The AI agent security conversation keeps arriving at the same place: the real problem is not the model, it is who is in charge when the model acts on its own. IBM's take, published to the IBM Think blog, frames it explicitly as an insider threat problem. AI agents are "digital insiders," in McKinsey's formulation, and managing them requires the same behavioral lens cybersecurity teams have used for human insider risks for twenty years.
That framing is useful. It sidesteps the abstract AI safety debate and gets to the operational question: what happens when an AI agent with legitimate credentials does something it should not?
The specific risks IBM cites are concrete. Legacy identity and access management tools were not designed for autonomous, self-directed identities. Agents can request credentials, call tools, make decisions, and trigger workflows without a human in the loop for every action. That is the point of them. It is also the attack surface. The 2025 Cost of Data Breach report, cited in IBM's analysis, found that 63% of organizations lack an AI security and governance policy.[^1] The X-Force Threat Intelligence Index puts the identity breach number at 30% of all data breaches starting with identity-based attacks.[^2]
The product answer is IBM Verify Identity Protection, a platform IBM built to help organizations manage what it calls "autonomous identities." The framing is that security leaders need to understand the difference between agentic AI for security — agents performing security tasks like phishing triage — and security for agentic AI — ensuring that all AI agents across business units are discoverable, governed, least-privilege scoped, credential-rotated, and continuously monitored for behavior drift.
The harder question is whether IBM's product actually solves the problem or whether it is rebranding existing IAM controls with agentic language. Forrester's take from the RSA Conference, cited in the same IBM blog post, warns that many so-called agents are "just task-specific scripts, not coordinated systems." Gartner predicts that over 40% of agentic AI projects will be cancelled by 2027 due to lack of value or governance. That prediction is not a credential for the category — it is an admission that the tooling is not ready.
IBM's insight about the identity problem is correct. Agents are not authorized the way humans are — they are onboarded the way software is, with service accounts and API keys and no formal training on what constitutes suspicious behavior. The least-privilege principle that applies to human access does not automatically extend to agent access because nobody has defined what "least" means for a system that can call tools across the entire enterprise stack.
The sequestration approach IBM describes — sandboxing agents in firewalled execution environments until trust is earned — is sound in principle. Whether it survives contact with real enterprise deployment complexity is a different question. The IBM blog post does not cite customers who have actually implemented this at scale.
The honest version of this story: IBM is right that the identity problem is the core security challenge for agentic AI. Their product is one approach. The category is real. The governance problem is real. The specific claims — the 63%, the 30%, the Gartner cancellation rate — are IBM-sourced and worth verifying against independent data before treating them as established facts.
[^1]: Source-reported; not independently verified. From IBM's own 2025 Cost of Data Breach report, cited in IBM's own blog post.
[^2]: Source-reported; not independently verified. From IBM X-Force Threat Intelligence Index, cited in IBM's own analysis.
IBM Think and IBM Verify Identity Protection are the primary sources. The Gartner and Forrester citations are analyst claims, not IBM data.
† Add footnote: 'Source-reported; not independently verified.'
†† Add footnote: 'Source-reported; not independently verified.'
† Add footnote: 'Source-reported; not independently verified.'
†† Add footnote: 'Source-reported; not independently verified.'
