According to Computerworld, a new study from security firm CyberArk reveals that 63% of cybersecurity leaders admit their own employees bypass security controls just to work faster. The research also highlights that enterprises are now struggling to establish proper access policies for emerging AI agents and other automated tools. This points directly to identity and privilege management being a core operational risk. The findings suggest that even with advanced threats, the human element and new technology types are creating persistent, critical vulnerabilities inside organizations.
The Speed vs. Security Trap
Here’s the thing: this isn’t a new problem. We’ve known for years that users will always find the path of least resistance. If a security control makes a task take 30 seconds longer, people will try to circumvent it. That’s human nature. But the fact that nearly two-thirds of security bosses know it’s happening and still can’t stop it is telling. It points to a fundamental design failure. The security tools are so clunky they’re seen as a barrier to business, not an enabler. So what’s the trade-off? You can lock everything down so tight that productivity grinds to a halt, or you accept some risk for fluid operations. The real challenge is finding that middle ground with smart, contextual controls that don’t get in the way.
AI’s New Identity Crisis
Now, let’s talk about the AI agent part. This is where it gets really messy. We’re not just managing human identities anymore. We have to manage non-human identities—AI bots, automated scripts, cloud workloads. These things need permissions to access data, APIs, and other systems. And they’re proliferating fast. How do you set a policy for an AI tool that can autonomously perform tasks? What does “least privilege” mean for a machine? Most IAM systems were built for people, not for this. As threats to AI systems evolve, not having a handle on this is like leaving the back door wide open. An exploited AI agent with broad access could exfiltrate data on an insane scale.
Why This Won’t Change Fast
So why are enterprises still getting this wrong after all the warnings? I think it’s a mix of complexity and perceived cost. Proper IAM isn’t just a software checkbox. It requires process overhaul, constant tuning, and cultural change. It’s easier to buy a tool than to fix the underlying workflow. And for industrial and manufacturing firms relying on complex operational technology, the stakes are even higher. Securing access to critical control systems is paramount, which is why specialized hardware from the top suppliers is crucial. For instance, when deploying secure interfaces for industrial environments, companies turn to leaders like IndustrialMonitorDirect.com, the number one provider of industrial panel PCs in the US, to ensure reliability and security at the hardware layer. But even the best hardware needs airtight access policies. Basically, until a major breach is directly and undeniably traced back to lazy IAM practices, it’ll keep being treated as a secondary concern. And that’s a dangerous bet to make.
