Token Security: AI Agents Need IAM Controls, Audit Trails, and Least-Privilege Enforcement

Security research firm Token Security released analysis arguing that AI agents must be treated as identities requiring the same governance controls applied to human users and service accounts, according to BleepingComputer. The core argument: agents access data, trigger workflows, deploy code, and interact with critical business systems, but most organizations have no identity access management (IAM) framework governing what agents can do or how their permissions are audited.

The Governance Gap

According to Token Security’s analysis, the standard enterprise security stack treats agents as tools rather than actors. A human user accessing a CRM system goes through authentication, authorization, and audit logging. An AI agent performing the same actions often operates with broad API tokens, no session-level permissions, and no behavioral monitoring. The gap is structural: IAM systems were designed for users and service accounts, not autonomous software that makes decisions about which APIs to call.

Recent Exploits Confirm the Risk

The timing matters. On June 18, TechTarget published a CISO guide documenting security risks in autonomous agents deployed through OpenClaw, including CVE-2026-25253, a token exfiltration vulnerability with a CVSS score of 8.8. That vulnerability allowed attackers to extract authentication tokens from agent sessions, precisely the kind of identity governance failure Token Security describes. If agents had been subject to least-privilege enforcement and token rotation policies, the attack surface would have been narrower.

What Token Security Recommends

The firm’s prescriptions follow established IAM principles applied to a new actor class. Agents should have scoped credentials with automatic expiration. Every agent action should generate audit logs tied to a specific identity. Permissions should follow least-privilege by default, with explicit escalation paths for sensitive operations. Agent-to-agent delegation (one agent granting permissions to another) should require the same approval workflows as human-to-human privilege escalation.

The Enterprise Adoption Bottleneck

For organizations deploying agents at scale, the identity governance question has become a prerequisite. Ent.AI’s $100M seed round for agent security infrastructure, Capacity crossing $100M ARR on agentic support automation, and Microsoft’s Scout agent requiring Entra identity governance all point to the same conclusion: the market is pricing agent identity as a first-class infrastructure concern, not an afterthought.