TechTarget and Informa Tech’s Digital Business Combine. TechTarget and Informa TechTarget and Informa Tech’s Digital Business Combine. Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities. Dark Reading Resource Library Black Hat News Omdia Cybersecurity Advertise Newsletter Sign-Up Newsletter Sign-Up Cybersecurity Topics Related Topics Application Security Cybersecurity Careers Cloud Security Cyber Risk Cyberattacks & Data Breaches Cybersecurity Analytics Cybersecurity Operations Data Privacy Endpoint Security ICS/OT Security Identity & Access Mgmt Security Insider Threats IoT Mobile Security Perimeter Physical Security Remote Workforce Threat Intelligence Vulnerabilities & Threats Recent in Cybersecurity Topics Сloud Security After Replacing TeamPCP Malware, 'PCPJack' Steals Cloud Secrets After Replacing TeamPCP Malware, 'PCPJack' Steals Cloud Secrets by Nate Nelson May 7, 2026 4 Min Read Application Security 'TrustFall' Convention Exposes Claude Code Execution Risk 'TrustFall' Convention Exposes Claude Code Execution Risk by Jai Vijayan May 7, 2026 5 Min Read World Related Topics DR Global Middle East & Africa Asia Pacific Latin America See All The Edge DR Technology Events Related Topics Upcoming Events Podcasts Webinars SEE ALL Resources Related Topics Resource Library Newsletters Podcasts Reports Videos Webinars White Papers Partner Perspectives Dark Reading Resource Library Identity & Access Management Security Cyberattacks & Data Breaches Shifting Budget Dynamics for Identity Security and AI Agents AI agent projects are proliferating throughout the enterprise, and those AI agent identities require management, security, and governance. New Omdia research shows the AI agent identity budget dynamics are very different than traditional IAM projects. Todd Thiemann , Principal Analyst , Enterprise Strategy Group May 21, 2026 5 Min Read While Omdia’s new research on “Identity Security for AI Agents” revealed numerous interesting findings, something that caught my eye was the radically changing budget dynamics with agentic AI adoption. The study, which surveyed identity leaders in the US and Canada, showed how identity teams are rapidly evolving their existing identity and access management tooling focused on human and non-human identities to put management and identity security in place for AI agent populations. AI agent populations are expanding and evolving towards autonomous systems operating at machine speed, accessing sensitive data, APIs, and workflows across hybrid environments. The proliferation of identities and privileges is a challenge today, and will become even more so as AI agents needing authentication, fine-grained authorization, governance and lifecycle management move into production. Identity leaders and leaders driving AI initiatives recognize the need for IAM discipline for this new class of identities that represent a significant expansion of the enterprise attack surface. Related: Oracle Red Bull Racing Team Revs Up Automation to Boost Security The budget for previous identity security projects like identity governance and security (IGA), access management (SSO, MFA), or privileged access management (PAM) has typically come from an IT budget owned by the CIO or a security budget owned by the CISO. Projects for AI agents show a very different dynamic. Omdia had surveyed 350 IT leaders in the first half of 2025 and found that 45% were using a completely new, standalone budget for their AI agent projects. This bucket of funds for AI is different than a digital transformation budget or an innovation/science project budget. Then in January 2026, Omdia surveyed 400 identity leaders around “Identity Security for AI Agents” and probed into the source for funding identity security for AI agents. 36% of enterprise identity leaders said they tapped a separate, standalone AI budget. There is an identity “tax” being levied against an AI budget to fund the identity security layers needed for AI agents. While having a standalone AI budget was the most frequent response, the other approaches to funding identity security for AI agents were reallocating funds from other technology/innovation budgets (28%), using a digital transformation or AI initiative (21%), and reducing existing identity budgets in other identity areas (15%). Given how diffused and diverse AI agent initiatives are in the enterprise, identity leaders are engaging with new constituents to ensure that the right identity management, governance, and security layers are in place. These are net new layers. Identity security for AI agents requires visibility (inventory of AI agent identities, visibility into what agents are doing), fine-grained access management (guarding against over-permissioned agents and long-lived credentials), governance (ensuring access aligns with policy, controlling against AI drift), and