McKinsey has 25,000 AI employees. And most of them don't have badges.
To be precise, they're borrowing human employee IDs or running on unmanaged API keys as they move through corporate systems. 91% of enterprises are already running AI agents — but only 10% have systematic identity management in place.
91% of Agents Are Running on Borrowed Credentials
There are roughly three ways enterprises deploy AI agents right now.
| Current Practice (Problem) | The Right Way | |
|---|---|---|
| Auth | Shared human accounts or static API keys | Agent-native managed identity |
| Permissions | Inherited broad access from humans | Least privilege + real-time approval |
| Audit | Untraceable — no idea who did what | Full behavior audit log |
| Revocation | Credentials linger after agent shutdown | Auto-revoke on lifecycle end |
A 2026 Strata.io survey of enterprise security teams found that 44% use static API keys and 43% use username/password combos to authenticate their agents. Credentials stay alive in the system even after the agent is gone — no way to track them, no revocation process.
Gravitee's 2026 State of AI Agent Security report goes further: 48% of production AI agents run with zero security controls, and 85% of organizations have no named person formally responsible for agent behavior.
Okta and Entra Weren't Designed for This
Okta, Microsoft Entra — the twin pillars of enterprise IAM. They've securely handled hundreds of millions of human logins for 20 years.
The problem is these platforms were built on the assumption that a human logs into a web app. AI agents don't work that way. They don't log in once and stop. They run autonomously around the clock, make decisions by the second, and can operate as thousands of simultaneous instances. They never "end sessions."
NewCore CEO Zohar Alon put it bluntly.
"The scale and the complexity that those things are going to add to 15- or 20-year-old identity platforms are going to break them. It's inevitable."
— Zohar Alon, NewCore CEO
Okta launched its XAA (Cross App Access) protocol in March 2026 to enter the agent identity market, and Microsoft Entra Agent ID is moving in the same direction. The fact that incumbent platforms are scrambling is itself a signal that this market is real.
What security teams should audit right now
Coding agents (Claude Code, Cursor, Codex) have direct access to code repos, CI/CD pipelines, and cloud infrastructure. Whose credentials are they running on? What is their permission scope? Find out today.
How Agent Identity Infrastructure Actually Works
NewCore treats agents like employees — but with agent-specific rules.[[cite:5],[cite:6]] Three core technologies:
Secure Split Key (split-key architecture): Credentials are split between the customer and the platform. If one half is stolen, it is useless alone. This structurally blocks Golden SAML attacks and token replay attacks.
Agent lifecycle management: When an agent onboards, it gets a unique managed identity, scoped permissions, and a full audit trail. When the agent offboards, credentials are immediately revoked — just like a human employee exit process.
VisualMFA + out-of-band verification: Sensitive operations require real-time human approval. When an agent tries to modify a production database, the responsible person gets a confirmation request on their phone. Dedicated integration packages for Claude Code, Codex, and Cursor are already live.
Your 5-Step Agent Identity Audit
- Build an inventory
List every AI agent running in your org — including shadow AI that employees run on their own. The enterprise average is 76–100 agents. If you think you have none, you almost certainly do. - Audit credential types
Find out how each agent authenticates. Static API keys, shared human accounts, service accounts — all are short-term patches. Any agent sharing a human account needs immediate isolation. - Check permission scope
Does each agent only hold the permissions it actually needs? If a coding agent can access your customer database, that is over-privileged. Apply the Principle of Least Privilege to agents too. - Secure your audit logs
Can you answer "what did this agent do last week?" If not, you will fail a compliance audit instantly. Finance and healthcare orgs need agent audit trails at the same level as human employees. - Design a revocation process
When an agent project ends, do credentials auto-expire? If not, build a manual checklist at minimum. Zombie agents with live API keys are the most dangerous attack vector right now.
What you can do right now without a dedicated solution
Even before adopting a dedicated IAM solution, separating agent service accounts from human accounts dramatically improves traceability. If you are on Okta or Entra, start by grouping agent-only service accounts separately and locking down their permission scope.
Dive Deeper
NewCore Official Announcement Founder backgrounds, Secure Split Key technical details, and launch roadmap newcore.com
State of AI Agent Security 2026 Gravitee survey — 6 failure patterns and incident rates by sector gravitee.io
The AI Agent Identity Crisis Strata.io research — data on 44% of enterprises using static API keys for agents strata.io
AI Agents at Work 2026 Okta global survey — 292 executives + 492 knowledge workers on agent security okta.com
Rogue Agents and Shadow AI Why VCs are betting big on AI security and the agent identity market structure techcrunch.com
