AI Agents Are Quietly Multiplying Inside Your Company Directory
Every new AI helper needs its own login. Most companies have no idea how many they now have, or what those logins can touch.

Key points
- Netwrix warned in November 2025 that AI agents, meaning software programs that act on their own to complete tasks, are creating a flood of new machine logins inside companies.
- These non-human identities, meaning digital accounts used by software instead of people, now often outnumber staff accounts by a wide margin.
- Most organisations cannot say who created each AI agent, what data it can reach, or when it should be switched off.
- Attackers who steal one of these logins can move through systems without triggering the alarms built to catch human intruders.
There is a new kind of employee showing up in company networks, and nobody sent HR the paperwork.
It is the AI agent. A small piece of software that logs in, reads files, sends emails, books meetings, updates records, and generally does the sort of busywork a junior colleague used to do. Handy. Also, from a security angle, a bit of a headache.
The identity management firm Netwrix flagged the problem this month, and it is worth translating out of the jargon. When a person joins a company, they get an account, a password, and a set of permissions. When an AI agent is spun up, it gets the same things. The difference is that the person is on a payroll list. The agent, very often, is not on any list at all.
Why does this matter to anyone outside IT?
Because these invisible accounts hold real keys to real data, including yours.
An AI agent built to help a sales team might have access to the full customer database. One helping the finance team might see invoices, bank details and salaries. If a criminal steals the login for that agent, they walk in wearing its uniform. No suspicious 3 a.m. login from a laptop in another country. Just a machine account doing what machine accounts do, only now on behalf of someone else.
Security people have a name for accounts like this. They call them non-human identities, or NHIs. Think of service accounts, API keys (the digital passes that let one program talk to another), and now AI agents. In many large companies, these already outnumber human staff accounts by 10 to 1, sometimes far more.
How did we get here so fast?
Blame the speed of the AI rollout, and a bit of corporate enthusiasm.
Over the last two years, teams across marketing, HR, engineering and customer support have been encouraged to build their own AI helpers using tools from OpenAI, Anthropic, Microsoft and others. Each helper needs credentials to do its job. Each set of credentials is a door. Nobody wanted to be the person slowing down the AI experiments, so the doors got cut fast and the locks got sorted out later.
Netwrix, in comments picked up by BleepingComputer, argues that most organisations now cannot answer three basic questions: what AI agents exist, who owns them, and what each one is allowed to touch.
That is not a fancy new attack. It is the same problem web administrators had 20 years ago with forgotten admin accounts, only at a much larger scale and moving much faster.
What should a normal person take from this?
If you are a customer or an employee of a company that is rushing to add AI features, it is fair to ask how they are keeping track of those tools. Not the marketing version. The boring version: who signs off on a new AI agent, what data it can see, and how quickly it gets shut off when the project ends.
The attacks that will come from this will not look dramatic. They will look like a helpful assistant, doing helpful things, for the wrong person.
That is the shape of the next few years of enterprise breaches. Quiet. Automated. Wearing a badge that says the company issued it.
Because, technically, the company did.