lifecycle management. Identity leaders are having to educate their security peers and other enterprise constituents about the role of identity for compliance, security, as well as efficiently scaling AI agent projects. Related: Your Next Breach Will Look Like Business as Usual Securing AI agents requires many technology layers, however identity security is a key pillar of any AI agent security strategy. AI agents represent a new, first-class identity that requires new policies, processes, and technology tooling. And that costs money and requires budget. Something that caught my eye in comparing the Omdia survey results was that the IT audience indicated that 45% of enterprises had a standalone AI budget, but the identity teams reported that they tapped that AI budget to deliver identity security for AI agents 36% of the time. That nearly 10% delta means that identity teams probably have an underappreciated budget source to fund AI agent identity infrastructure. The 15% of identity teams use their existing identity budget for AI agent identity security, and that cost may be more appropriately covered by the AI budget. And I expect a similar dynamic holds true for other “cybersecurity for AI” projects. The budget is there, but someone has to educate the AI budget holder and make a business case. Related: Microsoft Proposes Better Identity, Guardrails for AI Agents There are some key takeaways from this data. For enterprise identity and security teams: Make certain you are plugged into the AI agent projects happening throughout the enterprise and educate stakeholders on the need for management, security, and governance for AI agent populations. Those projects might be raised to the internal “AI Steering Committee” or they may not.Getting visibility and control with the right identity security layers in place is preferable to scrambling to respond to a security incident when you find unsanctioned “shadow AI” causing mischief. Start tapping the AI budget to fund the needed identity security infrastructure.The executive(s) driving AI projects will understand the imperative to have the right identity and access management (IAM) layers in place for AI agents when you explain compliance obligations, security risks, and how the right identity “railroad tracks” can help accelerate and scale AI agent projects For vendors: Start to understand the new personas for AI initiatives. Every company is different, and vendor Go To Market teams may need to understand a new AI audience and decision maker. You will need to arm your existing identity security customers with the tools to make the case for any technology or service, or your sales and marketing teams will need to reach that enterprise AI leader to educate them. It is a great time to work in identity security – the dynamism around AI agents in particular makes your head spin! If you are a new technology player solving an interesting new identity problem or you have an innovating approach to an existing challenge, I would like to hear about it. You can reach me via LinkedIn . Further Reading: Link 1: https://www.darkreading.com/identity-access-management-security/identity-governance-administration-app-proliferation-app-integration-chasm Link 2: https://www.darkreading.com/cloud-security/ai-agent-workload-identity-crisis Link 3: https://www.darkreading.com/cybersecurity-operations/ai-agent-security-awareness-responsibility About the Author Todd Thiemann Principal Analyst, Enterprise Strategy Group Todd Thiemann is a Principal Analyst at the Enterprise Strategy Group, researching data security and identity and access management (IAM). He is an information security veteran with more than a decade of experience across a range of subjects, including encryption, key management, IAM/authentication, identity security, and security operations, at leading cybersecurity companies such as Arctic Wolf Networks, Trend Micro, Vormetric/Thales, and Nok Nok Labs. He graduated from Georgetown University with a Bachelor of Science degree and earned an MBA from the Anderson School at UCLA. He enjoys cybersecurity because it is ever-changing and continually challenges us to explain things clearly without losing essential nuance. See more from Todd Thiemann Want more Dark Reading stories in your Google search results? Add Us Now More Insights Industry Reports How Enterprises Are Developing Secure Applications How Enterprises Are Harnessing Emerging Technologies in Cybersecurity Ditch the Data Center: Understanding Flexible Cloud Infrastructure Security Management 2025 State of Malware Sysdig 2025 Cloud-Native Security and Usage Report Access More Research Webinars Prompt Injection Is Just the Start: Securing LLMs in AI Systems Anatomy of a Data Breach: What to Do if it Happens to You How Well Can You See What's in Your Cloud? Implementing CTEM: Beyond Vulnerability Ma