If you work in Privileged Access Management (PAM), you know the job has never been glamorous.
.jpg&h=420&w=748&c=0&s=0)
It’s about cleaning up messes and root accounts no one wants to own. It’s about service accounts that “just work” and therefore never get touched. And admins who swear they need permanent access “just in case.”
Most PAM leaders have spent years slowly untangling those identities into something resembling order. And for a while, we were making progress. We had fewer standing privileges, better controls, and fewer exceptions.
But even with that progress, identity remains the primary battleground, 74% of organisations report identity-related breaches, and privileged access continues to be a leading path for lateral movement.
Today, the same problem is rearing its ugly head. Only this time, it’s got ten heads, moves faster, scales instantly, and doesn’t sleep. I am talking about AI agents.
A New Class of Privileged Identity
We recently surveyed 200 CISOs, and the results have been stuck in my head ever since - the uncomfortable kind of stuck, like a lyric you don’t want to remember but can’t shake:
- 86% don’t enforce access policies for AI identities.
- Only 17% govern even half of their AI identities like human users.
- Just 5% believe they could contain a compromised AI agent.
This isn’t just a gap. It’s a structural failure in how we think about identity. Because AI agents aren’t edge cases anymore. They are becoming first-class actors in enterprise environments, often with privileges that rival or exceed human administrators.
This Isn’t an AI Problem. It’s a PAM Problem.
PAM exists for one reason, which is to govern high-risk identities differently from everyone else. That principle hasn’t changed.
It’s hard to think of a higher-risk identity than an AI agent. AI agents can:
- access directly to core systems
- run autonomously
- operate at machine speed
- often carry long-lived or embedded credentials
- run continuously without interruption
- be deployed outside traditional IT visibility (shadow AI)
They don’t log off. They don’t wait for approvals. And they don’t operate within human-defined boundaries. They can’t perform MFA or interactive authentication, rendering many traditional controls ineffective by design. And at machine speed and scale, they outpace controls built for human intervention.
In practice, many of them have the same reach as senior administrators, but without the controls. This has created what I’d call a ghost admin population - identities with real power and almost no oversight.
Visibility Isn’t the Win We Think It Is
A lot of organisations point to visibility metrics as proof of progress. And to be fair, visibility does matter. But PAM has never been about simply knowing what exists.
PAM is about:
- enforcing zero standing privilege
- constraining risky access after compromise
- limiting blast radius when something inevitably goes wrong
The most telling stat in this survey isn’t about discovery or inventory. It’s this one:
- Only 5% of CISOs believe they could contain a compromised AI agent.
That’s not a tooling gap; it’s an architectural gap. If an AI identity is breached today, most organisations are betting on luck and hoping the agent doesn’t move laterally faster than controls can respond. Hope and luck are not controlled. And the reality is, most response models today are still designed for human-speed incidents, not machine-speed compromise.
Operational Parity is the Real Read Flag
One number should worry every mature PAM team:
- Only 17% govern AI identities the same way they govern human users.
PAM maturity requires consistency. Admins don’t get special treatment, and service accounts don’t get a pass. AI identities are now the fastest-growing identity type in the enterprise, and the least governed. That mismatch is dangerous.
Least Privilege Isn’t Enough Anymore
This isn’t about ripping and replacing everything you have, but it is a signal. AI identities can:
- bypass policy enforcement
- outpace approval workflows
- are difficult to control once compromised
PAM, as currently implemented, isn’t doing its job for the identities that matter most.
The principle of least privilege still applies, but many PAM programs haven’t caught up to enforcing it for non-human, autonomous actors. Until they do, AI agents will remain the most privileged and least controlled identities in the environment.
Enforcing least privilege is no longer enough. As AI agents take on a bigger role, the goal must be Zero Standing Privilege (ZSP). Their speed and scale turn even minimal persistent access into immediate risk. Eliminating standing access, enabling just-in-time privilege, and enforcing authorisation at runtime isn’t just best practice, it’s the way to control identities that operate at machine speed.
It also means treating privilege as an identity problem, not just an access problem, bringing PAM and identity governance (IGA) together to deliver consistent policy, lifecycle control, and accountability across all identities.
We have created order out of chaos before. It’s time to do it again, and to do it with haste.Read the ebook- Next Generation Privileged Access Management today.
