The Coworkers Nobody Hired: How Ungoverned AI Agent Identities Became B2B's Newest Deal Blocker
Somewhere in your company right now, a worker is logged in. It has a username and a set of credentials. It can read customer records, pull financial data, touch the CRM, and take actions inside systems that took your security team years to lock down. Nobody interviewed it. Nobody ran a background check. It does not appear on an org chart, it never asked for access, and if it did something catastrophic at 3 a.m. on a Sunday, there is a real chance no human would notice until Monday.
That worker is an AI agent, and it is not alone. It is one of dozens, soon to be hundreds, that your teams have quietly spun up to draft emails, summarize deals, reconcile data, answer support tickets, and qualify inbound leads. Each one is a non-human identity: a login without a person behind it, carrying real access to real systems. For most of the last decade these machine identities were boring plumbing, service accounts and API keys that did narrow, predictable jobs. Agentic AI changed that overnight. The new generation of non-human workers does not follow a script. It reasons and acts on its own, and it does so with the keys to the building already in hand.
This is quietly becoming one of the most consequential go-to-market problems of 2026, and not for the reason most people assume. Yes, it is a security exposure. But it is also a revenue problem, because the moment you embed AI agents into the product you sell, your buyers' security teams start asking a question you almost certainly cannot answer yet: how do you govern this thing?
For revenue leaders, RevOps, sales enablement teams, and founders selling AI-powered software into the enterprise, this is the year that agent governance stops being a back-office IT concern and starts showing up as a line in your win-loss analysis. This article is about both sides of that coin: the ungoverned agents already operating inside your own revenue engine, and the agent-governance question that is beginning to stall deals in procurement. It is not a security-review-process story and it is not a shadow-AI story. It is about the identities of the autonomous software you have already deployed, and the trust discipline that now separates the vendors who close from the ones who wait.
The math almost nobody on the revenue side is watching
Start with the raw ratio, because it reframes everything. In its 2025 Identity Security Landscape study, conducted by Vanson Bourne across 2,600 security decision-makers at organizations of 500 employees and up, CyberArk found that machine identities now outnumber human identities by more than 80 to 1. Read that again. For every employee with a badge, your organization is running north of eighty non-human logins, and CyberArk's researchers were explicit about the accelerant: AI is expected to drive the creation of the single largest wave of new identities with privileged and sensitive access.
The identities are multiplying faster than anyone is governing them. In the same study, 68% of security leaders admitted their organizations lack identity security controls for AI. Nearly half of machine identities already carry sensitive or privileged access, and a large majority of leaders expect the machine population to keep swelling, in some cases by as much as 150% inside a year.
Then there is the adoption curve driving it. Gartner projects that 40% of enterprise applications will ship with task-specific AI agents by 2026, up from less than 5% in 2025. That is not a gentle ramp. It is a step change in the number of autonomous, credentialed actors inside the average company, and it is happening while the governance layer is still, generously, a work in progress. In an April 2026 survey, the Cloud Security Alliance reported that 82% of enterprises already have unknown AI agents operating in their environments, agents that were stood up by a team, wired into a data source, and then forgotten. You cannot govern what you cannot see, and most companies cannot see most of their agents.
For go-to-market leaders, the temptation is to file all of this under "not my department." That instinct is exactly the mistake. The heaviest concentration of new agents is landing precisely where the sensitive data lives: sales, marketing, and customer success stacks stuffed with pipeline forecasts, contract terms, customer PII, and usage telemetry. Your revenue engine is one of the fastest-growing agent populations in the company, and almost nobody in the room owns its governance.
Why an AI agent is not just a fancier service account
It is tempting to treat an AI agent as one more machine identity to add to the pile. The security teams closest to the problem disagree, and the data explains why.
In research published in 2025 by SailPoint, conducted through the independent firm Dimensional Research among 353 technology professionals, 96% said they now view AI agents as a growing security risk, even as 98% said their organizations plan to expand agent use over the next year. The tension in those two numbers is the whole story. Companies are pressing the accelerator and the brake at the same time, and the reason is what agents can touch. SailPoint's respondents reported that agents already reach customer information, financial data, intellectual property, legal documents, and supply chain transactions. The top-cited risk factors were the agent's ability to access privileged data, named by 60% of respondents, and its potential to take unintended actions, named by 58%.
A traditional service account does one narrow thing a thousand times. An AI agent can be handed a goal and left to figure out the steps, which means its effective permissions are not the ones you granted on paper but the full set of things it can reach while improvising toward an objective. That is a categorically different risk surface, and organizations know it: in the SailPoint data, 82% of companies were already using AI agents, but only 44% had any policy in place to secure them. The gap between deployment and governance is not a rounding error. It is roughly half.
