← The Brief
MarketJune 24, 20263 min read

Your company has 109 identities per employee. Most of them are AI.

The identity perimeter you spent a decade hardening covers the smallest slice of your identity population. AI agents just became the majority — and almost nobody is governing them like they govern people.

DB

Dani Brooks

Security & governance

Market

Here's the statistic that should reframe your next security planning meeting: machine identities now outnumber human identities 109 to 1, according to Palo Alto Networks' 2026 Identity Security Landscape — a survey of more than 2,900 security decision-makers. A year earlier the same report series put the ratio at 82 to 1. It jumped by nearly a third in twelve months.

And the composition changed. Of those 109 machine identities per human, 79 are AI agents — roughly seven out of every ten machine identities in the average enterprise. Respondents expect AI agent identities to grow another 85% in the next twelve months, faster than any other identity type.

Methodologies differ — other vendors measure the ratio anywhere from 45:1 on average to 144:1 in cloud-native environments — but every one of them points the same direction. The identities doing work in your environment are overwhelmingly not people. And they're increasingly not even deterministic software.

You hardened the wrong perimeter

Enterprise security spent two decades building controls around human identity: MFA, privileged access management, onboarding and offboarding workflows, behavioral audit. That investment was correct — and it now covers the smallest slice of the identity population. As the Cloud Security Alliance puts it, the governance applied to non-human identities rarely matches the rigor applied to their human counterparts. One published audit of a Fortune 500 financial institution found over 4.2 million non-human identities against roughly 50,000 human accounts.

The same Palo Alto report has two numbers that complete the picture: nine out of ten organizations suffered a successful identity-related breach in the last twelve months, and 96% admit identities in their environment hold more access than their role requires. Now hand those over-provisioned credentials to software that decides for itself what to do next.

Why AI agents break the service-account playbook

Your existing non-human identities — service accounts, CI tokens, machine certificates — are at least predictable. They do the same thing every day, which means anomalies stand out. AI agents are different in kind, not just in count. Microsoft's framing is blunt: agents can switch roles, acquire permissions dynamically, spawn sub-agents, and interact with other agents without human input.

  • They inherit, then wander. An agent starts with the OAuth grants and API keys you gave it, and its behavior — which hosts it calls, what data it touches — is decided at runtime by a model, not by code you reviewed.
  • They multiply silently. An agent that spawns a subprocess or a sub-agent just created activity your identity inventory has no row for.
  • They leak credentials at scale. GitGuardian counted 28.65 million new hardcoded secrets on public GitHub in 2025, with AI-service-related leaks up 81.5% year over year.

Machine identities, including AI agents, now outnumber human identities 109:1.

Palo Alto Networks, 2026 Identity Security Landscape

The question your inventory can't answer

Every identity program starts with the same step: know what exists. For human identities you have HR. For service accounts you have (imperfect) IAM tooling. For AI agents, most organizations have nothing — no registry of which agents run where, with whose credentials, calling which models. You cannot apply least privilege to an identity you don't know exists, and you cannot investigate an incident attributed to "the service account" when eleven agents share it.

This is the same governance vacuum that swallowed cloud a decade ago, except the population grows 85% a year and each member improvises.

Where Vantio fits

Vantio's contribution to this problem is attribution and enforcement at the level where identity actually acts. Every agent run gets a trace identity, and every action — every host contacted, every byte moved, every subprocess spawned — is recorded against it in a tamper-proof ledger. That turns "something used the shared API key" into "this agent, this run, this action."

On Enterprise, the kernel-level engine goes one step further: any process on an enrolled node making outbound calls to an LLM endpoint without a valid trace identity gets flagged automatically. That's an AI agent inventory built from ground truth — including the agents nobody told IT about — rather than from a spreadsheet that was stale the day it was written.

Kernel-level enforcement inside your own cloud, with audit-ready proof.

Talk to sales about Enterprise

Get the next one

Subscribe to The Brief — occasional, signal-only.

No spam. Email only — unsubscribe anytime.

Keep reading