Machine identities powering AI agents are a major security and compliance blind spot—nation-states and rogue agents have already weaponized ungoverned credentials, making identity governance as critical as model safety for enterprise AI deployment.
This paper identifies a critical governance gap: AI systems use machine identities (API tokens, service accounts, automated agents) that vastly outnumber human identities but lack integrated oversight frameworks.