The visibility problem compounds it. A Cloud Security Alliance and Oasis Security survey of 383 IT and security professionals, fielded in August and September 2025, found that 68% of organizations cannot clearly distinguish between human and AI agent activity in their own logs. Two-thirds of companies literally cannot tell whether an action was taken by a person or by a bot acting in that person's name. When something goes wrong, that ambiguity is the difference between a five-minute containment and a five-week forensic investigation.
The governance vacuum inside your own revenue team
Before this becomes a deal problem, it is an exposure problem, and it is already sitting inside your funnel.
Consider what a modern revenue team has deployed in the last eighteen months, often without a formal procurement cycle: agents that draft and send outbound email, agents that summarize calls and update the CRM, agents that reconcile billing data, agents that qualify inbound leads and book meetings, agents that assemble account plans from a dozen internal sources. Each one needed access to do its job, and access, once granted, tends to stay granted. The Cloud Security Alliance and Oasis survey found that only 21% of organizations have a formal process for decommissioning AI agents, and only one in five have formal offboarding for something as basic as an API key. Agents accumulate. They rarely get revoked.
The people responsible for stopping attacks are candid about how exposed this leaves them. In that same survey, 79% of IT professionals said they feel ill-equipped to prevent attacks that come through non-human identities. These are not laggards. These are the security teams that expect, per the same research, that AI agents will be vital to their operations within the year. They see the wave coming and they are telling anyone who will listen that the controls are not ready.
None of this is theoretical for a go-to-market org. An over-permissioned outbound agent that hallucinates its way into pulling and emailing the wrong customer's contract is not a security abstraction, it is a breach notification, a churned account, and a very uncomfortable board update. The uncomfortable truth is that the revenue team's own agent sprawl is now part of the company's attack surface, and "the marketing team spun it up" is not a defense anyone wants to give a regulator. This is distinct from the shadow-AI conversation about employees pasting data into unsanctioned chatbots. The agents here are sanctioned. They were deployed on purpose. The failure is that nobody assigned them an identity, a permission boundary, or an expiration date.
The question that is starting to kill deals
Here is where it stops being an internal hygiene issue and starts showing up in the forecast.
For years, the security review has been the quiet graveyard of enterprise software deals, the stage where momentum from a great demo goes to die in a two-hundred-question spreadsheet. What is new in 2026 is not that the review exists. It is that the questionnaire now contains a category of question the standard vendor security form was never built to answer: how do you govern the AI agents inside your product? What identity does each agent get? What can it access on our data, and under whose authority? Can you prove least privilege? Can you produce an immutable log of every action it took? Can we revoke it instantly if it misbehaves?
Most vendors cannot answer those questions cleanly, and buyers have noticed. Guidance circulating among enterprise procurement teams this year is blunt: the standard security questionnaire was designed for deterministic software, not for agents that generate novel outputs, hold unscripted conversations, and make autonomous decisions in real time, and a growing share of AI deals now die in procurement rather than on features. The pressure behind that scrutiny is measurable. One widely cited analysis found that 72% of S&P 500 companies now flag AI as a material risk in their public disclosures, up from just 12% in 2023. When a risk is material enough for a 10-K, it is material enough for a security team to hold up your contract over it. Procurement timelines reflect the drag: the enterprise evaluation cycle for an AI tool now commonly runs six to fourteen weeks, and much of that time is spent in exactly the review stage where the agent-governance questions live.
This is a different problem from the general slowness of enterprise security reviews. The bottleneck is not that buyers are cautious. It is that you are being asked to describe a governance model for autonomous software that, in most companies, does not exist yet. The deal does not stall because the buyer is difficult. It stalls because your answer is a shrug, and a shrug does not clear a security review.
What "agent trust" actually looks like
The good news is that the discipline required is knowable, and it maps closely to how you would manage a human employee with sensitive access. Gartner, in its April 2026 guidance on managing AI agent sprawl, laid out a sequence that translates cleanly for revenue leaders who want to get ahead of the questionnaire.
Give every agent its own identity. Shared credentials and borrowed human logins are the original sin. Each agent needs a distinct, attributable identity so that every action it takes can be traced to a specific agent, not to the employee whose token it happened to be using. This is the fix for the two-thirds of organizations that cannot tell human and agent actions apart.
Enforce least privilege, and prefer just-in-time access. An agent should hold the narrowest possible permissions for the task in front of it, and ideally should be granted elevated access only in the moment it is needed and then have it withdrawn. Standing, broad, always-on access is the condition that turns a single compromised agent into a company-wide incident.
Keep a human in the loop for consequential actions. An agent can draft the renewal quote. Whether it can send it, apply the discount, or move the money is a policy decision, and for high-stakes actions the answer should route through a person. Buyers ask about this directly, and "a human approves anything that touches money or contracts" is a strong, credible answer.
