AI co-workers raise the stakes for identity governance
By Morey Haber (pictured), Chief Security Advisor, BeyondTrust
The rapid rise of Artificial Intelligence (AI) agents inside enterprise environments is reshaping how work gets done and how risk is managed.
Once confined to chat-based assistance, these tools are evolving into autonomous “AI co-workers” capable of generating code, executing commands and interacting directly with systems. Their adoption is accelerating far faster than governance frameworks, leaving organisations exposed to a new class of security challenges.
Recent research[1] highlights the scale of the shift, with AI agents in enterprise environments surging by more than 466% year-on-year. However, as their presence grows, so too does a fundamental tension between innovation, and control, and risk management.
Privilege inheritance creates new risk
At the heart of the issue is a deceptively simple principle: AI agents operate using the same identity and privileges as the user who initiates them. There is no distinction at the operating system level or within applications performing actions by a human and those executed by an AI-driven tool.
This means that any access rights granted to a user are effectively inherited by the agent. In a typical environment, AI does not create new privileges, but it dramatically amplifies how those privileges can be exercised. Tasks that might take a human minutes or hours to execute can be performed by an AI agent in seconds, often across multiple resources simultaneously.
The implications are significant. A single instruction can trigger a cascade of actions, from modifying configuration files and running scripts to interacting with cloud services and spawning additional processes. Each step operates within the same privilege framework, multiplying both efficiency and risk in lieu of honouring security best practices like least privileged, zero standing privileges, and just-in-time access.
Automation outpaces oversight
The speed at which AI agents function is both a defining characteristic and a key concern. Unlike traditional workflows that rely on human validation at each stage, AI tools can generate and execute entire sequences of commands instantly.
In some cases, this has already led to unintended consequences. Reports of AI-assisted development tools making unapproved changes or triggering outages have prompted organisations to introduce stricter approval mechanisms like including Human in the Loop (HitL) at critical steps. These incidents underscore a broader reality: governance processes designed for human-paced activity are struggling to keep up with machine-speed automation.
Excessive privilege expands the blast radius
For security teams, the most pressing risk is not the presence of AI itself, but the persistence of excessive standing privileges. Standing administrative rights have long been recognised as a vulnerability, allowing processes to make sweeping changes across systems with accounts that are always available for authentication. AI agents magnify this risk by dramatically increasing the volume and speed of privileged actions.
In such environments, even minor errors can escalate into system-wide disruptions. An AI agent running iterative scripts with administrative access, for example, could inadvertently modify critical settings or delete important data across multiple resources. Without proper constraints, the cumulative impact can be severe and at machine speed with little time to recover or halt the activity.
From prevention to containment
As AI tools become embedded in everyday workflows, many organisations are recognising that outright prevention is neither practical nor desirable. Developers are integrating agents into legitimate processes, and employees are adopting them independently, giving rise to so-called “Shadow AI”.
This reality is prompting a shift in strategy, from attempting to block AI usage to placing guardrails on its potential impact. The focus is moving toward defining clear boundaries around what AI agents can and cannot do, particularly at the endpoint level where multiple actions can by executed On Behalf Of (OBO) of a user.
Therefore, effective containment requires granular control over system resources. Critical components such as operating system directories, security configurations, credential stores and sensitive data must be protected from unauthorised modification even when AI has privileged access.
Least privilege as a foundation
Against this backdrop, a familiar strategy is emerging as a cornerstone of AI governance: least privilege. By ensuring users operate with only the access necessary for their roles, organisations can automatically constrain the capabilities of any AI agents they deploy due to inherited privileges.
Under a least privilege model, both humans and AI tools run as standard users by default. Any attempt to perform privileged actions requires explicit authorisation, creating a controlled and auditable pathway for elevated access by the agent.
Importantly, least privilege should not hinder innovation. Instead, will establish a secure framework within which AI-driven automation can operate within entitlement-based guardrails.
Enforcing control in an AI-driven environment
To operationalise these principles, organisations that have already invested in endpoint privilege management solutions can leverage the capabilities found in these tools while others will need to step down this path. These tools provide a mechanism for enforcing policy-based controls over what applications can run, how processes behave and when privileges can be elevated.
Key capabilities include restricting the execution of unapproved AI tools, governing the behaviour of subprocesses and child processes spawned by agents, and maintaining detailed audit trails of automated activity. Together, these controls offer a practical way to balance innovation with oversight.
Final Thoughts
As AI agents continue to proliferate, the challenge for security leaders is shifting from whether to adopt these technologies to how to govern them effectively. Understanding what tools are already in use, eliminating unnecessary privileges, and enforcing consistent policies will be critical steps to secure adoption.
Agent AI embraces automation at machine speed and the margin to detect and respond to errors is shrinking. For organisations embracing AI co-workers, robust identity governance and least privileged management may prove to be the most important safeguard of all.
[1] https://www.beyondtrust.com/press/rapidly-expanding-shadow-ai-workforce
