Estimated reading time: 4 minutes
Artificial Intelligence (AI) adoption is surging; check that, it has surged and continues to do so. Whether this results in a gold rush or leaves hands full of fool’s gold remains to be seen. Regardless of that, the rush is on, and cybersecurity readiness lags. Delinea’s new report, “AI in Identity Security Demands a New Playbook,” is the result of a survey of 1,758 IT decision-makers. It finds that only 44% say their architecture can currently support secure AI. 94% of organizations deploy or pilot AI in IT operations. Confidence remains high: 93% believe machine identity defenses keep pace with AI manipulation. Yet only 61% report full visibility of machine identities. Just 48% govern AI entities. The mismatch elevates risk as agentic systems expand.
“Agentic AI demands agentic security,” said Art Gilliland, CEO of Delinea. “Organizations must rethink how they approach identity, building adaptive, risk-aware systems that verify and secure every action, whether it’s human- or machine-driven.”
Shadow AI
Usage patterns heighten urgency. Sixty-six percent use agentic AI, and 40% apply it to security operations. Shadow AI, the unapproved use of AI, now appears monthly for 56% of firms. In many cases, multiple times. Policy and control coverage remain thin. Only 57% publish acceptable use rules for AI tools. Just 55% enforce access controls for AI agents.
“Every organization must build out a comprehensive AI governance model to ensure that it’s being used securely and as intended,” said Gilliland.
A Quick Analogy
Shadow AI is like employees bringing personal power tools to a construction site. Work speeds up, but the foreman loses track of safety checks, voltage, and where the cords go. You don’t ban tools; you issue approved ones, set the rules, and keep the breaker box under lock.
Leaders also cite pressing threats. Phishing and deepfakes lead the concerns, followed by credential theft, unchecked agent access, and poor workflow visibility. Delinea urges “agentic security” with granular, dynamic authorization and continuous monitoring.
Key takeaway:
Capability Lags Confidence
Only 44% of organizations report that their security architecture fully supports secure AI. The gap signals urgent work ahead.
AI Adoption is Widespread
Ninety-four percent of companies use or pilot AI in IT operations. Adoption spans generative and agentic approaches. Large firms lead usage.
Agentic AI Raises the Stakes
Agentic AI acts autonomously to meet goals. It can triage tickets and change environments. The autonomy boosts both efficiency and risk.
The Governance Gap
Only 57% have an acceptable use policy for AI tools. Access controls for AI agents appear in 55% of environments. Oversight remains inconsistent.
Machine Identity Visibility is Incomplete
Just 61% have full visibility into machine identities. Only 48% have identity governance for AI entities. Hidden agents invite misuse.
Shadow AI is Routine
Shadow AI appears at least monthly for 56% of organizations. A third see multiple incidents per month. Unapproved tools evade standard controls.
Get The Cyber Insurance News Upload Delivered
Every Sunday
Subscribe to our newsletter!
Top Identity Security Concerns with AI
Leaders cite AI-generated phishing and deepfakes as the top concern. Credential theft and unchecked agent access also rank high.
“Agentic security” Emerges as a Mandate
Delinea urges more granular, dynamic access controls for AI agents. Teams should verify and secure every action.
Five Near-Term Moves
- Inventory all AI agents across environments.
- Define roles and guardrails for each AI identity.
- Enforce least privilege with just-in-time access.
- Authenticate by intent, not identity alone.
- Monitor continuously and tighten controls.
How Organizations Use AI for Defense
Ninety-one percent use, pilot, or plan AI in security operations. Forty percent already use agentic AI to enhance security, with governance and access audit leading use cases.
Noted Issues and Problems
Less than half are fully equipped for secure AI. Many lack clear, acceptable use policies. Access control coverage remains uneven. Visibility into AI identities is incomplete. Shadow AI appears frequently and creates blind spots. These factors raise compromise risk.
Why it Matters Now
Artificial Intelligence accelerates IT operations. It also expands the attack surface. Identity remains the scalable control point. Strong AI governance reduces risk.
Methodology
Delinea surveyed 1,758 IT decision-makers across six countries. Respondents span industries and company sizes. The study assessed usage, risks, and governance.
Related Posts