Log everything, immutably. If you cannot produce a tamper-evident record of what an agent did, when, and on whose data, you cannot pass a serious review and you cannot investigate an incident. Audit logging is the single most requested piece of evidence in agent-focused security questionnaires.
Build a revocation and decommissioning path before you need one. Given that only about a fifth of organizations can cleanly retire an agent, having a real kill switch and a defined offboarding process is both a genuine control and a differentiator. The question "can you shut this agent off instantly?" should have a one-word answer.
None of these steps is exotic. They are the same controls you apply to a privileged employee, adapted for a worker that never sleeps and thinks faster than you can watch. The organizations that fall behind are not the ones that lack the technology. They are the ones that never decided agent governance was someone's job.
Turning governance into a moat, not just a checkbox
The reflex is to treat all of this as cost, a compliance tax on the AI features your product team wants to ship. The sharper move is to treat it as positioning.
Trust has always been a decisive variable in enterprise B2B, and it compounds. A vendor who walks into a security review with a clear, documented agent-governance model, and who answers the hard questions before they are asked, does not just clear the gate faster. It signals a level of operational maturity that reframes the relationship. In a market where a majority of buyers now flag AI as a material risk and a large share of AI deals stall in procurement, being the vendor with a real answer is a competitive edge, not a hygiene factor.
Practically, that means productizing your governance story. Publish how your agents are scoped and permissioned, offer customers visibility into what those agents did inside their environment, and give them the controls to revoke access. Put the agent-identity model in your trust center next to your SOC 2, because the buyer's security team is going to ask for it either way, and the vendor who volunteers it looks like the safe choice against a field of shrugs. The same discipline that protects you internally becomes the proof point that shortens your sales cycle externally.
The honest counterpoint
It would be easy to read all of this as an argument for locking agents down until they cannot do anything useful, and that would be its own kind of failure. The entire point of deploying agents is to let them act, and a governance regime so tight that every action needs three approvals simply recreates the bottleneck the agent was meant to remove. The 98% of organizations expanding agent use are not wrong to do so. Agents are delivering real leverage in revenue operations, and the companies that freeze out of fear will lose ground to the ones that move.
The goal is not less autonomy. It is calibrated autonomy: broad freedom for low-stakes work, tight guardrails for anything that touches money, contracts, or customer data, and complete visibility over all of it. That balance is a moving target, and it will require security, IT, and revenue leaders to actually sit in the same room, a collaboration most companies have not yet built. There is also a fair critique that some of the loudest numbers in this space come from vendors selling the fix, which is why the discipline matters more than the panic. The right response to a genuinely new risk is neither hype nor paralysis. It is the unglamorous work of assigning identities, scoping permissions, and keeping receipts.
The coworkers are already here
The framing that matters is the one we started with. You have hired a workforce you never interviewed. It shows up every day, it holds the keys to your most sensitive systems, and until very recently nobody was responsible for managing it. That was survivable when agents were rare and narrow. It is not survivable now that Gartner expects agents in 40% of enterprise applications this year and non-human identities already outnumber your people 80 to 1.
The organizations that will pull ahead in 2026 are the ones that stop treating agent governance as a security afterthought and start treating it as what it actually is: employee management for a new kind of employee, and a revenue lever hiding inside a compliance problem. Give every agent an identity, grant it the least access it needs, keep a human on the consequential decisions, and be able to see and shut off what it does. Handle that internally and you shrink your own exposure. Handle it visibly and you turn the question that is killing your competitors' deals into the reason buyers trust you with theirs.
The coworkers nobody hired are not going away. The only choice left is whether you manage them, or explain later why you did not.
Sarah Mitchell
Chief Marketing Officer
Sarah is a veteran B2B marketer with over 15 years of experience helping SaaS companies scale their marketing operations.
View all articlesNewsletter
Get the latest business insights delivered to your inbox.
Related Articles
The Borrowed-Trust Economy: Why B2B Buyers Believe a Stranger on LinkedIn Over Your Brand — and the Creator Influence Playbook for 2026
A person's post earns roughly 8x the engagement of your company page, and 64% of decision-makers trust thought leadership over your own product materials. Buyers moved their trust to individual voices; most B2B budgets never followed. Here is the owned-influence playbook for 2026.
The Copilot Adoption Cliff: Why Enterprises Are Quietly Pulling AI Assistants Off the Shelf in 2026
Only 35.8% of Microsoft 365 Copilot license holders actively use it, 30-40% of enterprise seats sit dormant within 90 days, and 95% of GenAI pilots fail to deliver ROI. Inside the activation gap, shadow AI revolt, and outcome-based pivot reshaping how B2B AI gets bought and sold in 2026.
Marketing Budget Allocation Models That Maximize ROI by Channel
Data-driven budget allocation reallocating to highest-ROI channels sees 30-50% efficiency improvement and 40% more pipeline from same budget.