AI Rush Into Identity Systems Outpaces Security Controls, Semperis Warns

A new global study from Semperis finds that enterprises are rapidly embedding AI agents into core identity systems — often without the governance needed to control or recover them if compromised.

The survey of 1,100 organizations across major global markets shows that AI is increasingly being granted access to sensitive identity environments including Active Directory, Microsoft Entra ID, and Okta.

According to the findings, 93% of organizations already use or plan to use AI agents for high-privilege tasks such as password resets and VPN access. At the same time, 92% report AI tools installed on local machines with potential access to credentials and encryption keys.

Despite this expansion, only 32% of respondents are highly confident they could regain control if AI systems exposed administrative credentials. Governance gaps persist, with 6% of organizations admitting they do not track AI identities at all.

“AI is being integrated faster than organizations can establish guardrails,” said Chris Inglis, a strategic advisor to Semperis.

The report also highlights uneven readiness across regions, with confidence in recovery ranging from 53% in the U.S. to just 12% in France.

While 83% of organizations say AI identity governance is now a priority, the study suggests most are still early in implementing controls — leaving identity systems as an expanding and increasingly automated attack surface.