INTEL-14: Shadow Agents
Posted on April 8, 2026 • 3 min read • 540 wordsThe INTEL
Only 15% of organizations report confidence in their non-human identity governance. 57% are already deploying AI agents with production credentials.
Anthropic’s 2026 State of AI Agents survey of 500+ technical leaders reveals that AI agents have crossed from experimental tools to production infrastructure — 80% of organizations report measurable financial returns, 86% use coding agents across the full development lifecycle, and 42% trust agents to lead development with limited human review.
But those agents need credentials. They access code repositories, deployment pipelines, customer databases, and internal APIs. They operate autonomously for hours or days. And 47% of organizations use a hybrid model — mixing off-the-shelf vendor agents with custom-built components — fragmenting visibility across agent identities so no single team controls what agents can access.
The problem compounds outside engineering. Anthropic’s research documents agents extending into legal, marketing, operations, and data science teams — each creating new agent workflows with their own integration points, credential stores, and data access patterns. These are shadow agent identities — machine accounts with production access that security teams may not even know exist.
Traditional security tools make this worse. They were designed to monitor human behavior — login times, access patterns, session durations. AI agents generate high-volume API traffic with dynamic, autonomous behavior patterns that don’t fit human baselines. Most security monitoring cannot reliably distinguish normal agent behavior from a compromised agent operating under adversary control.
Why It Matters
Every previous technology wave created identity governance debt — cloud accounts that nobody inventoried, SaaS tokens that nobody rotated, service accounts that nobody owned. AI agents are following the same pattern at compressed speed. The State of AI survey shows adoption moving from experimentation to cross-functional production deployment in months, not years.
The 850% surge in identity attacks documented in our E86 analysis is about to meet an entirely new category of machine identity. Organizations that don’t know how many agents have credentials to their production systems can’t protect credentials they don’t know exist.
What To Do
Treat AI agent identity as a priority risk requiring the same governance applied to privileged human users. Establish an AI agent identity registry — every agent, vendor or custom, classified by autonomy level, credential scope, and data access. Assign clear ownership for each agent identity. Move beyond static API keys to dynamic, context-aware authentication with scoped permissions that adjust based on agent task and data sensitivity. The ROI driving agent adoption is real — 80% of organizations confirm it. The risk is that ungoverned machine identities become the next generation of the credential compromise problem that is already overwhelming defenders.
MITRE ATT&CK
- T1078 — Valid Accounts: AI agents with persistent production credentials create a new category of valid account — through agent compromise, credential theft from agent keystores, or hijacking agent-to-agent authentication chains
- T1199 — Trusted Relationship: Third-party vendor agents operating inside security perimeters exploit trusted relationships with autonomous operational capability
Learn More
- Anthropic 2026 Agentic Coding Trends Report — Primary source
- Anthropic 2026 State of AI Agents Report — Primary source (available from Anthropic)
- FIR Risk Tuesday E87 — The Agents Have Keys — Full dual-report analysis
Powered by FIR Risk Platform — AI-driven threat intelligence for enterprise risk leaders.