SecurityBrief US - Technology news for CISOs & cybersecurity decision-makers
United States

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Cinematic it control room overwhelmed analyst ai shadow identity risk
#
Digital Transformation
#
PAM
#
Cloud Security

AI agents to outnumber humans, warns Token Security

Wed, 31st Dec 2025
Author image
By Shannon Williams, News Editor

AI security start-up Token Security has warned that artificial intelligence agents will become the most privileged and riskiest identities inside large organisations in 2026, as companies move automated systems from test environments into core production workflows.

The company's leadership expects AI agents to outnumber human users in many enterprises and to hold far broader permissions. It argues that identity and access management, along with compliance frameworks, will need significant redesign as a result.

Token Security bases its outlook on how businesses are wiring agents into finance, HR, software development and customer operations. The company says those agents will initiate transactions, trigger workflows and query sensitive data at machine speed.

"2026 marks a tipping point when AI agents will significantly outnumber humans in the enterprise and hold exponentially more permissions," said Itamar Apelblat, CEO & Co-Founder, Token Security.

Production shift

Apelblat expects a rapid shift from experimental deployments to production use. Many agents now run in controlled, non-production environments. Token Security predicts that organisations will soon connect them directly to live systems.

The company says this will force enterprises to manage agent permissions and lifecycle controls more actively. It also expects new processes for assigning accountability when an autonomous system carries out an action on behalf of a team or individual.

Apelblat believes established compliance structures will not cope with this change in the workforce. Traditional frameworks assume that humans sit at the centre of most workflows.

"Traditional compliance models were designed for human-centric workflows, and they are already breaking. Over the next year, frameworks will evolve to recognize AI agents as workforce identities with their own permissions, accountability requirements, and control expectations. Organisations that fail to adapt will fall out of step with regulators and customers," said Apelblat.

He forecasts that the most damaging identity incidents will soon stem from automated systems rather than employees. Token Security expects agents to become the most privileged identity type in many organisations, because they will connect across multiple systems and functions.

Multiple agents per employee

The company also expects every employee in large organisations to rely on several agents. Those agents will access business applications, execute tasks and make routine decisions linked to an individual's role.

Apelblat argues that this will move identity risk away from the human account. He says it will sit instead with the network of agents that act for each person. He warns that a single over-privileged agent could cause far greater damage than an individual employee account with the same role.

Token Security believes this will expose weaknesses in current identity and access management technology. It says many IAM stacks were built for relatively static human users rather than ephemeral non-human identities such as agents, scripts and micro-services.

"IAM stacks built for people cannot keep up with ephemeral agents, short-lived tokens, and dynamic workflows. As local MCP servers proliferate, exposed secrets will increase unless identity systems are redesigned with NHI as the default, not an afterthought," said Apelblat.

Legacy credentials risk

Ido Shlomo, CTO & Co-Founder of Token Security, expects long-standing weaknesses in credential management to resurface as organisations roll out agentic AI. He says many enterprises still rely on static API keys and other long-lived credentials.

"Despite innovation in agentic AI, enterprises will enter 2026 still relying on static API keys and long-term credentials. These legacy mechanisms will quietly weaken agent identity integrity, creating fragile trust chains that attackers can easily exploit," said Shlomo.

Shlomo also predicts a reversal of some progress made in reducing secrets stored on endpoints. Many companies have moved staff onto single sign-on and centralised identity systems. He believes poor management of local Model Context Protocol servers will now cause a resurgence of cleartext service credentials on employee devices.

"After years of eliminating employee-side secrets through SSO, poor MCP hygiene will cause a resurgence of cleartext service account credentials stored locally. As agents accumulate tools and permissions, they will reintroduce one of security's oldest, and most dangerous, problems," said Shlomo.

New incident patterns

Token Security expects more incidents caused by mismatches between what an employee should be able to see and what their agent can access. As staff use agents to interact with internal data, the company says gaps will appear between human authorisations and AI-driven access.

"As employees rely on agents to access internal data, gaps will emerge between what a human is authorized to see and what their agent can access. These mismatches will fuel a new class of insider incidents driven by over-privileged agents oversharing, overreaching, or misinterpreting boundaries," said Shlomo.

He also warns that AI coding agents will embed security flaws into infrastructure and application templates. As developers offload routine implementation work to automated systems, Token Security expects agent-generated misconfigurations to spread through infrastructure-as-code and DevOps pipelines.

"Coding agents will accelerate development, but also generate identity misconfigurations at scale. Hard-coded credentials, mis-scoped tokens, over-privileged service accounts, and flawed entitlement mappings will propagate through IaC and DevOps pipelines, creating systemic identity debt," said Shlomo.

Headline breaches

The company anticipates that breaches rooted in AI agent identity failure will replace human-centric incidents as the dominant pattern in major attacks. It says agents are becoming operational backbones in many workflows, which makes their tokens and delegated authority attractive targets.

"The industry is shifting from breaches caused by human identity failures to breaches rooted in AI agent identity compromise. As agents become operational backbones, attacks targeting their tokens, personas, and delegated authority will define the next wave of high-impact incidents," said Shlomo.

Apelblat views this as a structural shift in how organisations run. He argues that identity now functions as a control layer that governs what agents can access, what they can do, and how organisations enforce accountability when something goes wrong.

"Taken together, these predictions point to a fundamental shift: identity is no longer just a security layer, it is becoming the enterprise control plane. As AI agents take on operational roles, identity is what governs what they can access, what actions they can take, and how accountability is enforced," said Apelblat.

Related stories
AI surge exposes cloud security gaps, report warns
WitFoo shifts global cyber defence base to New Zealand
Retail & wholesale hit by exposed shared credentials
Misconfigured cloud training labs open paths to attacks
CrowdStrike secures ISO 42001 AI governance standard

Top stories

GitHub unveils Copilot SDK to power AI agent workflows
Preparing campus and branch networks for AI demand
Experts warn AI era demands tougher data protection
AppOmni study pegs average SaaS breach at USD $1.365m
Data Privacy Day spotlight on control, resilience, design