We are living through a radical redefinition of the modern workforce. The promise of Agentic AI is already prompting leading enterprises to reshape their business operations, with announcements of job cuts making way for AI growth. As the shift from human-led to machine-led work takes hold, one thing is clear: AI is no longer a sidekick – it’s becoming the main act.
This shift isn’t just economic or technological. It’s a fundamental security and governance challenge. As machines take over more human roles, organisations must urgently rethink how access is granted and used, and ask a critical question: are we managing AI identities with the same scrutiny and control we apply to human ones? Because in many cases, the answer today is a resounding no. The result is rapidly growing risk, as machines gain more access than people.
The rise of machines – and the collapse of legacy thinking
Traditionally, identity governance has revolved around people. Onboarding involved background checks, role-based access control, entitlements and clear oversight. When people leave, their access is revoked (at least in theory). But AI doesn’t enter via a HR system. It appears via DevOps or IT projects, often with elevated access and little lifecycle visibility.
We’ve seen this before. During the Robotic Process Automation (RPA) boom, bots were granted shared credentials and broad access to sensitive systems – leading to attribution issues, security gaps and data exposure. With AI agents, the scale is far greater – and the consequences could be too.
Unlike deterministic bots, agentic AI can reason, make decisions and interact with systems autonomously. In practical terms, onboarding 1,000 AI agents is like hiring 1,000 new employees – in seconds. But unlike human hires, these agents aren’t subject to the same checks and balances. The result? A rapidly growing population of under-governed, over-privileged non-human identities.
Human cost, machine risk
The media is rightly focused on the pace of disruption and the impact it already has and will have on humans – not just businesses but the broader community, ranging from the scale of potential job losses to ethical dilemmas. But there’s another story lurking beneath the surface - the growing security risk as businesses scale AI without scaling identity governance.
Privileged access isn’t just about admin accounts anymore. AI agents often need elevated access to function. Without proper identity provisioning and deprovisioning, this creates an invisible attack surface – one that threat actors are eager to exploit.
According to the CyberArk 2025 Identity Security Landscape report, 69% of organisations lack the necessary identity security controls to manage AI and machine identities, even though a third of machine identities have access to privileged or sensitive data. In Australia, where hybrid environments and cloud sprawl are common, the risk is even greater, especially as 92% of Australian organisations believe the definition of a ‘privileged user’ applies solely to human identities – overlooking the fact that 32% of machine identities have privileged or sensitive access.
Modernising machine identity lifecycle management in a machine-first world
Even before AI, many organisations struggled with identity management. Today those challenges persist - their access management processes remain inconsistent, manual and prone to error. Add the scale and speed of machine identities to that mix, and these gaps become harder to ignore.
To meet this challenge, organisations need modern, AI-powered identity lifecycle management that automates the provisioning, review, and deprovisioning of access for both human and machine identities. It’s essential that cyber leaders prioritise short-lived access models wherever possible. These solutions must integrate across SaaS, cloud and hybrid environments to provide real-time visibility and enforcement – ensuring that identities receive only the access they need, and only for as long as they need it.
This isn’t just about improving efficiency. It’s about survival in a new paradigm. Without automated identity governance, security teams won’t be able to maintain compliance or enforce least privilege at scale. And in the event of an audit or breach, many will struggle to answer the most fundamental questions of who had access when and why.
Identity architectures built for people and around long-lived credentials simply won’t suffice in a world where the majority of users are AI agents. Security leaders must now treat AI onboarding as seriously as human onboarding, ensuring that every agent has a unique, verifiable identity; that least privilege access is applied from the outset; and that continuous monitoring and behavioural analytics are in place. Just as importantly, organisations must have a kill switch - because when AI agents behave unpredictably, the ability to shut them down securely will only be possible by being able to revoke identity-based access in real time.
Leaders must own this shift
This is no longer just a technology issue - it’s a business-wide imperative. While CIOs and CISOs play a critical role, every executive leader must engage with the challenge of governing both human and machine identities. As AI transforms how work gets done, identity management can no longer be siloed within IT or security.
From HR to operations, finance to risk and compliance, leadership teams must work together to modernise identity governance, embrace automation, and embed identity strategy into every AI-driven initiative.
AI promises speed, efficiency and scale - but without the right identity controls, it can just as easily introduce risk, complexity and loss of trust. The ability to govern identity at scale will determine not just who keeps pace with change, but who leads in the AI-powered enterprise.
.png&h=140&w=231&c=1&s=0)
.png&w=100&c=1&s=0)
.png&w=120&c=1&s=0)
Tech in Gov 2025
Forrester's Technology & Innovation Summit APAC 2025
Local Government Focus Day Western Australia
Digital Leadership Day Western Australia
Government Cyber Security Showcase Western Australia
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
