IGA Was Built for Employees. Agents Break the Model.

Identity governance assumes a hire date, a manager, and an exit interview. Autonomous AI agents have none of those — and legacy IGA tools can't see the gap.

ThreatVectr Newsdesk· 3 min read
Full-frame edge-to-edge photoreal editorial image of an abandoned office badge access panel on a glass door, glowing faintly at dusk, with faint digital circuit
Share

Key points

  • Traditional identity governance and administration (IGA) platforms were designed around human employment records, managers, and departure dates — none of which apply to autonomous AI agents.
  • AI agents act as first-class principals inside enterprise environments, holding credentials and permissions with no HR system of record behind them.
  • Existing joiner-mover-leaver workflows have no equivalent trigger for an agent being spun up, repurposed, or retired.
  • Provisioning at machine speed means agent identities can multiply faster than any quarterly access review cycle can catch.
  • Defenders inherit orphaned, over-privileged non-human identities that look, to legacy IGA, like nothing at all.

Identity lifecycle management has a comforting shape. Someone gets hired. HR creates a record. A manager approves access. Eventually the person leaves and, in theory, their accounts die with the offboarding ticket.

AI agents refuse to fit inside that shape.

An analysis published this week by The Hacker News argues that the entire joiner-mover-leaver model — the load-bearing beam of every IGA deployment shipped in the last two decades — was built for principals with an employment record. Agents don't have one. They have a config file, maybe a service account, and an appetite for tokens.

That mismatch is the whole story.

What actually breaks when the principal isn't a person?

Start with provisioning. A human joins, a manager clicks approve, birthright entitlements flow. An agent gets instantiated by a developer, a platform team, or another agent, and inherits whatever credentials the calling context happened to have lying around. There is no manager in the loop. There is often no ticket.

Movement is worse. When a human changes roles, HRIS fires an event, and access recertification kicks in. When an agent gets repurposed — pointed at a new data source, given a new tool, wired into a new workflow — nothing fires. The identity is the same. The blast radius quietly grew.

Then there's the leaver problem. Humans quit. Agents get abandoned. A prototype from a hackathon six months ago still holds a Snowflake key. A retired workflow still has an OAuth grant against Google Workspace. Nobody offboards a script.

This is not a novel category of risk. It is service-account sprawl with a language model attached. Anyone who has cleaned up a decade of legacy svc_ accounts in Active Directory already knows this movie. What's new is the velocity: agents can be spawned programmatically, and increasingly they spawn each other. The provisioning curve stops looking like hiring and starts looking like fork().

Legacy IGA platforms — SailPoint, Saviynt, Okta Identity Governance — are catching up, but their data models still assume a human system of record upstream. Feed them a population of non-human identities with no HRIS to reconcile against, and the certification campaigns get creative in unhelpful ways.

A few things a defender can actually do this quarter:

  • Inventory non-human identities separately from human ones, and require every agent identity to name a human owner and an expiration date.
  • Treat agent credentials as short-lived by default. If a token can outlive the workflow that needed it, that's the bug.
  • Wire agent creation events into the same review pipeline as privileged human access, not into a separate "DevOps" backwater nobody audits.
  • Kill birthright entitlements for agent identities. Every permission should be justified against a specific tool call, not a job family.

None of this requires believing in AGI. It requires believing that a service account with a reasoning loop attached deserves at least as much governance scrutiny as a summer intern.

That bar is lower than the industry is currently clearing.

© 2026 Threat Vectr