Your AI Agents Now Outnumber Your People 45 To 1. Who Signs For What They Do?
Every agent is a privileged identity acting at machine speed. If it cannot name an owner, a purpose and a signed record, you do not have governance. You have exposure.
By Micky Irons, founder and CEO, Mickai
Here is the number that should stop your next architecture review cold. In the modern enterprise, non-human identities now outnumber human ones by 45 to 1. In cloud-native estates the ratio reaches 144 to 1. Every one of those identities authenticates, holds permissions, and reaches into systems that matter. And when I ask security leaders a simple question, the room goes quiet. Who signs for what these things do?
The honest answer, most of the time, is nobody.
The identity you forgot you issued
When people hear "non-human identity" they picture a dusty service account. That undersells it badly. An NHI is any credential wielded by something that is not a person: service accounts, API keys, OAuth tokens, machine certificates, and now, increasingly, the credentials carried by AI agents that reason, decide and act on their own.
Industry research puts the enterprise average at roughly 45 NHIs for every human user, and pushes the cloud-native figure toward 144 to 1. These are not passive processes waiting to be called. They authenticate continuously, they hold standing permissions, and many of them carry access that would be flagged the instant a human account tried to hold it.
Then agentic AI arrived and changed the character of the problem. A traditional service account does one deterministic thing. An AI agent is a decision-maker. It chains tool calls, spawns sub-agents, reaches across systems, and initiates actions at machine speed with no human in the loop for that particular step. You did not issue one privileged identity. You issued a workforce, and it clocked in without a manager.
The confidence gap is real, and it is measured
This is not a vibe. The Cloud Security Alliance, with Oasis Security, ran the numbers and published them on 27 January 2026. Only 15 percent of organisations feel highly confident they can prevent an attack that comes through a non-human identity. Seventy-nine percent of IT and security professionals rated their confidence as only low or moderate. The pain points they named are exactly the ones you would expect: discovering the identities in the first place, auditing and monitoring them, managing privilege, and enforcing any policy at all.
Separate figures make the governance vacuum plain. In the same survey, 78 percent of organisations had no documented, formally adopted process for creating or removing these identities, and only a minority ran a real process for rotating or revoking API keys. So the estate grows, nobody owns the growth, and the credentials outlive the projects that spawned them.
That is the gap. Identities you cannot fully see, acting on your behalf, at a speed you cannot follow, with no clear line back to a human who signed for the risk.
An identity without an owner is not an identity. It is a liability.
I build Mickai on a rule I will not bend. Every agent is a privileged identity, and a privileged identity that cannot answer three questions has no business running in a regulated environment.
Who owns it? A named human or a named team accountable for what this agent is allowed to touch. Not a shared inbox. A signatory.
What is it for? A declared, bounded purpose. An agent provisioned to reconcile invoices does not get a standing key to the customer database because it was convenient at build time.
What did it actually do? A record of every action, sequenced, timestamped and signed, that no operator can quietly rewrite after the fact.
Get those three right and an NHI stops being a floating liability and becomes something you can govern, audit and, when it goes wrong, hold to account. Miss any of them and you are trusting machine-speed autonomy on a handshake.
How a sovereign runtime binds identity to action
Mickai is a Sovereign Intelligence Operating System. Regulated organisations own it and run it inside their own walls, air-gapped where the workload demands it, with a cryptographically signed audit record written on every action. It is built and it is live. The point of a sovereign runtime, in identity terms, is that the binding between an agent and its behaviour never leaves your control and never depends on a vendor's promise.
Concretely, that means three things.
Every agent is minted as a first-class identity with an owner and a scoped purpose baked in, not bolted on. Provisioning an agent looks like onboarding an employee, because in permission terms that is exactly what it is.
Every action the agent takes is written to a signed, append-only log. Sequenced, timestamped, attributable. When an auditor, a regulator or your own incident team asks what this agent did at 02:14, the answer is a signed record, not a reconstruction from scattered application logs six months later.
And because you own the runtime, the evidence sits inside your boundary. You are not exporting your agents' behaviour to someone else's cloud and hoping the export is complete and untampered. The proof is yours.
This is the same discipline we describe across our work on agent governance and the auditable action log that underpins it. Identity, purpose and proof are one system, not three tools you integrate on a Friday.
Why this lands in 2026, not later
The regulatory floor is rising to meet the risk. Under the EU AI Act, Regulation 2024/1689, the obligations for high-risk AI systems become fully applicable on 2 August 2026. Article 12 requires those systems to technically allow for the automatic recording of events, logs, over their lifetime, and the duty is real: automatic means the system generates the evidence itself, not a human writing notes after the fact. Failing the record-keeping and related obligations can draw penalties of up to EUR 15 million or 3 percent of worldwide annual turnover, whichever is higher.
Financial services already live this. DORA has applied since 17 January 2025 and requires financial entities to log relevant events across their ICT systems and to keep third-party and privileged access under demonstrable control. None of these regimes bar you from cloud. Almost all of them permit cloud with the right controls. What they will not accept is autonomy without a signed record of what the autonomy did. A no-cloud requirement exists only at the workload level, for classified material, ITAR, isolated operational technology, or where a data-protection assessment forces it. The broader market is not moving on a legal ban. It is moving on preference: leaders who have looked at 144 to 1 and decided they want the identity, the purpose and the proof inside their own walls.
The takeaway
You did not plan to run a workforce of 45 machine identities per employee. It happened anyway, and agentic AI is pushing the ratio higher every quarter. The choice in front of every IAM leader and security architect is not whether to have non-human identities. You already have them, at scale, acting now. The choice is whether each one carries an owner, a purpose and a signed record, or whether it acts on your behalf with nobody willing to sign.
Treat every agent as the privileged identity it is. Give it a name, a boundary and an audit trail you own. That is the whole job, and it is the job Mickai was built to do.
Frequently asked questions
What exactly is a non-human identity?
Any credential used by something that is not a person: a service account, API key, OAuth token, machine certificate, or the credentials an AI agent uses to authenticate and act. In 2026 the fastest-growing and riskiest class is the AI agent, because unlike a static service account it makes decisions and initiates actions on its own.
Why is 45 to 1 a security problem and not just a scaling fact?
Because these identities hold standing permissions and act at machine speed, yet only 15 percent of organisations feel highly confident they can prevent an attack through them, and most have no documented process to create, rotate or revoke them. Scale without ownership and without an audit trail is exactly how a single compromised token becomes a breach nobody can reconstruct.
Does running AI agents force me off the cloud?
No. The EU AI Act, DORA, GDPR and the FCA and PRA regimes permit cloud with appropriate controls. A genuine no-cloud requirement applies only at the workload level, for example classified, ITAR or isolated operational-technology systems. Most organisations choosing a sovereign runtime do so by preference, to keep agent identity and the audit record inside their own boundary.
How does Mickai make an agent accountable?
Every agent is provisioned as a privileged identity with a named owner and a scoped purpose, and every action it takes is written to a cryptographically signed, append-only log inside a runtime you own and can air-gap. When someone asks what an agent did, the answer is a signed record, not a guess. It connects directly to our work on agent governance and the auditable action log.
Mickai is a Sovereign Intelligence Operating System, privately held and founded by Micky Irons. Our patent portfolio stands at 104 filed UK applications across 13 families, roughly 2,340 claims, named inventor Mickarle Wagstaff-Irons, building toward examination and grant.


