing IAM tooling was not built for this, and the operating model in most organizations was not built for it either. The result is a category of identity that is privileged, opaque, and growing fast.
Advertisement
300 × 250
The vendor response has been predictable. Every major identity vendor has, over the last 12 months, launched some version of “AI identity” or “non-human identity” or “agent identity” product line. The taxonomy is unclear, the integrations are immature, and the buyer experience is consistent: a real problem, plausible-looking demos, but enforcement that lags the marketing claims. Several CISOs who have evaluated these products in the last six months describe the experience as similar to early zero-trust procurement in 2018 — a category being defined faster than the products are catching up.
What works, in the organizations that have taken this seriously, is not a single vendor purchase. It is a discipline. Three changes show up consistently in the organizations that are making progress. First, agent identities are inventoried the same way human identities are inventoried, with a single source of truth, an owner, a lifecycle, and a known set of entitlements. The inventory is hard. It is also the precondition for everything else. Second, agent permissions are scoped to the narrowest plausible boundary, not to the broadest convenient one. The default permission grant for a new agent is the smallest set of system entitlements that allow the workflow to function — not the full set of entitlements the agent’s vendor recommends. Third, agent activity is monitored for anomaly the same way privileged human activity is monitored. The anomaly detection is harder because the baseline is moving, but the data is available.
The hard part is organizational, not technical. The teams that need to govern agent identity — IAM, security architecture, the application teams deploying agents, the data platform teams whose systems agents access — have not historically coordinated tightly. The AI deployment cycle has moved faster than the organizational seams between them. The CISOs who are making real progress have, in most cases, created an explicit ownership structure for agent identity governance and given it accountability for a small number of measurable outcomes. The ones who have not are still relying on procurement to solve the problem, which is approximately the same posture that produced the current state of the metrics.
The Cloud Security Alliance data is not a warning. It is a baseline reading. The next time the same questions are asked, the gap between “AI has access” and “we govern that access” is going to be the metric that distinguishes mature security organizations from immature ones. The procurement decisions made in the next 12 months will determine which side most enterprises end up on.