Latest CoverageEventsResearchBe a ContributorEditorial CalendarAdvertising
The Business of Enterprise AI
Orange Cones in a Row by the Side of a Street
Editorial

As AI Agents Go Production, Enterprises Confront an Access Dilemma

4 minute read
Eric Barroca avatar
By
February 25, 2026
Information Management
SAVED
AI agents don’t respect permission boundaries by default. Identity-based, auditable authorization is the new foundation of enterprise-grade deployments.

As organizations accelerate the deployment of AI agents, a massive unsolved problem is about to become very apparent: governing access and agent authorization at scale. Enterprises know they can’t give AI agents root access to all systems and knowledge. But it’s equally unrealistic to manually configure permissions for every possible agent interaction.

Today’s default approach is often, “give the agent some access and hope for the best.” That works — until it doesn’t. And when it fails, it fails spectacularly.

Recently, I predicted that agent authorization will become a real infrastructure category in 2026. This is why.

Once agents move from experiment to production and begin operating across teams and systems, the harder problem emerges: access. How do you scope what an agent can see? How do you pass user- and work-scoped permissions? How do you know what the agent actually touched? And when something goes wrong, how do you revoke access and prove what happened?

Table of Contents

Why Agents Break Traditional Access Models

In an enterprise, access is never uniform. An entry-level accountant doesn’t see what a senior accountant sees. A project manager may access documents for one initiative, but not everything in the department. Finance, marketing and legal all operate under different “need-to-know” rules layered over years of policy and compliance.

Enterprises rely on IT-defined access controls to govern human behavior. Without a GenAI platform, those controls do not extend to autonomous agents.

If you give an agent access to everything, it will use everything. It will not politely ignore information it shouldn’t touch. If the fastest path to completing a task involves a sensitive file, it will take it — because there is no innate restraint mechanism. Once restricted information is accessed, the violation has occurred, and it can become part of the generated response or output. At that point, the security boundary has already been breached. Like the user, you can’t ask an agent to ignore or "unsee" unauthorized information after it has been accessed. 

That’s why permissions must be enforced before data is retrieved, not after a response is generated. The only safe approach is to enforce access at the query level, every time.

Related Article: Protecting Enterprise Data in the Age of AI: A Business Leader's Guide

Agents Must Run With an Identity 

The core principle is simple: agents must operate on behalf of a user, not as an independent system.

Using workload and workforce identity federation, an agent carries the authenticated identity of the human who initiated the task. When the agent accesses Google Drive, Office 365, SharePoint, Salesforce or other internal systems, it does so with that user’s exact permissions.

Every agent runs as the user — not as an admin, not as a shared service account. Identity is propagated end-to-end.

This does two critical things:

  1. First, you know the request is being made on a user’s behalf, not autonomously.
  2. Second, you can reuse the enterprise’s existing permission model instead of reinventing access control for AI.

Modern cloud systems support this well. Legacy systems complicate things, often requiring proxies to exchange credentials and enforce boundaries. But the rule remains the same: if the agent can see something, it will use it. So access must be enforced at the moment of retrieval, every time.

If you don’t enforce permissions when the agent attempts to fetch information, the agent will find data that a human would never access — and once it’s included in the input, there’s no undo or delete. Agent memory limits won’t mitigate this risk. The problem isn’t how long the agent remembers the data — it’s that the data was accessed at all. 

Why Auditability Is Non-Negotiable

Access control alone isn’t enough. Enterprises also need to be able to prove what an agent did.

In regulated or high-risk environments, the question is not just “Can the agent do this?” but:

  • What did the agent access?
  • Under whose authority?
  • In what context?
  • Was that access appropriate?

Auditable agent authorization means every tool call and data fetch is logged, attributable to a specific user and workflow and reviewable after the fact. It enables forensic analysis, compliance reporting, and — critically — the ability to revoke access or shut down behaviors when something goes wrong.

Without auditability, you don’t have governance. You have blind trust in a system that was never designed to police itself.

Authorization Is Infrastructure

This identity-based, contextual, auditable approach doesn’t make the problem easy. Identity and permissions have been among the hardest challenges in enterprise software for decades. AI doesn’t solve them — it amplifies them.

But solving this is what makes enterprise-grade AI deployment possible.

As agents move from copilots to autonomous actors, access control can’t be bolted on after the fact or buried inside prompts and guardrails. Agent authorization becomes core infrastructure: dynamic, contextual, auditable and user-restricted by design. We already have the building blocks — identity federation, token-based credentials and policy engines.

