New research finds just two percent of organizations with 500+ employees report having no plans or interest in agentic AI. Indeed a significant portion of respondents are already using or interfacing with AI agents for both internal and external tasks.
But the study, from Enterprise Management Associates (EMA), reveals a critical, organization-wide inability to prepare for the identity and security challenges which these autonomous entities introduce.
Among the findings are that 41 percent of organizations report having security or reliability concerns with their current IAM providers, which is a major red flag given the autonomous nature of AI agents. 56 percent of medium organizations and 45.2 percent of large organizations cite unpredictable costs as the top challenge with their current IAM provider.
A worrying 79 percent of organizations without written policies regarding agentic AI say they have gone ahead and deployed those agents anyway.
“When it comes to agentic AI identity, most organizations are woefully unprepared for inherent security risks and operational challenges of managing those identities,” says Ken Buckler, research director at EMA. “Unfortunately, the industry has charged full speed ahead without fully accounting for those risks, with a significant number of organizations that do not have written agentic identity security policies deploying agentic AI before policies have been adopted. This creates a significant industry blind spot regarding agentic AI.”
The findings underscore the need for a fundamental shift in IAM, where AI agents are treated as first-class digital identities, managed with the same, or even greater, rigor as human users. Without this shift, organizations risk introducing systemic vulnerabilities into their operational fabric.
The full report is available to buy from the EMA site or there’s a free webinar to discuss the results on December 8th at 11am ET.
Image Credit: Leowolfert/Dreamstime.com
