The main obstacle is no longer only model performance. Deployment is being slowed by multi-factor authentication prompts, short-lived session tokens, bot-detection systems, consent screens, delegated permissions and audit requirements built for people using keyboards, not software agents acting across several applications. The gap has become more visible as companies try to turn generative AI from workplace assistants into task-performing agents that can open tickets, update records, query databases, send emails and complete transactions.
The shift is sharp. Fewer than 5 per cent of enterprise applications had embedded task-specific AI agents in 2025, while that share is expected to rise to as much as 40 per cent by the end of 2026. At the same time, more than 40 per cent of agentic AI projects are expected to be cancelled by the end of 2027 because of high costs, weak business cases or inadequate risk controls. The figures point to a market expanding quickly, but not yet supported by mature operating rules.
The friction often appears at the first practical step: access. An agent may be able to summarise a contract or plan a workflow, but it can fail when asked to log into a customer relationship management system, renew a session, pass MFA, or use a web interface protected by anti-bot controls. Many businesses have tried to work around the problem by sharing service accounts, storing user tokens, or allowing agents to operate under broad permissions. Those shortcuts create security risks because they blur responsibility and make it harder to identify whether an action was taken by an employee, an approved agent, a shadow agent, or a compromised credential.
Identity providers are now racing to define AI agents as first-class non-human identities. Microsoft’s Entra Agent ID framework allows agents to request access tokens and use them to reach services including Microsoft Graph, internal systems and third-party applications. The platform is designed to register agent identities, manage authorisation and apply governance through standard protocols such as OAuth 2.0, Model Context Protocol and Agent-to-Agent communication. Okta has also moved to treat agents as governed identities, with lifecycle controls, ownership records, permission limits and decommissioning rules.
Security researchers warn that merely extending human identity systems to agents is insufficient. AI agents may be short-lived, replicated, delegated to sub-agents and authorised to perform actions across organisational boundaries. That creates problems around transitive delegation, audit trails, temporal validity and permission propagation. A human worker typically has a stable employment relationship and a known device posture. An autonomous agent may have a changing context, a shifting toolset and a task chain that spans multiple systems within seconds.
Web security adds another layer. Cloudflare has expanded tools for identifying and managing automated traffic, including a database for known bots and agents, while also supporting cryptographic verification of automated requests. The approach reflects a wider change in web infrastructure: websites want to distinguish approved AI agents from scraping bots, credential-stuffing tools and abusive automation. For enterprises, that means agents may need to carry verifiable credentials rather than imitate browser behaviour.
The stakes are particularly high in regulated sectors. Agents that read emails, process claims, search personnel files or generate compliance reports may handle personal data at scale. Privacy obligations, data retention rules, automated decision controls and vendor contracts may all be triggered when agents act with limited human supervision. Businesses deploying them must define what data an agent can access, whether it can retain memory, how its output is reviewed and who is accountable when it makes an error.
Follow Arabian Post
Select Arabian Post as your preferred source on Google and MSN News for trusted business news and Arab politics and updates.