SKIP TO CONTENT
shaungehring.com
UPTIME 29Y 10M 16DLAT 35.2271°NLON 80.8431°W
SYS ONLINEMODE PUBLIC
/ HOME/ BLOG/ Leadership
#LEADERSHIPJUNE 28, 2026·5 min READPUBLISHED

Your AI Agents Outnumber Your Staff 144 to 1 — and Two-Thirds Have Weaker Security Than Your Interns.

In cloud-native environments, non-human identities now outnumber human ones 144 to 1 — up from 92 to 1 eighteen months ago. 91% of orgs run AI agents; only 10% have a strategy to manage their identities. We built the control plane and forgot to staff it.

SG
Shaun Gehring
PRINCIPAL · AI & SYSTEMS CONSULTING

Your AI Agents Outnumber Your Staff 144 to 1 — and Two-Thirds Have Weaker Security Than Your Interns

Here's a number that should ruin your week if you run an engineering org: in cloud-native environments, non-human identities now outnumber human ones 144 to 1. Eighteen months ago that ratio was 92 to 1. It moved 56% in a single year. The population of these machine identities — service accounts, API keys, tokens, and now autonomous agents — grew 44% between 2024 and 2025, and the curve is steepening because every agent you stand up is a new identity with credentials.

Now the part that actually hurts. 91% of organizations are already running AI agents. Only 10% have a developed strategy for managing non-human identities. 51% report no clear ownership of their AI identities — nobody's name is on them. And nearly two-thirds apply weaker security controls to AI agents than to human employees. The 2026 Verizon DBIR put it plainly: identity is the control plane for agentic AI. We built the control plane and then forgot to staff it.

Agents Don't Wait for Your Governance Roadmap

The tooling to govern agent identity exists — Microsoft Agent 365, the IAM vendors, all of it. This is the scoreboard, and the scoreboard says almost nobody is using the plumbing. That gap is the whole story. The 144:1 explosion already happened, because tooling existing and tooling being adopted are separated by the most expensive eighteen months in enterprise security.

A developer wires an agent into Bedrock on a Tuesday to handle a quarterly reconciliation, it gets a token, it works, everyone moves on. Nobody revokes it. Six months later it's a standing set of credentials with production access and no human who remembers it exists. Multiply by every team. That's how you get to 144:1 without a single person deciding to get there.

And the reason two-thirds of orgs secure agents worse than humans isn't negligence — it's category error. Our entire identity stack assumes a human behind the login: one person, one badge, an HR record, a manager who notices when behavior changes, an offboarding checklist triggered by a resignation. An agent has none of those. It spins up in seconds, acts thousands of times an hour, gets cloned, and has no manager watching for the moment it starts touching things it shouldn't. We're applying employee-grade controls to a thing that behaves nothing like an employee — and then under-applying even those.

What 144:1 Means on the Ground

Identity dark matter is now the majority. The research puts unmanaged machine identities at 57% of the total, versus 43% your IAM system can actually see. More than half of the things authenticating into your systems are invisible to the tool you bought to manage authentication. You can't revoke what you can't enumerate. Step one isn't a new policy — it's discovery. You almost certainly have more agent credentials live right now than you think.

"Who owns this agent" has to be a required field. The 51%-no-ownership stat is the scary one, because ownership is what makes every downstream control work. No owner means no one to approve scope, no one to notice drift, no one whose job it is to kill it. Make agent identity a first-class architecture decision: owner, blast radius, approval path, kill switch. If you can't answer those four, you don't have an agent. You have an incident with a future date.

The blast radius is bigger than a human's by design. A compromised employee account acts at human speed and gets noticed at human cadence. A compromised agent acts thousands of times an hour and looks exactly like it's doing its job. Least-privilege isn't a nice-to-have here — it's the only thing standing between "contained" and "exfiltrated the whole data warehouse before lunch."

The Audit Conversation Is Coming

I sit in regulated finance, so let me say the quiet part. "We run AI agents" and "two-thirds of us secure them worse than our human staff" cannot coexist in a SOC 2, PCI, or SOX conversation for very long. Auditors are going to start asking the agent version of the questions they already ask about privileged human access: who provisioned it, who approved the scope, when was access last reviewed, how is it revoked. Right now, for most orgs, the honest answers are don't know, nobody, never, and we can't. That's not a finding. That's a stack of findings.

Here's the deeper pattern, and I've watched it repeat for twenty-five years. Every wave of automation creates a population of identities faster than it creates the governance for them, and the gap is always where the breach lives. Service accounts did it. CI/CD pipelines did it. Now agents are doing it at a 144:1 ratio — a different order of magnitude of the same mistake. The teams that win the next two years won't be the ones with the smartest agents. They'll be the boring ones who treated agent identity as the load-bearing problem it is — who ran discovery, assigned owners, scoped tight, and built the kill switch before the auditor or the attacker asked them to.

The flashy AI story is always capability — can it code, can it plan, can it run overnight. The story that decides whether agents survive contact with a real enterprise is the one nobody wants to write the LinkedIn post about: who is this thing, and what is it allowed to touch. We've now got a number for how badly we're answering it. 144 to 1, and falling behind.

Sources: AI Agents at Work 2026: Securing the agentic enterprise | Okta · The Non-Human Identity Governance Vacuum | Cloud Security Alliance · The 2026 DBIR Confirms It: Identity Is the Control Plane for Agentic AI | Token Security · Your AI Agents Are Already Inside the Perimeter | The Hacker News

// CROSS_REFERENCE

Adjacent signals.

← ALL POSTS
AI
01
2026.06.27
Google Killed the 10 Blue Links. The Open Web Was Never the Product — It Was the Inventory.
At I/O on May 19, Google announced the biggest change to its front door in 25 years: the search box becomes an intelligent box serving generative pages instead of a list of links. Zero-click searches are already ~60% of queries.
READ
Leadership
02
2026.06.26
84% of Your AI Engineers Are Building Bumpers, Not Cars. The Guardrail Tax Is the Real Story.
The headline from Sinch's AI Production Paradox report was the 74% rollback rate. The number buried two pages deeper is the one that matters: 84% of AI engineering teams spend at least half their time on safety infrastructure rather than building features.
READ
AI
03
2026.06.25
The AI Bottleneck Stopped Being Compute. It's the Power Grid Now — and Nobody Has a Roadmap for That.
PJM auctioned 2026-2027 grid capacity at $329.17 per megawatt-day, up from $28.92 two years ago — an eleven-times jump. The AI bottleneck stopped being silicon. It's electricity now, and electricity does not scale on Moore's Law.
READ