Commvault survey finds organizations lack identity management for agentic AI deployments

An IDC survey found 90% of organizations must improve identity management for agentic AI risks. Also, 98% reported weak collaboration between IT and security teams.

Categorized in: AI News Management
Published on: Jul 17, 2026
Commvault survey finds organizations lack identity management for agentic AI deployments

A new IDC survey of 539 North American IT and resilience decision-makers, sponsored by Commvault, found that 90% of organizations need to improve identity management to address the risks posed by agentic AI systems. With 85% of respondents already having experienced a cyber incident, the findings underscore a widening gap between the rapid deployment of AI agents and the governance frameworks to control them.

The identity management gap

Identity management refers to the control and governance of digital identities-both human users and AI agents-and their access to systems and data throughout their lifecycle. As organizations deploy AI agents at scale, many of these nonhuman identities are created in large numbers with always-on access, potentially outpacing human identities. The survey found that 58.7% of respondents said their organizations require significant improvements or a complete overhaul of their identity-management approach.

Vidya Shankaran, field chief technology officer at Commvault, said, "AI is fundamentally changing how organizations operate, make decisions, and manage risk. But many organizations are discovering that the systems designed to govern people are not prepared to govern a growing population of AI agents, machine identities, and autonomous workflows."

For managers, understanding the identity risks of AI agents is becoming a core competency, and AI for Management training can help bridge the gap.

Collaboration and readiness challenges

The research also highlighted weak collaboration between IT and security teams. Nearly all respondents-98.4%-said better collaboration is needed, with 49.7% indicating major improvements are necessary. Only 26.7% have dynamic role-based access control supporting AI and analytics, and just 24.7% have documented and tested their Active Directory and Entra ID capabilities.

Broader resilience gaps persist. More than half of organizations (57.7%) have not fully defined their minimum viable business-the core functions needed to continue operating during a disruption.

The rise of resilience operations

Commvault said the findings point to a growing need for resilience operations, or ResOps, an emerging discipline that unifies business, security, infrastructure, data protection, and recovery teams around maintaining operations and accelerating recovery after disruptions.

Frank Dickson, group vice president for IDC's Security & Trust research practice, said, "IDC predicts that ResOps will mature from an emerging discipline into a mainstream enterprise capability over the next three to five years."

Commvault also announced the IDC Cyber Readiness Assessment, an interactive tool designed to help organizations evaluate cyber resilience maturity and identify gaps in identity, protection, detection, response, and recovery. It will be available in the coming months.

Why this matters for management

For management teams, the survey's findings are a clear signal that identity governance must evolve alongside AI adoption. The proliferation of nonhuman identities with unchecked access introduces new attack surfaces that traditional IAM systems were not designed to handle. Without a coordinated ResOps approach, the risk of operational disruption increases, and recovery times lengthen. AI for Executives & Strategy training can help leaders build the cross-functional oversight needed to close these gaps before an incident occurs.


Get Daily AI News

Your membership also unlocks:

700+ AI Courses
700+ Certifications
Personalized AI Learning Plan
6500+ AI Tools (no Ads)
Daily AI News by job industry (no Ads)