Just a few years ago, the idea of managing tens of thousands of AI agents sounded like science fiction. Today, it’s not only possible...it’s already happening. Aside from malware replication, this is the most likely fast-approaching ‘order of magnitude’ scale challenge to solve in our digital world.
Every organization experimenting with AI copilots, digital assistants, or autonomous services is laying the groundwork for an AI-native enterprise. The shift has started, and there’s no reversing it.
But as these systems spread organically throughout companies, one uncomfortable truth is becoming clear: Most of them were launched without a cohesive identity or security model.
AI Agents Are Already in Your Organization
Let’s be honest, the wave of Agentic AI adoption isn’t coming. It’s already here. In a recent global survey conducted by Ory and Enterprise Management Associates (EMA), 98% of respondents were in production, had a pilot program, or were planning one.
Teams are using autonomous agents to interact with APIs, automate workflows, and handle internal operations. Many of these agents were spun up quickly, in sandboxes or pilots, long before security teams could define proper governance policies.
Now, organizations are trying to retrofit access controls and write policies after the fact…and discovering that many of them are impossible to enforce in practice. Same EMA survey referenced above, while 98% are in some stage of deployment, 79% of those organizations lack written policies for governing AI agents.
Credentials are being shared across systems. Tokens are hardcoded in scripts. Workflows depend on agents whose identity no one fully owns.
This is a sleeping giant and once these agents become part of production systems, the cost of fixing identity mismanagement skyrockets and the change management challenge for most organizations will be massive.
The Reset That Will Never Happen
You can’t wake up one day and decide to rebuild your entire AI identity layer at once. No one is going to reset every agent’s credentials and force them to re-authenticate. Doing so would break countless hidden dependencies and production services that rely on them.
The only scenario where such a mass reset happens is after a breach; when it’s already too late.
The Identity Layer for the AI-Native Future
The only sustainable path forward is to build identity infrastructure that scales with AI; one that treats agents, users, and services as first-class citizens in the same security model. 62% of EMA survey respondents believe their current identity and access management systems are not ready to scale to meet agentic needs.
That’s where Ory comes in.
Ory’s open, API-driven identity platform is built to handle the next generation of authentication and authorization challenges, all rooted in Zero Trust principles: never assume trust, always verify identity, and continuously enforce least privilege.
- Manage millions of identities (human or machine) with open standards like OAuth2 and OpenID Connect.
- Enforce fine-grained authorization policies with Ory Keto.
- Automate secure token rotation, revocation, and auditing.
- Integrate seamlessly into any AI orchestration stack or agent framework.
With Ory, organizations can design identity governance that’s enforceable by architecture, not just by policy documents…the cornerstone of any true Zero Trust environment.
Our partnership with CockroachDB extends this foundation further. CockroachDB delivers the globally distributed, survivable data layer required for identity at massive scale. And with built-in vector search, organizations can track agent behavior patterns, spot anomalies, and adapt policies dynamically—all without adding another system to the stack. Learn more about Ory and CockroachDB together
Don’t Retrofit Security, Design It
We’ve already crossed the threshold. AI agents are here, and they’re multiplying fast.
The companies that recognize this, that invest now in enforceable, scalable identity systems, will avoid the painful scramble that’s coming for everyone else.
Because if you wait until you have 10,000 agents to start thinking about authentication and authorization, you’ll already be in too deep.
Identity is the backbone of every secure AI ecosystem. And Ory is the foundation built for this future. A future where people, machines, and AI agents all operate under one unified, Zero Trust-aligned security model.
Start Building Now
The future of identity isn’t just about users anymore. It’s about autonomous systems that act, learn, and collaborate at scale.
Ory helps organizations embrace this reality; securely, with flexibility, and with confidence.
When your organization reaches 10,000 agents (and it will happen faster than you think), you’ll be glad your identity infrastructure was built (and verified) for Zero Trust from the start.
Links of Interest
Recent blog posts on agentic AI
