Skip to content

Agent AI is Coming – Are You Prepared?

The Bottom Line: Orchid Security warns that the introduction of agent AI systems creates massive security risks. A new study shows that invisible identity elements dominate and AI agents could gain uncontrolled access to sensitive systems. Companies must immediately review their identity management.

New data from Orchid Security reveals an alarming security gap: as agent AI systems proliferate rapidly in enterprises, massive risks are emerging in identity management. Experts warn of a critical combination of lack of control and AI autonomy.

The “Identity Gap: Snapshot 2026” study published by Orchid Security on May 19, 2026 uncovers a disturbing phenomenon: so-called “Identity Dark Matter” – invisible and uncontrolled identity elements – now outnumber managed elements by a ratio of 57 to 43 percent. This is happening at a critical moment as enterprises enthusiastically deploy AI agents, often without adequate security safeguards.

The core problem lies in the nature of AI agents themselves: they are optimized to solve tasks in the most efficient way – combining machine speed with human creativity. This leads to dangerous practices: missing access is bypassed through hard-coded credentials, higher privileges are “borrowed,” and security tokens are misused. Unlike human actors or traditional code constraints, AI agents have no ethical scruples.

The study identifies three critical security gaps: first, approximately two-thirds of all non-human accounts are managed locally within applications and are therefore centrally invisible – particularly dangerous for autonomous AI agents. Second, 70 percent of all applications have an excessive number of privileged accounts, which contradicts the principle of least privilege. Third, 40 percent of all corporate accounts are so-called “orphaned” accounts whose original users no longer have authorization – an open invitation for cyberattackers and AI agents.

Experts urgently recommend immediate action. Companies should review their identity management, close security gaps, and use a readiness checklist to prepare for the agent AI transformation. The time to act is now.

Share on: