I originally titled this with the word problem instead of crisis, but the speed with which agentic AI is expanding in companies tells me crisis is probably a better word.
Identity has never really been a function that is embraced, promoted, lauded, and well funded in companies. Going back to my days consulting for one of the largest retailers in the world and watching CA consultants bill millions of dollars while basically running around the offices pushing papers from one pile to another. It was the classic nine month project that ballooned to well over three years and so much additional expense.
For those of us who spent time running identity functions, we know this story all too well.
AI (agentic or otherwise) has taken over companies everywhere. Leaders, technologists, and just the general public is sprinting to keep up with the pace of development, with mixed degrees of success. What isn’t keeping up is identity, and the exposure surface is so much bigger than people realize.
Take a step back to the early OpenClaw days where people turned over all their privileges to AI and crazy things happened. Stories of permanently deleted files, emails, and even a health-obsessed tesla takeover tell cautionary tales on how this technology can run amok.
Now apply that same thinking to corporate America where AI has democratized the creation of software, access to APIs, and finding ways to quickly marry different systems to create value. With the speed things are going, we already know people are sharing their credentials directly with models to take actions on their behalf, and those credentials are designed to be user-focused, not scoped down to only the actions an AI agent may take. And given that enterprise AI is designed to be extra helpful and burn ever more tokens, it’s not unreasonable to think that given a narrow task it may try to add value using entitlements beyond the user’s intent.
Entitlement management in humans is already a dumpster fire, so it stands to reason we have to use different systems for agents. The general rules should be that it is easy for users of all technology backgrounds to provision identities with the narrowest privileges possible, the scopes are reviewed and corrected by someone outside the original requestor, and it must be near real-time provisioning and activation with a 1:1 relationship between AI Agent and third-party system.
Until this is solved, expect your AI to suffer from the same entitlement creep that your users do, just faster and with much more potential damage.