Three Reports This Week Say the Same Thing: Your IAM Was Not Built for AI Agents

Three pieces landed this week that, taken together, paint a clear picture of where agent identity is heading — and where it's stuck. The Sources 1Password launched Unified Access (Mar 17) — discovery, governance, and runtime credential delivery across humans, AI agents, and machine identities. Partners: Anthropic, OpenAI, Cursor, GitHub, Vercel. Strata published 8 Strategies for AI Agent Security — a practical framework covering JIT provisioning, runtime access control, Zero Trust OAuth, cross-cloud policy, and agent-native identity models. Theodosian mapped The Governance Gap — showing exactly how zero-trust, DLP, and IAM break down when the identity is autonomous rather than human. Where They Agree All three converge on the same diagnosis: Agents are not service accounts. They reason, adapt, delegate. Static credentials and pre-provisioned access don't fit. NHIs outnumber humans ~50:1 (Orca Security data). The identity surface area has already exploded. 80% of IT leaders report agent