More than a fifth of local agents already hold direct access to production data sources, according to Token Security’s research — a single figure that forces a rethink of long-standing security assumptions.
How AI agents shattered the “knowable” enterprise
For roughly two decades, enterprise security operated on a manageable premise: the environment was knowable. Teams could inventory users, map systems, define policies, and rely on vendor dashboards and workflows to manage most incidents. AI agents broke that expectation. They act autonomously, invoke tools, acquire access across systems, and change behavior based on context. Some run in sanctioned SaaS platforms; others run locally or unsanctioned. Agents can borrow human access and disappear before the next inventory scan, making prior assumptions about stability and visibility invalid.
The operationalization gap: questions fixed workflows can’t answer
Vendors can and do build dashboards for common risks — overprivileged service accounts, stale credentials, dormant admins, and excessive permissions. But Token Security’s analysis argues those generic workflows miss the questions that matter inside a particular environment: which agents created in the past two weeks can reach production through inherited human credentials; which local coding agents still hold active tokens after a project ended; what potential attack path an agent could create from one system to another. Those questions depend on an organization’s cloud footprint, SaaS stack, development practices, ownership model, compliance requirements, and AI adoption patterns — permutations no single vendor roadmap can anticipate.
Why “just build it” no longer solves the problem
AI-assisted development has accelerated teams’ ability to replace SaaS tools with in-house software. Retool’s 2026 Build vs. Buy report found that 35% of teams had already replaced at least one SaaS tool with something they built themselves, and 78% expected to build more that year. But the piece stresses a key distinction: building a custom app is only half the problem. The hard, ongoing work in cybersecurity is the data layer — identity, access, permission, ownership, and activity data — and the integrations required to connect securely to live enterprise systems across AWS, Azure, GitHub, Salesforce, Okta, secret managers, CI/CD pipelines, SaaS platforms, agent frameworks, and on-prem systems. Building and maintaining those integrations, normalization, and schemas is costly and fragile; “just build it” can leave teams responsible for brittle scripts and stale exports rather than a live operational picture.
Identity as the control plane and the foundation to buy
The source makes a clear prescription: identity is the only control plane that governs agentic AI. Every meaningful agent requires access, authenticates, uses credentials, and reaches data. Often an agent doesn’t have an identity of its own and borrows an employee’s, which can make agents indistinguishable from people in audit logs. Because identity governs what an agent can reach, a live identity foundation is the place security teams can discover agents, map access, enforce ownership and lifecycle rules, and ask the operational questions that matter: who owns this agent, what is it supposed to do, which identities does it use, what systems can it reach, does access match intent, and what happens when an agent is abandoned or compromised. The recommended model is not pure build or pure buy: buy the foundation (continuous discovery, integrations, normalization, identity correlation, access mapping, governance controls, auditability, and secure execution boundaries) and build the operational layer (workflows, reports, automations) that reflects the organization’s specific reality.
What this means for technologists, procurement leaders, and end users
- Technologists and security teams: focus engineering time on the operational layer — encoding owner decisions, exceptions, remediation flows, and risk prioritization — while relying on a vendor-grade foundation for continuous discovery and normalization.
- Procurement and platform leaders: adopt a hybrid model — buy the deep, continuously maintained identity and integration foundation rather than asking internal teams to reimplement connections across every cloud provider and SaaS product.
- End users and application owners: be aware that agents often inherit or borrow human credentials; ownership and lifecycle policies must cover agent accounts as rigorously as human ones to avoid silent production access.
How Token Security positions the practical response
Token Security’s framing in the source is explicit: shadow AI and agent sprawl are outpacing security teams’ ability to respond, and the company positions its product to discover every agent, map risky access, and automatically enforce intent-based policies. The source urges teams to build on a live identity foundation and own the operational layer so they can scale AI safely without losing control or slowing innovation. For organizations seeking a demo, the source invites readers to book a technical demonstration with Token Security.
In short: the old playbook assumed environments changed at human speed. Agentic AI has forced a different posture — accept continual change, buy the foundational plumbing of identity and discovery, and own the operational logic that must bend to a fast-moving reality.




