Your #AI agent isn't using its own identity. It's using yours.
CyberArk documented a 96:1 machine-to-human ratio in financial services agentic deployments. One human credential. Ninety-six agents operating under it. No session isolation. No per-action audit trail. No distinction in the access log.
IAM teams see delegation. What they're actually running is shadow machine identity at institutional scale: entitlements accumulating silently, accountability dissolving across every chained action.
When a high-value transaction executes under a "legitimate" human credential and the agent that triggered it has no discrete identity of its own, the GLBA audit doesn't find a breach. It finds a governance failure.
The security team sees an efficiency model. The OCC examiner sees an identity architecture that can't be audited.
Those aren't the same problem.
CyberArk documented a 96:1 machine-to-human ratio in financial services agentic deployments. One human credential. Ninety-six agents operating under it. No session isolation. No per-action audit trail. No distinction in the access log.
IAM teams see delegation. What they're actually running is shadow machine identity at institutional scale: entitlements accumulating silently, accountability dissolving across every chained action.
When a high-value transaction executes under a "legitimate" human credential and the agent that triggered it has no discrete identity of its own, the GLBA audit doesn't find a breach. It finds a governance failure.
The security team sees an efficiency model. The OCC examiner sees an identity architecture that can't be audited.
Those aren't the same problem.