AI agents run unseen in enterprises, IAM struggles to keep up

Analysts and vendors report that enterprises are deploying AI agents across applications faster than identity governance can track. Gartner’s Market Guide for Guardian Agents states, “enterprise adoption of AI agents is accelerating, outpacing maturity of governance policy controls.” Orchid Security estimates roughly half of enterprise identity activity occurs outside centralized identity and access management (IAM) visibility.

The gap arises from how AI agents operate compared with human users. Traditional IAM was designed to manage people logging into systems. AI agents often run continuously, interact with multiple applications, request permissions during runtime and generate machine-speed activity. Many IAM tools focus on authentication events and do not observe application behavior after login.

Orchid Security uses the term “identity dark matter” to describe identity activity that exists in application binaries, local configurations, embedded service accounts and other places not indexed by central IAM platforms. Orchid’s analysis places about half of identity activity in these locations, creating points of limited visibility for compliance checks and incident response.

Orchid has built an AI assistant into its product that the company says performs discovery and analysis inside applications, at the binary and configuration level, and answers queries about the identity estate. Reported examples include identifying active AI agents across business units and embedded SaaS features, assessing how application-level identity controls map to NIST Cybersecurity Framework identity requirements in versions 1.1 and 2.0, and locating static credentials such as service account keys or local tokens that may require rotation.

The firm describes its method as combining binary analysis and dynamic instrumentation to inspect native authentication and authorization logic without requiring API integrations, access to source code or long deployment projects. Gartner lists the vendor among those managing identities and access for AI agents with zero-trust policies and governance.

Orchid outlines five governance principles for AI agents: attribute agent actions to a responsible human owner; record a complete chain of custody for agent activity; evaluate access decisions continuously based on context and sensitivity; apply privilege elevation only when needed for a task; and trigger automated remediation when risky behavior occurs. The vendor presents these principles as the basis for tools that monitor and act on application-level identity activity.

Enterprise identity teams face a widening estate that includes local authentication, forgotten service accounts and machine identities assigned during rapid AI adoption. Gartner’s Market Guide and vendor materials emphasize that some identity activity lives inside application logic rather than in central directories. Gartner publications reflect the views of its research organization and do not represent endorsements of any vendor or product.