AI Agents Are Making Security Playbooks Obsolete. Identity Is the Fix.
Security teams built their rules for humans clicking buttons. AI agents click a thousand buttons a second, and the old playbook cannot keep up.

Key points
- AI agents now act inside company systems at machine speed, creating identities and permissions faster than security teams can track them.
- Token Security argues that traditional security workflows, designed for human-paced changes, cannot handle the volume or unpredictability of agent activity.
- The proposed fix is a live identity foundation: a real-time map of every human, machine, and AI identity operating in a company's cloud.
- Security teams need custom workflows built on that foundation, not one-size-fits-all rules, because every environment runs agents differently.
- The shift matters because agent sprawl, meaning uncontrolled growth of AI accounts and their access, is already outpacing manual review at most large companies.
Security teams have a new problem, and it does not look like a hacker in a hoodie.
It looks like a helpful AI assistant, quietly spinning up accounts, requesting access to files, and calling other software tools on behalf of employees. Thousands of times an hour. Without asking.
AI agents, meaning software programs that use large language models to take actions on their own, are now embedded across corporate systems. They read email, they query databases, they trigger payments. And they do all of it under identities that most security teams have no clean way to see, let alone govern.
Token Security, an identity security vendor, laid out the problem in a piece first covered by BleepingComputer. The old playbook, they argue, is broken.
Why can't existing security tools handle AI agents?
Because those tools assume a human is on the other end.
Traditional identity and access management, the systems that decide who can log in and open what, were designed around people. A person joins the company, gets an account, is added to a few groups, and eventually leaves. That whole lifecycle happens at human speed: days, weeks, months.
An AI agent moves at machine speed. It can create sub-agents, request new permissions, and connect to external services in seconds. It can do this hundreds of times before a security analyst has finished their coffee.
The usual controls, quarterly access reviews and manual approvals, are simply too slow. By the time anyone reviews an agent's access, the agent has already done the work, moved on, or been replaced by a newer version.
What does a "live identity foundation" actually mean?
It means a security system that watches every identity in real time.
Not just employees. Also service accounts (the technical logins software uses to talk to other software), API keys (secret codes that let one program call another), and now AI agents and the sub-agents they spawn.
Token Security's argument is that you cannot govern what you cannot see. A live foundation continuously discovers every identity, tracks what it has access to, and flags when something drifts, for example, when an agent quietly gains admin rights it never had yesterday.
On top of that foundation, security teams need to build their own workflows. One company might auto-revoke any agent that goes idle for 48 hours. Another might require human sign-off before an agent can touch financial data. The point is that rigid, vendor-defined rules do not fit every environment.
What should companies do right now?
The practical starting point is unglamorous: inventory.
Most security teams cannot answer basic questions today. How many AI agents are running in our cloud? Who deployed them? What can they read, write, or delete? Which ones are still active from a pilot project that ended six months ago?
Until those questions have answers, no policy will hold. The companies getting ahead of this are treating AI agents the same way they treat employees: onboarded, monitored, and offboarded on a schedule.
The hackers have noticed too. Stolen agent credentials are already showing up on criminal forums, and an agent with broad access is a far juicier target than one employee's laptop.
The playbook is being rewritten in real time. Companies that wait for a clean industry standard will be writing incident reports instead.



