Here is a scenario that should keep CIOs up at night: An AI agent, authorized to process invoices, quietly escalates its own permissions to access payroll data. No human approved it. No audit trail flagged it. By the time anyone notices, the damage is done.
This is not a theoretical risk. As organizations move from single AI assistants to networks of agents that collaborate, delegate tasks, and act autonomously across enterprise systems, a fundamental question remains unanswered: how do you verify who an AI agent is and what it is allowed to do?
The Identity Gap No One Planned For
New research on authorization propagation in multi-agent AI systems, which means how permissions flow when one agent hands off work to another, frames identity governance as missing infrastructure. The paper argues that most enterprises have robust identity and access management (IAM) systems for human employees. These same systems were never designed for software entities that can spawn copies of themselves, work around the clock, and chain together actions across dozens of applications.
The problem compounds quickly. When Agent A asks Agent B to complete a subtask, what credentials does Agent B use? Does it inherit Agent A’s permissions? Does it have its own? If Agent B then calls Agent C, the permission chain becomes nearly impossible to audit using current tools.
“We’ve spent twenty years building identity infrastructure for people,” one enterprise security architect at a large Indian bank told me recently. “We have maybe twenty months to figure out the same thing for machines before this becomes unmanageable.”
Why Traditional IAM Falls Short
Most enterprise IAM systems from vendors like Okta, Microsoft Entra, and Ping Identity were built around a simple model: authenticate a human, assign them roles, log their actions. Service accounts exist for machine-to-machine communication, but these are typically static, long-lived credentials with fixed permissions.
AI agents break this model in several ways. They need dynamic permissions that change based on context. They operate at speeds that make real-time human approval impractical. They can be created and destroyed in seconds. And critically, they can take actions that look legitimate individually but constitute policy violations when chained together.
Security vendors are scrambling to respond. CyberArk and HashiCorp have begun extending their secrets management tools to handle agent credentials. Startups in the identity space are pitching “agent-native” IAM solutions. But no standard framework exists yet, leaving enterprises to improvise.
The Compliance Timebomb
For regulated industries, which covers most large Indian enterprises, the stakes go beyond security. RBI guidelines, SEBI regulations, and data protection rules all assume that actions can be traced to accountable parties. When an AI agent makes a decision that violates compliance requirements, who is responsible?
Current audit trails are not built to answer this question. If an agent accesses customer data, modifies a financial record, or triggers an external API call, regulators will expect clear documentation of the authorization chain. Without proper identity governance, organizations face both regulatory penalties and, perhaps worse, an inability to investigate incidents after they occur.
The operational burden falls on security and cloud teams who are already stretched thin. They must now track non-human identities with the same rigor applied to employee credentials, while also building new workflows for agent credential rotation, delegation policies, and incident response playbooks that account for autonomous software.
What This Means For You
If your organization is experimenting with AI agents, or planning to, identity governance cannot be an afterthought. Three immediate actions deserve attention.
First, audit your current IAM infrastructure for its ability to handle non-human identities at scale. Ask your vendors directly what their roadmap looks like for agent credential management.
Second, establish least-privilege policies for agents now, even if your deployments are small. The habits you build during pilots will determine your security posture at scale. Every agent should have the minimum permissions necessary, with clear expiration and review cycles.
Third, start documenting agent authorization chains today. When regulators come asking questions, and they will, you need to show that Agent X was authorized by System Y under Policy Z, with full audit trails. Building this infrastructure retroactively is far more expensive than doing it right from the start.
The companies that treat identity governance as core plumbing, not a security checkbox, will scale their AI automation safely. Everyone else will learn expensive lessons about what happens when autonomous software operates without proper credentials.
