Why AI Agents Break the Old Model
Machine identities already outnumber humans roughly 50 to 1, and a fast-growing share of that population isn't a service account with a static role — it's an AI agent that authenticates, assumes a role, and executes across a dozen systems in the time it takes a human to read the ticket that triggered it. Most identity visibility and intelligence platforms were designed around identities that persist: an account gets created, it sits in an inventory, and a scan eventually finds it. An agent session doesn't sit anywhere.
An AI agent session can begin, chain through multiple systems, and complete before a batch-driven identity refresh even registers it happened. The governance record — and the discovery pipeline behind it — will simply never capture it. That's not a coverage gap that gets fixed by scanning more often. It's a structural mismatch between how agents actually operate and how most IVIP discovery was built to look for identities in the first place.
The identities themselves compound the problem. An agent typically runs under a service account's credentials, inherits whatever that account can already reach, and takes actions no human individually authorized. Discovering that the agent exists tells you almost nothing about what it's now capable of doing.