Your AI Agent Inventory Is Incomplete. Here's What That Means for Risk.

Some organizations still treat agentic AI as a future problem. Something to plan for. Something on the horizon. That framing is wrong, and the inaction it entails will put you behind.

AI agents are already running in your enterprise. Some were sanctioned by IT and security. Many were not. Employees are building and deploying agents through Microsoft Copilot Studio, Salesforce Agentforce, ServiceNow, and dozens of low-code platforms without formal review, security assessment, or governance oversight. Development teams are deploying custom agents built on LangGraph, CrewAI, and AutoGen directly into cloud environments. And SaaS vendors are quietly embedding agentic capabilities into platforms your organization already uses, sometimes enabled by default.

This is the new shadow IT. And it moves faster than anything that came before.

The Scale of What You're Not Seeing

At Zenity, we see this consistently. Fortune 50 financial services organizations have discovered attack surfaces containing more than 150,000 total resources tied to agents and automations. Fortune 50 pharmaceutical organizations have found over 2,000 instances of agents shared across their entire organizational footprint, with 82% built by people who aren't professional developers.

The most recent wave of shadow IT consisted largely of unsanctioned SaaS applications: productivity tools, collaboration platforms, file-sharing services. These created data governance and compliance challenges, but their behavior was predictable. An employee using a personal file-sharing account would transfer files. The action was bounded and observable.

An autonomous agent operating with broad permissions across your enterprise is categorically different. It can traverse multiple systems, invoke APIs, read sensitive data, execute transactions, and trigger downstream workflows, all within a single session, all without a human in the loop. The blast radius when something goes wrong isn't a transferred file. It's a compromised business process.

"The agent is the new endpoint. And most organizations have no inventory of the endpoints running inside their own walls."

Why the Inventory Problem Is Getting Worse

According to Entro Labs' H1 2025 research, non-human identities now outnumber human identities at a ratio of 144 to one in enterprise environments, up 44% from the prior period. The Cloud Security Alliance's survey of IT and security professionals found that more than 16% of organizations don't track the creation of new AI-related identities, leaving a growing subset of tokens and service accounts outside formal inventory. A separate CSA survey found that approximately 60% of respondents expressed a lack of confidence in their ability to adequately secure NHIs.

AI agent sprawl specifically refers to the rapid, uncontrolled accumulation of credentials when AI agents are granted access to enterprise systems without IT oversight. Every time an employee connects an AI tool to Slack, Google Drive, Salesforce, or an internal system, a new OAuth token or API key is created. That credential carries permissions. And it's almost never added to a centralized identity inventory.

Compounding this: 97% of NHIs have excessive privileges, according to Entro Security research. Sixty-two percent of NHIs in AWS environments showed no activity in the past 90 days but retained access permissions. The agent your developer built for a proof-of-concept six months ago? It's still running. It still has access. And there's likely no record of who owns it.

The Business Risk Frame

The board conversation about agentic AI risk isn't an IT conversation. It's a business risk conversation. When an agent operating with broad CRM permissions is compromised through prompt injection and begins exfiltrating customer records in small increments that avoid triggering traditional data loss prevention alerts, that's not a technology incident. It's a business event with regulatory, legal, financial, and reputational dimensions.

CISOs who frame agent risk in technical terms will struggle to get the resources and board-level attention this problem requires. CISOs who frame it in business terms of exposure, liability, operational disruption, and regulatory consequence, will have a more productive conversation.

Those consequences are increasingly quantifiable. IBM's 2025 Cost of a Data Breach Report found that organizations using AI extensively in security operations faced breach costs averaging $4.88 million per incident. As agents gain access to more sensitive systems, that figure is only expected to climb.

Where to Start: Visibility First

You can't govern what you can't see. The first practical output of any serious agentic AI security program is a comprehensive, living breathing inventory of every agent in the enterprise environment, including shadow deployments discovered through continuous scanning.

An NHI discovery and inventory exercise typically produces three categories of findings: known agents operating within approved parameters; known agents whose permissions or configurations deviate from policy; and unknown agents deployed without any form of security review. Each requires a different response. But all three require that the agent be discovered and incorporated into an existing inventory before any response is possible.

Several quick wins are available immediately. A comprehensive inventory exercise often reveals over-permissioned service accounts and shared credentials that can be remediated without new tooling. Establishing agent ownership policies by assigning a named business owner to every agent in the inventory, creates accountability without capital outlay. Fortune 200 consulting organizations working with Zenity have achieved a 90% reduction in security violations in comparable timeframes, with 95% of high-risk violations automatically remediated.

The starting point for the board conversation and the starting point for the security program are the same: see what you have.

Download "Beyond Identity: The CISO's Guide to Securing Agentic AI" for the complete 12-month roadmap to agentic AI security, from inventory through full lifecycle governance.