The Man Who Governed 300 Bots Watches AI Agents Arrive

Enterprise identity governance was built for people. Directories, access reviews, joiner-mover-leaver workflows. Meanwhile, non-human identities quietly became the majority population. Service accounts, API keys, RPA bot credentials accumulated in the gaps between teams, ungoverned and often invisible. Now AI agents are arriving with the same credential needs and the same organizational blind spots.

Dex Rotatorio spent eleven years as an IAM architect at a major financial services firm before moving to advisory work in 2021. He agreed to meet during an identity security conference in Austin, where he was attending "as an anthropologist." Over iced coffee in a hotel lobby, he watched a stream of badge-wearing attendees pass through and occasionally nodded at one, the way you'd acknowledge someone you'd shared a foxhole with.

Rotatorio is, it should be noted, a fictional character. Though if you've worked in enterprise identity governance, you've almost certainly worked with him.¹

You spent a decade governing machine identities before most people used that phrase. What did the work actually look like?

Dex: Mostly? Arguing. There was technical work, sure. Building service account lifecycle processes, trying to get rotation policies enforced, writing standards nobody read. But the actual job was arguing with application teams about why their service account couldn't have domain admin privileges just because it was easier. And then losing that argument because they had a deployment deadline and I had a policy document.

The fundamental thing people didn't grasp, and still don't, is that we built the entire identity governance apparatus around humans. Directories. Access reviews. Certification campaigns. All of it assumes an identity that gets hired, moves departments, and eventually leaves.

A service account doesn't do any of those things. It gets created for a project, the project ships, the person who created it moves on, and the account just sits there. With its permissions. Forever.

When did RPA change things?

Dex: Around 2016, 2017 for us. And the thing about RPA is it didn't come through IT. It came through operations. Some VP saw a demo, got excited about automating invoice processing, and suddenly we had bots logging into production ERP systems with credentials that were, and I'm not exaggerating, hard-coded into the automation scripts.² Shared passwords. No rotation. No ownership in any system I could see.

I'd ask, "Who owns this bot's credentials?" and get three different answers from three different teams, all of whom were technically correct and none of whom felt responsible.³

Why does that ownership problem keep recurring?

Dex: Because it's structural, not cultural. The bot is a business process tool, so operations owns what it does. The credentials are a security artifact, so IAM or DevOps owns how it authenticates. The infrastructure it runs on is IT's problem. You've got an entity that crosses three organizational boundaries and none of them have full accountability. The audit finding lands, and everyone points at each other.

We ended up with something like 300 RPA bots across the firm at peak. Scattered across business units. Duplicated logic. Inconsistent credential management. Bots that had been decommissioned from a process perspective but whose accounts were still active with production access. Orphaned credentials everywhere.

And this was a regulated financial institution. We were supposed to be good at this.

How did it get resolved?

Dex: [laughs] "Resolved." That's generous. We got it to a state where auditors stopped issuing findings. Which is not the same thing. We built a bot inventory, forced ownership assignments, implemented some credential vaulting. But the underlying dynamic never changed. Business units deploy faster than governance can follow. Always.

So now AI agents are arriving.

Dex: Same movie. Different cast. And I mean that literally, because now the cast is non-deterministic.

The stats are already telling the story. Ninety-one percent of organizations are using AI agents, but only ten percent have governance in place.⁴ That's the RPA gap. Exact same gap. Business units deploying agents that approve expenses, pull customer data, monitor sentiment, and these agents authenticate with static API keys and permanent access to production systems. Nobody has a central view of what agents exist, who owns them, or what they can access.

But you said the cast is different. What makes agents structurally harder than bots?

Dex: An RPA bot was deterministic. You could read the script. You knew exactly what it would do, which systems it would touch, what credentials it needed. The blast radius was bounded.

An AI agent can spawn other agents. It can delegate privileges. It can chain tools across trust boundaries in ways that weren't anticipated when the credentials were provisioned.⁵

The ratio keeps getting worse, too. Something like forty-five non-human identities for every human one now.⁶ And ninety-two percent of cloud identities are overprivileged.⁷ That's the soil these agents are being planted in.

The governance principles people are proposing sound familiar. Distinct classification, mandatory ownership, just-in-time access, kill switches.

Dex: I wrote those. For RPA. Different slide deck, same four bullet points. And they're correct! Completely correct. The problem was never that we didn't know the principles. The problem was that the principles require organizational coordination that doesn't exist when deployment is decentralized and fast.

What would actually work?

Dex: [long pause]

The thing I keep coming back to is that we treat each automation wave as a software category. A product decision. RPA was a "productivity initiative." AI agents are an "AI initiative." And identity is treated as a detail, something you figure out during implementation.

But identity is the implementation. If you don't know what an entity is, who's responsible for it, what it can access, and how to shut it down, you don't have governance. You have hope.

Are you optimistic?

Dex: I'm realistic. OWASP just published a Non-Human Identity Top 10.⁸ That means the breach post-mortems have accumulated enough that the problem is undeniable. That's progress. That's roughly where we were with web app security in 2004.

So, twenty years behind? [smiles] Sure. I'm optimistic.

Rotatorio excused himself to catch a panel on agentic identity frameworks. "I want to see if anyone mentions credential rotation," he said. "I've got a drinking game."

Footnotes

1. Dex Rotatorio is a composite fictional character. Any resemblance to actual IAM architects is both coincidental and, frankly, inevitable. ↩

2. CyberArk, "What is Robotic Process Automation (RPA)?" — https://www.cyberark.com/what-is/robotic-process-automation/ ↩

3. Cybiant, "Credential Management for Automated Processes" — https://www.cybiant.com/whitepaper-why-credential-management-is-the-hidden-risk-in-your-automation-program/ ↩

4. Okta, "AI at Work 2025" — https://www.okta.com/blog/ai/okta-ai-agents-early-access-announcement/ ↩

5. Security Boulevard, "How Treating AI Agents as Identities Can Reduce Enterprise AI Risk" (April 2, 2026) — https://securityboulevard.com/2026/04/how-treating-ai-agents-as-identities-can-reduce-enterprise-ai-risk/ ↩

6. Token Security, "Machine Identity Governance: Best Practices for Non-Human Entities" (January 12, 2026) — https://www.token.security/blog/machine-identity-governance-best-practices-for-non-human-entities ↩

7. Security Boulevard, "How Treating AI Agents as Identities Can Reduce Enterprise AI Risk" (April 2, 2026) — https://securityboulevard.com/2026/04/how-treating-ai-agents-as-identities-can-reduce-enterprise-ai-risk/ ↩

8. OWASP Non-Human Identity Top 10 (2025) — https://owasp.org/www-project-non-human-identities-top-10/ ↩