AI Agents and Enterprise IAM: A Trust Gap That Must Be Resolved

As hospitals deploy AI agents to handle medical records and factories rely on computer vision for quality control, a hidden crisis is emerging: enterprise identity and access management (IAM) systems were never built to handle non-human identities at scale. While AI pilots abound, production rollouts remain rare. The culprit isn't model capability or computing power—it's identity governance. Here’s what you need to know about the trust gap holding back agentic AI.

What is the core identity governance problem with AI agents?

AI agents create non-human identities—machine personas that interact with enterprise systems just like human users, but far faster and in greater numbers. Traditional IAM tools were designed for people: they track logins, passwords, and role-based access. They struggle to inventory, scope, or revoke permissions for thousands of autonomous agents. For instance, a medical transcription agent that updates patient records or a computer vision agent performing factory inspections each require their own identity context. When an agent acts outside its intended scope, there’s no built-in mechanism to quickly detect or halt it. This leaves organizations blind to which machine identities have production access, how far their reach extends, and who is accountable when something goes wrong.

Why do most agentic AI pilots fail to reach production?

Cisco President Jeetu Patel revealed at RSAC 2026 that 85% of enterprises run agent pilots, yet only 5% have made it to production. That 80-point gap is not due to model limitations or lack of compute power; it’s a trust problem. CISOs ask two critical questions: Which agents have access to sensitive systems? And who is accountable when an agent oversteps its bounds? Without answers, organizations halt deployment. IANS Research adds that most companies lack mature role-based access control even for human identities, and agents magnify that weakness. The trust required to let autonomous entities touch production data is missing, so pilots stay stuck in sandboxed environments.

What architectural trust gap did Cisco’s Michael Dickman identify?

Michael Dickman, SVP and GM of Cisco’s Campus Networking business, explained an often-overlooked architectural issue: the network sees what other telemetry sources miss—actual system-to-system communications rather than inferred activity. “It’s that difference of knowing versus guessing,” he said in an exclusive interview with VentureBeat. Traditional security relies on assumptions about which systems should talk to each other, but the network shows real-time data flows. Without that behavioral foundation, organizations cannot enforce agent policies at what Dickman calls “machine speed.” The result is a gap between observed activity and permitted actions, making it impossible to trust that agents are behaving correctly.

Why must trust be built into agentic AI from the start, not added later?

Dickman argues that agentic AI breaks the historical pattern of “deploy for productivity, bolt on security later.” In prior technology transitions, that approach worked without immediate catastrophe. But when agents can autonomously update patient records, adjust network configurations, or process financial transactions, the blast radius of a compromised identity expands dramatically. “Trust actually is one of the key requirements—just table stakes from the beginning,” he told VentureBeat. Observing data and recommending decisions carries limited risk; execution changes everything. If a business first rushes to deploy agents for productivity gains, then tries to secure them after incidents occur, it may already be too late to prevent significant damage.

What risks arise when agents act autonomously on sensitive systems?

When an agent has the authority to take actions—such as modifying a patient’s prescription, rerouting network traffic, or initiating a bank transfer—the consequences of a compromised identity escalate exponentially. A single rogue agent could cause cascading errors across multiple systems before any human notices. The IBM X-Force Threat Intelligence Index for 2026 reported a 44% increase in attacks exploiting public-facing applications, driven by missing authentication controls and AI-enabled vulnerability discovery. Attackers can weaponize agent identities to bypass traditional defenses. Without proper governance, organizations face compliance violations, data breaches, and operational downtime that erodes stakeholder confidence.

How can network telemetry help enforce agent policies effectively?

Network telemetry provides raw behavioral data that other monitoring tools miss. Instead of inferring which systems should communicate, the network records actual conversations. Dickman emphasizes that this difference between “knowing versus guessing” enables cross-domain correlation. For example, if an agent claims it needs to access a patient database but the network shows it communicating with an external cloud service, that anomaly becomes visible instantly. This real-time visibility is essential for enforcing agent policy at machine speed. Organizations can combine network data with identity governance systems to detect scope violations, revoke access automatically, and maintain accountability. Without it, blind spots persist and trust remains elusive.

What must enterprises do to prepare IAM for AI agents?

Enterprises should start by inventorying all non-human identities—including those created by AI agents—and mapping them to specific roles, permissions, and data flows. They need to invest in modern IAM tools capable of handling machine identities at scale, such as privileged access management for APIs and automated lifecycle management. The network must be treated as a telemetry source for agent behavior, not just connectivity. Most importantly, organizations should embed trust requirements into agent design from day one, not as an afterthought. As Dickman notes, trust is table stakes. By aligning IAM processes with real-time network observability, companies can close the gap between pilot and production and safely harness the potential of autonomous agents.