Related Article: 5 Lessons From OpenAI’s Internal Data Agent Deployment

Learning Opportunities
Webinar
Cloud Contact Center
Feb
26
Do More with Less: Modernizing the Cloud Contact Center for 2026
Learn how to leverage cloud platforms without adding a single hire to personalize every customer interaction.
Register
Webinar
Navigating Content Decisions at Scale
Mar
25
Content Leaders Collective: Navigating Content Decisions at Scale
Discover how content leaders are modernizing content operations, avoiding costly missteps and preparing for scale and AI.
Register
Webinar
Speed and complexity
On demand
Content Strategy Leaders Live: Scaling for Speed, Complexity and AI in High Tech
A candid roundtable on how high-tech leaders are rethinking content at scale.
Watch Now
Webinar
Complex, internal combustion engine or fine clockwork.
On demand
Cut the Noise: Deploying AI That Actually Moves the Needle
Learn how to turn AI experimentation into concrete revenue operations.
Watch Now
Webinar
Legacy rotary phone vs smartphone
On demand
Ditch the Desk Phones: How Modern Teams Drive AI-First Communications
Find out how one team finally pulled the plug on a legacy phone system. And built something smarter.
Watch Now
Webinar
Rebrand. Migrate. Optimize. How to Do It All (Without Slowing Down)
On demand
Rebrand. Migrate. Optimize. How to Do It All (Without Slowing Down)
Cresta leveled up site speed, design flexibility and marketer sanity (in record time). Find out how.
Watch Now
Webinar
Cloud Contact Center
Feb
26
Do More with Less: Modernizing the Cloud Contact Center for 2026
Learn how to leverage cloud platforms without adding a single hire to personalize every customer interaction.
Register
Webinar
Navigating Content Decisions at Scale
Mar
25
Content Leaders Collective: Navigating Content Decisions at Scale
Discover how content leaders are modernizing content operations, avoiding costly missteps and preparing for scale and AI.
Register
Webinar
Speed and complexity
On demand
Content Strategy Leaders Live: Scaling for Speed, Complexity and AI in High Tech
A candid roundtable on how high-tech leaders are rethinking content at scale.
Watch Now

The Year of Reckoning

Last year was the year of AI agent experimentation. This is the year reality sets in. The divide will be between organizations that enforce agent identity and access boundaries and those that give agents unfettered access to enterprise systems. The familiar refrain, “We’ve tried AI three times, and it didn’t work,” isn’t an indictment of the technology. This won’t be the year AI hype dies — the hype is too proliferated — but it will be the year poor implementations are exposed.

Agents don’t behave like users. They issue orders of magnitude more searches, touch far more data and traverse systems at machine speed. That amplification is the value and the risk. When access isn’t governed, exposure scales faster than organizations realize.

The technology is ready. What’s lagging is adoption of the infrastructure mindset enterprises have long applied to content and systems — now applied to agentic AI.

That’s not an AI problem. It’s an infrastructure decision. And in 2026, it will be the deciding layer.

fa-solid fa-hand-paper Learn how you can join our contributor community.

About the Author
Eric Barroca

Eric Barroca is the co-founder and CEO of Vertesia, a unified, low-code platform for building, deploying and managing enterprise-grade GenAI applications and agents. Connect with Eric Barroca:

Main image: meta-frames | Adobe Stock
Tags
ai risk managementai governanceinformation managementagentic aiai agentsagent governance
Featured Research
Featured research
White Paper
Why Enterprise AI Fails at Scale
A data readiness framework for leaders preparing generative and agentic AI for real-world autonomy
Featured research
Research Report
Designing AI-First Systems for Customer Access
What conversational AI reveals about orchestration, workflow redesign and execution at scale
Featured research
Research Report
Power Personalized CX with AI That Remembers What Customers Don’t Want to Repeat
What high-scale AI systems reveal about context, orchestration and why most AI fails between experimentation and execution.
Featured research
eBook
Designing an AI-Native Contact Center
Forget CCaaS bolt-ons. This blueprint shows how to scale with AI as your command center.
Featured research
White Paper
The New Architecture of Customer Access
AI can cut handling time by 70% and boost CSAT by 32%. This white paper shows how to build around it.
Featured research
eBook
The Hidden Impact of AI in the Contact Center
AI’s biggest impact isn’t always flashy—it’s the smarter, quieter stuff that actually moves the needle.
Featured research
eBook
From Reactive to Ready: Scaling Contact Center Ops with WFM That Works
When customer demand shifts by the minute, your workforce strategy needs more than spreadsheets and guesswork it needs agile, AI-powered WFM built for digital service.
Featured research
Research Report
Unlocking the Potential of Artificial Intelligence in Digital Customer Experience
Insights and Trends from Organizational Adoption
Featured research
eBook
How to Meet Your GenAI Goals While Mitigating the Risks
Pressure is mounting to create Generative AI solutions—but cautions abound. Here’s how to meet your goals, while reducing costs and risks.
Featured research
Guide
Your Blueprint to Generative Answering in Digital Self-Service, Building Next-Gen Experiences
Get real-world advice from 30+ enterprises on how to reduce hallucinations, boost security and design the ultimate generative experience.
Featured research
Research Report
Artificial Intelligence and The Digital Workplace: Altering the Future of Work
Nearly 1,400 executives give us their thoughts on AI, machine learning and new generative AI tools