Ping Identity, a leader in securing digital identities for the world's largest enterprises, today announced new research from KuppingerCole Analysts, commissioned by Ping Identity. AI agents are being deployed into production faster than enterprises can govern them, exposing gaps in identity systems designed for human users.The report, From AI Agents to Trusted Digital Workers, highlights the challenges when governing AI agents and identifies a critical failure mode emerging in enterprise identity systems as these agents operate at runtime, beyond the limits of traditional access controls.As organizations move AI agents into production environments, the focus is shifting from managing identity to controlling how identities act across systems, data, and workflows. Identity systems originally designed for human interaction are now being pushed to operate continuously, increasing pressure on existing models and exposing gaps in governance, visibility, and accountability at the moment decisions are executed.“Enterprises are deploying autonomous AI faster than they can govern it,” said Andre Durand, CEO & Founder, Ping Identity. “Identity remains foundational, but in an agentic environment it must operate continuously. Control must be enforced at the moment an action occurs.”Where Traditional Identity Models Break Down for AI AgentsThe research describes a failure mode in which AI agents combine individually legitimate permissions in unintended ways, resulting in actions that bypass established controls and cannot be fully traced or governed. This failure mode represents a new class of identity risk in environments where AI agents operate autonomously across enterprise systems.As the industry is quickly learning, access grants permission. It does not enforce control.With AI adoption accelerating, organizations face new challenges:Delegation opacity and sub-agent spawning, where agent chains become untraceable and break auditabilityImplicit human assumptions in IAM, as OAuth and OIDC models rely on human decision-makers that agents bypassContext leakage across systems without continuous re-evaluation of authorizationNew questions around permission inheritance, liability, and enforcement in agent-to-agent interactionsThe Risk is Already MaterializingIndependent research from KuppingerCole Analysts reinforce the urgency of governing AI-driven identity interactions, noting that AI agents already interact across enterprise identity systems while many IAM approaches remain focused on users and controlled environments.The research also highlights measurable risk, citing findings from IBM’s 2025 Cost of a Data Breach report that show:13% of organizations have experienced AI-related security breaches97% of organizations lack adequate access controls for AI systemsRecent incidents, including enterprise data leaks and prompt injection attacks, demonstrate how gaps in AI governance are already being exploited in real-world environments.Despite these risks, most identity and access management approaches remain centered on human users and static access decisions, leaving organizations unprepared to govern autonomous systems.A Framework for Governing Autonomous AITo address these challenges, KuppingerCole Analysts outline an independent blueprint for controlling autonomous AI. This approach is grounded in identity, policy-based authorization, governance and oversight, along with accountability, extending identity and zero trust principles to support continuous, runtime authorization and governance.“These trends reflect a broader shift in identity requirements,” said Martin Kuppinger, Founder, KuppingerCole Analysts. “As autonomous agents become more prevalent, organizations will need to extend identity and authorization models to maintain control, accountability, and trust across increasingly dynamic environments.”Ping Identity’s Identity for AI features are designed to align with these principles, offering capabilities for Runtime Identity, policy-based authorization, and governance controls intended to help organizations manage AI agents across enterprise environments.KuppingerCole Analysts have also recognized Ping Identity’s capabilities in managing AI agents, including the ability to assign unique identities, enforce policy-based access controls, and maintain human accountability in AI-driven processes.As organizations move from experimentation to operational AI, success will depend on identity enabling safe, governed, and scalable AI execution. Ping Identity, recently recognized as an Overall Leader across multiple KuppingerCole Analysts Leadership Compass reports, including Customer IAM and B2B identity, is applying that leadership to define how enterprises securely govern autonomous AI.NoYesArtificial Intelligence28 Apr, 2026