We’ve officially moved beyond chatbots that just "chat." We are entering the era of Agentic AI: autonomous, goal-oriented software entities or agents that can process complex information, make independent decisions, and execute multi-step tasks across your enterprise systems with the promise of productivity gains for all users.
But there is a growing storm on the horizon. A new 2025 EMA Survey, conducted on behalf of Ory, reveals a massive gap between how fast companies are adopting these "AI coworkers" and “AI virtual assistant” without properly securing them.
The Reality Check: We’re Flying Blind
The survey, which captured insights from over 270 IT and security professionals globally, confirms that agentic AI is already a production reality. However, the "security gap" is staggering:
- Deployment at Scale: 83% of large and 70% of medium sized organizations have already deployed AI agents in production.
- Policy Vacuum: 79% of organizations have already deployed AI agents into production despite lacking documented policies to govern them.
- Identity Crisis: On average 66% plan to have AI agents act with human oversight, yet ‘people’ don’t scale, make mistakes, and cause bottlenecks.
- The Scalability Wall: 62% of organizations admit their current IAM stack is not ready to handle the exponential scale of machine identities.
Organizations are deploying autonomous entities without the fundamental identity infrastructure or documented policies required to manage their access and behavior at scale.
- Damon Tepe, Head of Product Marketing, Ory
Why "Human-in-the-Loop" Isn't Enough
While 66% of organizations rely on human oversight as a safeguard, this creates a false sense of security. In reality, an agent’s actions often exceed the speed and scope of human oversight mechanisms, leaving a window open for privilege escalation and lateral movement.
The Path Forward: Treating Agents as "First-Class Citizens"
To close the security gap, EMA recommends a fundamental shift: AI agents must be treated as first-class digital citizens, managed with the same, or greater, rigor than human users.
Key Recommendations:
- Treat Agents Like Users: Manage the entire agent lifecycle, from provisioning to sunset, programmatically.
- Enforce Zero Trust for Agents: Move beyond simple rate limits. Use granular, dynamic permission models that grant the least privilege necessary for specific tasks.
- Unified Visibility: You cannot secure what you cannot see. Demand a "single pane of glass" to monitor both human and agent behavior in real-time.
- Seek Scalable and Flexible Solutions: We know agents will outnumber users, if you’re struggling to scale to secure users, agents will cause a collapse. We’re in the beginning stages of AI use, flexible solutions allow you freedom in the future.
How Ory Solves the Agentic Identity Crisis
Current legacy architectures weren't engineered for the "Internet of Agents". Ory provides the modern foundation needed for this AI-driven world.
By offering a transparent, modular architecture, Ory enables companies to:
- Deployment flexibility: Self-host your identity infrastructure on-prem or in private clouds or use an Ory-managed SaaS.
- Scale Effortlessly: Built for the modern web, Ory already manages 4.4 billion transactions per day and powers OpenAI’s 800 million weekly active users.
- Transparency with No Vendor Lock-in: Ory is born from open-source roots. You can easily inspect code and understand how it operates.
Get the Full Report
Are you prepared for the unsecured frontier of autonomous AI agent operations?
Download the full EMA 2025 White Paper to see the complete survey data on industry readiness, cost concerns, and the strategic priorities of your peers.
Other Links of Interest
Blogs on AI and agentic:
