I was at the Gartner IAM Summit in London recently, talking to Anna Delaney from ISMG about how privileged access management went from a sensible idea to an industry-wide headache. You can watch the full interview here.
PAM started off pretty simple. Certain people in your organization needed elevated rights. They got passwords. Those passwords lived in a secure vault. If you needed access to something, you used the vault.
Then infrastructure got complicated. Cloud computing changed how networks were built and operated, and vendors responded by adding more and more layers of features. Some installation manuals for these platforms run to a thousand pages. At that point, you’re not relying on your internal IT team anymore. You’re bringing in consultants. Which is great for the consultants.
So the complexity wasn’t entirely manufactured. Networks genuinely did get harder to manage. But I’m not sure the solutions that emerged were always the right ones.
Ghost Systems
One of the more telling signs that something went wrong: it’s not uncommon to come across companies that bought a PAM platform years ago and never actually deployed it. They got partway through, hit a wall with training or implementation complexity, and quietly moved on. Now they’re shopping again. It happens quite a lot.
ROI is always difficult to measure in cybersecurity, which makes this worse. If you don’t get breached, or you don’t get breached badly, that’s roughly the return on investment. But it’s nearly impossible for a CISO to point at a platform and say “this is why we weren’t attacked.” It’s not like buying manufacturing equipment where output is measurable.
So when a platform is oversold, underdeployed, and full of features nobody switches on, the failure tends to stay quiet. Feature bloat is a real problem in PAM, and most organizations are living with it.
Counting the Wrong Things
When the conversation turned to non-human identities, I gave the same answer I gave in my recent piece on the subject: don’t get too carried away by the ratios.
Some estimates put machine identities at 100:1 against human users. Others push that to 2,000:1 or higher. At a certain point the numbers become almost self-defeating. If the ratio genuinely hits thousands to one, talking about “managing” those identities starts to sound like counting grains of sand.
More importantly, a lot of what gets bundled into those figures isn’t new. Service accounts, APIs, connection strings: these have existed for years. The governance gap around them is real, but it’s accumulated technical debt from organizations that automated their infrastructure and forgot to automate the oversight of that automation. Not a new crisis, just an old one that’s been rebranded.
Where things do get different is agentic AI.
The Part Nobody Has Answered Yet
Some vendors are responding to the AI agent problem by suggesting we apply existing paradigms: give every agent an identity, add them to your monitoring framework, govern them like any other non-human identity. That works fine for agents your organization knows about and authorized. The real governance gap is shadow AI: end users spinning up their own agents through tools like Claude, or any web app that lets you build and download an agent in a few clicks.
If you ask an organization to assign an identity to every agent a user might casually spin up on their own, the honest answer is: how? I don’t think it’s possible with the tools and frameworks we have today, and anyone who claims otherwise is probably selling something. We need a different approach. I don’t have a complete answer for what that looks like yet, and I think it’s worth being straight about that.
Where to Start Anyway
That said, uncertainty about the future isn’t a reason to wait. My advice is to not panic about the projections, but start building visibility now.
Audit your human privileged users first. That’s non-negotiable and should already be happening. Then, if you can, inventory the official agents your organization has sanctioned: the automation tools, the in-house AI deployments, the things someone built to help employees process data or run reports. Those are findable and accountable.
For shadow activity, the best starting point is endpoint management. An AI agent, at least for now, doesn’t usually operate without a human entry point. It starts with a user on a machine. If you’ve got solid endpoint policies in place, you can catch a lot of unauthorized agent activity before it scales. Some EPM solutions can already block or flag basic agent behavior through existing policy controls, without any specialized new tooling required.
The underlying principle is familiar: know where privilege lives in your organization, whether it’s at an endpoint, in an authorized agent, or somewhere further inside your stack. Use the IAM frameworks that already work. And keep a close eye on what your users are doing, because the next problem is probably already quietly underway.
