The Surface Looks Calm. Four Thousand Meters Down Is Where Your Risk Actually Lives.

Identity strategy rarely breaks on a single insight. It shifts when something you already knew becomes impossible to ignore.

Last week I was in the Caribbean, sitting at the edge of the water with nothing demanding my attention for the first time in months. One week. No agenda. Just the ocean. And I couldn't stop thinking about identity security.

Not because I was looking for a metaphor. Because the problem was staring back at me.

We built identity security around the human. The human is no longer the majority.

For decades, the model was straightforward. A person, a role, a set of permissions. Govern the person, govern the access. It was a viable model for a world where humans were the primary actors in enterprise systems.

That world is gone.

Non-human identities now outnumber human ones by orders of magnitude in most organizations. Workloads, containers, APIs, service accounts, CI/CD pipelines: entities that authenticate continuously, at machine speed, completely outside every governance framework built for people. Nobody reviews their access quarterly. Nobody sends them a phishing simulation. Most don't even appear in the identity inventory until something breaks.

And now autonomous AI agents sitting on top of all of that. Entities that reason, plan, chain permissions, and act on behalf of users with no human in the loop. Not quite human. Not traditional machines. Something the identity industry is still struggling to define, let alone govern.

Most security teams are watching the shoreline. The volume, the velocity, and the actual risk have moved into water they have not mapped. And the gap is widening every day.

The layers interact. That is where it gets dangerous.

The ocean is not a single body of water. It is hundreds of systems, running simultaneously, at different depths, affecting each other in ways that are invisible from the surface. A current far below shifts conditions at the top. A temperature change in one zone reshapes behaviour across the others.

Identity environments work exactly the same way.

An AI agent invoked by a human carries that human's context and potentially their permissions. A misconfigured trust relationship between two non-human systems creates an attack path no policy ever modelled, because nobody was thinking about the interaction between layers. A workload identity with standing access becomes a pivot point that a human-centric access review would never surface.

Most exposures do not announce themselves. They settle into the gaps between systems, accumulate across layers never designed to be governed together, and wait. The incident report does not mark the beginning. It marks how long it went unnoticed.

Three signals already visible in your environment.

For security leaders wondering whether this is theoretical, three operational signals are reliable.

Look at what percentage of identity activity in your environment your current security controls actually cover. In most organizations running cloud workloads at any scale, the honest answer is well under half. The rest is happening through federated access, assumed roles, workload identities, and whatever integration patterns each team adopted before anyone established a standard. If your controls have quietly become the documentation layer while the actual activity lives somewhere else, that is the first signal.

Look at how your non-human identity inventory has changed over the past two years. Not the service accounts you know about. The ones tied to pipelines, automations, and third-party integrations that were stood up without a formal provisioning process. In most environments, that population has grown faster than any team can track. The ones with the longest-standing access are usually the ones nobody owns anymore.

Look at who is in the room when your application teams talk about agentic AI access. If the answer is not your identity security function, the architectural decisions are already being made without you. By the time you are invited in, the patterns are in production, the budget is spent, and the conversation has shifted from architecture to cleanup.

The Tide Does Not Wait.

I came back from that trip with the same conviction I have held for a while, but sharper. The identity problem is no longer a human problem with machine edge cases. It is a fundamentally multi-entity problem, humans, non-human systems, and autonomous agents, that our frameworks, our tooling, and our mental models are simply not keeping pace with.

The tide does not pause while organizations debate architecture. It does not wait for the next budget cycle, the next audit, or the next board presentation. The non-human identity population is already growing faster than most teams can track. Agentic AI is already being deployed without identity security in the room. The water is already rising.

The organizations that get ahead of this will not have done it by accident. They will have looked past the shoreline, understood what was moving beneath the surface, and made deliberate decisions before the current made those decisions for them.

Standing at the water's edge on a clear day, you can see maybe three meters down. The ocean goes to four thousand. Almost everything that matters is in the part you cannot see from the shore.

So here is what I keep coming back to: if a breach happened today through a non-human identity or an autonomous agent operating in your environment, would your identity security strategy even know how to contain it?