AI agents are rapidly becoming a staple of the enterprise identity landscape. Yet, many organisations are deploying them faster than they can govern them, creating a critical blind spot around what these agents can access, which systems they can reach, and how that access is controlled.
As AI agents increasingly interact with sensitive data and automate business workflows on behalf of users, they are being embedded across customer service, software development, and knowledge management. The core security challenge is no longer just about what these agents can do, but whether organisations actually understand and govern the privileges they have been granted.
The result is a rapidly growing population of autonomous identities operating at machine speed, frequently accessing sensitive environments that organisations are already struggling to secure.
A New Class of Privileged Identity
Many organisations still mistakenly view AI agents as mere software tools. In practice, they behave like digital workers, capable of retrieving information, triggering workflows, and interacting with core business applications. Whether connected to internal knowledge bases or customer-facing platforms, these agents routinely handle highly confidential data. Yet, clear ownership and visibility into how these permissions are used remain severely lacking.
This challenge arrives at a time when the broader identity landscape is already under immense strain. Palo Alto Networks’ 2026 Identity Security Landscape Report found that machine identities now outnumber human identities by 109 to one in Australia (in line with the global average), with both machine and AI agent identities expected to skyrocket over the next year. As organisations scale their AI deployment, they are adding a massive, complex layer of non-human users that require the exact same visibility, governance, and accountability traditionally reserved for human employees.
The Expanding Attack Surface
AI agents are not inherently unsafe; the risk emerges when organisations grant enterprise-level privileges before establishing enterprise-level controls. Our research indicates that Australian organisations estimate approximately 40% of AI agents and 41% of machine identities already have access to organisational data, including critical business systems.
An over-permissioned AI agent is a goldmine for attackers. If compromised, manipulated, or abused, it becomes a trusted pathway into the enterprise, allowing malicious actors to move laterally through environments, exfiltrate data, or disrupt critical operations.
This challenge is being accelerated by emerging standards like the Model Context Protocol (MCP). While MCP is excellent for scaling agentic AI by creating a uniform way for agents to interact with databases and enterprise tools, it simultaneously multiplies the number of credentials, permissions, and trust relationships operating across the network.
Every new connection between an AI agent and a business system introduces an access pathway that must be secured. As organisations build out these connected AI ecosystems, visibility into who or what has access to critical systems becomes just as vital as securing the AI models themselves.
Evolving Governance for the Agentic Era
To mitigate these risks, modern identity security principles must be extended to every identity type from human, machine, to agentic.
This requires a comprehensive strategy: discovering and inventorying all AI identities, establishing lifecycle management, enforcing strict least-privilege access, and continuously monitoring for anomalous behaviour. It also means maintaining human oversight for compliance and ensuring that access can be revoked instantly if an agent is compromised or retired.
As AI agents become deeply embedded in daily operations, legacy identity tools will no longer suffice. Organisations need next-generation identity security platforms that extend governance beyond traditional human users. The industry is facing a fundamental shift: moving from managing human access alone to governing every single identity operating across the enterprise from a unified control plane.
To help organisations navigate this shift, Palo Alto Networks recently launched Idira. By combining privileged access management with machine and agentic identity security capabilities, Idira provides a single platform to discover, secure, and govern access across every identity type.
AI agents are quickly becoming the most connected and privileged entities in the enterprise. As Australian organisations continue to scale agentic AI, robust governance will no longer be a roadblock, it will be the ultimate enabler of security, trust, and innovation.

