AI agents are multiplying across enterprises faster than security teams can track them, and neither IT nor security knows who they are, what they're doing, or whether they've been compromised. This identity vacuum is emerging as one of the most overlooked vulnerabilities in the agentic AI revolution, according to new announcements from Google Cloud and Microsoft at major security conferences in 2026. Why Are AI Agents Becoming Security Blind Spots? Unlike traditional software applications or user accounts, AI agents operate in a gray zone. They're not quite users, not quite applications, and most organizations lack a unified way to identify, track, and control them. When a company deploys dozens or hundreds of agents across different departments, each built with different tools and frameworks, the result is what security teams call "agent sprawl." Without a central registry or identity system, agents can accumulate excessive permissions, operate unchecked, and become targets for attackers. The problem is compounded by the speed at which agents are being deployed. Organizations are moving so quickly to adopt agentic AI that they're skipping fundamental security steps. "As organizations adopt agentic AI, growing visibility and security gaps can increase the risk of agents becoming double agents," Microsoft noted in its announcement of Agent 365, a new platform designed to address this exact problem. What Does Agent Identity Management Actually Look Like? Microsoft's new Agent 365 platform, launching May 1, 2026, introduces a concept that sounds simple but represents a major shift in how enterprises think about AI security: giving each agent a unique digital identity, similar to how user accounts work today. This "Agent ID" allows organizations to apply the same access controls and security policies to agents that they already use for employees. The approach mirrors identity and access management (IAM) practices that have been standard for decades in enterprise security. Just as a human employee gets a username, password, and set of permissions tied to their role, agents now receive a unique identity that can be tracked, audited, and revoked if necessary. This identity lives in Microsoft Entra, Microsoft's cloud-based identity platform, allowing security teams to see exactly what each agent can access and what it's actually doing. How to Implement Agent Identity and Access Controls - Create a Unified Agent Registry: Maintain a centralized inventory of all agents in your organization, including those built with Microsoft AI platforms, ecosystem partner agents, and agents registered through APIs. This inventory should be visible to both IT teams in the Microsoft 365 admin center and security teams in Microsoft Defender workflows. - Apply Identity Protection and Conditional Access: Extend existing user security policies to agents, making real-time access decisions based on risk signals, device compliance, and custom security attributes. These policies help prevent agent compromise and ensure agents cannot be misused by malicious actors. - Limit Agent Access to Necessary Resources: Use identity governance capabilities to scope agent access to only the resources they need, with access packages that can be restricted to a subset of user permissions. Include the ability to audit all access granted to agents for compliance and investigation purposes. - Monitor Agent Behavior and Risk Signals: Implement observability tools that provide detailed reports on agent performance, adoption metrics, and activity details. Security teams should evaluate agent risk using signals from Microsoft Defender, Entra, and Purview, just as they do for users. - Enforce Security Policy Templates: Automate collaboration between IT and security by defining tenant-wide security policies that IT leaders can enforce as they onboard new agents. This reduces friction and ensures consistent security standards across all agents. Google Cloud is taking a similar approach with its security operations platform. The company announced new agentic automation capabilities that allow security teams to embed agents directly into workflows, but with the critical addition of governance and control mechanisms. Google Security Operations users can now build their own enterprise-ready security agents with remote model context protocol (MCP) server support, which became generally available in early April 2026. This shift means organizations no longer have to host their own security operations infrastructure, allowing them to enable unified governance and controls for the agents they build. What Happens When Agents Lack Proper Identity Management? The risks are substantial. Without identity controls, agents can accumulate excessive privileges over time, a phenomenon known as "privilege creep." An agent that starts with permission to read customer data might gradually gain access to modify it, delete it, or share it with external systems. If that agent is compromised by an attacker, the damage could be catastrophic. Additionally, unmanaged agents may access resources unchecked, be misused by malicious insiders, or become vectors for lateral movement within an organization's network. Microsoft's research indicates that this is not a theoretical concern. The company emphasized that "unmanaged agents may create significant risk, from accessing resources unchecked to accumulating excessive privileges and being misused by malicious actors". This warning reflects real-world observations from organizations already running agents in production. Google's Mandiant threat intelligence team, which investigated over 500,000 hours of incident response cases, found that adversaries are increasingly deploying their own AI agents and autonomous tools capable of rewriting their own code in real-time. The report noted that "adversaries have transitioned from experimental AI use to deploying adaptive tools and autonomous agents capable of rewriting their own code in real-time." If defenders don't have visibility and control over their own agents, they'll be at a severe disadvantage against attackers using similar technology. How Does This Fit Into the Broader AI Security Picture? Agent identity management is just one piece of a larger puzzle. Microsoft's Agent 365 platform also includes data security controls through Microsoft Purview, which prevents agents from accessing sensitive data, blocks data leaks from risky interactions, and ensures agents inherit and honor data sensitivity labels just like human users do. The platform also extends insider risk management to agents, flagging risky interactions with sensitive data. Google is taking a complementary approach by infusing agentic capabilities into threat intelligence itself. The company announced that it's using AI agents to analyze millions of daily external events with 98% accuracy, filtering out noise and elevating only threats that truly matter to an organization's security posture. This represents a shift from defenders manually triaging alerts to having AI agents do the initial heavy lifting, freeing human analysts to focus on high-priority threats. "Few would argue that the progress made in the past 12 to 18 months to put AI to work to improve security operations is remarkable. New research from Omdia shows that 89% of CISOs are pushing to accelerate the adoption of agentic security," said David Gruber, principal analyst for cybersecurity at Omdia. David Gruber, Principal Analyst, Cybersecurity, Omdia The urgency is real. Omdia's research found that over half of cybersecurity practitioners believe that agentic AI offers a bigger advantage to defenders than to adversaries, but only if it's implemented securely. Without proper identity management, governance, and visibility, that advantage evaporates. For organizations deploying agents today, the message is clear: treat agent identity management with the same rigor you apply to user identity management. Implement a unified registry, apply conditional access policies, monitor behavior continuously, and audit all agent actions. The difference between a secure agent deployment and a catastrophic breach may come down to whether your organization knows who its agents are and what they're doing.
