CURRENT | Foundations

The Workforce Problem

The Workforce Nobody Manages

By Nora Kaplan— February 25, 2026

Feature image for article: The Workforce Nobody Manages

Three million AI agents operate inside corporations. Walmart employs 2.1 million people across twenty countries and can account for every one of them. Recent surveys found nearly a quarter of organizations can't produce a list of their agents. Another quarter track them on spreadsheets. No inventory, no ownership records, no offboarding process. Everyone files these as security findings. But read that list of failures again, slowly. They sound like a workforce-management audit where every line item is red. Workforce-management failures call for workforce-management fixes.

The Workforce Problem

The Workforce Nobody Manages

By Nora Kaplan— February 25, 2026

Three million AI agents operate inside corporations. Walmart employs 2.1 million people across twenty countries and can account for every one of them. Recent surveys found nearly a quarter of organizations can't produce a list of their agents. Another quarter track them on spreadsheets. No inventory, no ownership records, no offboarding process. Everyone files these as security findings. But read that list of failures again, slowly. They sound like a workforce-management audit where every line item is red. Workforce-management failures call for workforce-management fixes.

Standards as Practice

NIST Is Running a Design Review on Agent Identity. The First Window Closes in Twelve Days.

By Rina Takahashi— February 25, 2026

Feature image for article: NIST Is Running a Design Review on Agent Identity. The First Window Closes in Twelve Days.

Roughly one in five organizations treats AI agents as entities that deserve their own identity credentials. The rest use shared service accounts or hardcoded keys. While practitioners figure this out in production, two teams inside NIST are writing the federal definitions of "agent identity," "authorization scope," and "agent security." Those definitions will harden into compliance language, procurement requirements, tooling categories. The vocabulary is still soft. The first comment window closes March 9. And the process is asking questions that sound a lot like a design review.

Standards as Practice

NIST Is Running a Design Review on Agent Identity. The First Window Closes in Twelve Days.

By Rina Takahashi— February 25, 2026

Roughly one in five organizations treats AI agents as entities that deserve their own identity credentials. The rest use shared service accounts or hardcoded keys. While practitioners figure this out in production, two teams inside NIST are writing the federal definitions of "agent identity," "authorization scope," and "agent security." Those definitions will harden into compliance language, procurement requirements, tooling categories. The vocabulary is still soft. The first comment window closes March 9. And the process is asking questions that sound a lot like a design review.

Further Reading

State of AI Agent Security 2026The primary data source behind the workforce-scale numbers cited in this issue. Full survey methodology across 919 respondents, with the finding that over half of deployed agents r...

Announcing the AI Agent Standards InitiativeNIST's official announcement with links to both RFIs and March/April submission deadlines. Essential reading if you want to understand what the U.S. government thinks it can standa...

Quick links

AI Agents Behave Like Users, But Don't Follow the Same Rules

The State of AI & Browser Automation in 2026

OpenClaw Is Riddled With Security Concerns

The Numbers

No single number here is the story. The story is what they look like lined up together: agents deploying faster than security teams can approve them, inventories that don't exist or live in spreadsheets, identity models built for people being asked to account for autonomous software.

The governance gap around AI agents has moved from hypothetical to quantifiable. Gravitee's 2026 survey and a pointed new Gartner forecast give it shape. These are the reference points behind this cycle's features. Read them as context, not verdicts.

The Numbers

No single number here is the story. The story is what they look like lined up together: agents deploying faster than security teams can approve them, inventories that don't exist or live in spreadsheets, identity models built for people being asked to account for autonomous software.

The governance gap around AI agents has moved from hypothetical to quantifiable. Gravitee's 2026 survey and a pointed new Gartner forecast give it shape. These are the reference points behind this cycle's features. Read them as context, not verdicts.

Agent Population

Three Million Agents, Half Running Without Oversight

Over 3 million AI agents now operate inside US and UK corporations. 53% are neither monitored nor secured. For scale: that's an unsupervised workforce exceeding Walmart's entire global headcount. (Gravitee, n=750 CTOs and tech VPs)

Adoption Gap

Most Teams Ship Agents Before Security Signs Off

81% of teams have moved past planning into active testing or production. Only 14.4% of agents go live with full security approval. The remaining 85.6% launch with partial oversight or none whatsoever. (Gravitee, n=919)

Invisible Fleet

Nearly Half of Organizations Can't Locate Their Agents

22.5% of organizations have no formal catalog of their agents or MCP servers. Another 25.4% track them on spreadsheets, which go stale the moment someone hits save. Together, that's nearly half with no reliable real-time inventory. (Gravitee, n=919)

Identity Gap

Agents Rarely Get Their Own Identity in Security

Just 21.9% of organizations treat AI agents as independent, identity-bearing entities in their security model. The rest still lump them in with human users or generic service accounts, which quietly guts auditability and access control. (Gravitee, n=919)

Gartner Forecast

Gartner: Half of AI Initiatives Will Stall Out

"Through 2028, over 50% of AI initiatives will halt, becoming unmanageable, because of unresolved agentic identity challenges." Note: this is a separate prediction from Gartner's earlier cost-focused cancellation forecast. The culprit here is identity governance specifically. (Gartner, via Veza)

Incident Reality

88% Report Confirmed or Suspected Agent Security Incidents

88% of organizations confirmed or suspected an agent-related security or data privacy incident in the past year. Documented cases include agents leaking confidential data, acting on stale information, and deleting databases nobody asked them to touch. (Gravitee, 2026)

What's Moving

Governance showed up this week from several directions at once. NIST launched its first formal agent standards push. Veza shipped an identity control plane that treats AI agents as first-class identities. MCP found a new institutional home at the Linux Foundation. Each of these is a serious move, and together they signal that the organizational vacuum around agent governance is starting to fill.

But the capability side didn't wait. Microsoft consolidated its agent frameworks, Gong wired MCP into enterprise sales infrastructure, and OpenClaw reminded everyone that the attack surface is already live and already being exploited at scale. The pattern holds: governance is arriving, but capability keeps outrunning it.

What's Moving

Governance showed up this week from several directions at once. NIST launched its first formal agent standards push. Veza shipped an identity control plane that treats AI agents as first-class identities. MCP found a new institutional home at the Linux Foundation. Each of these is a serious move, and together they signal that the organizational vacuum around agent governance is starting to fill.

But the capability side didn't wait. Microsoft consolidated its agent frameworks, Gong wired MCP into enterprise sales infrastructure, and OpenClaw reminded everyone that the attack surface is already live and already being exploited at scale. The pattern holds: governance is arriving, but capability keeps outrunning it.

Federal Standards

NIST Opens First Federal Push on Agent Standards

NIST's new AI Agent Standards Initiative targets security and identity for autonomous systems through parallel tracks. An RFI on agent security closes March 9; a concept paper on agent identity and authorization accepts comments through April 2, with listening sessions to follow.

Identity Governance

Veza Ships Identity Control Plane for AI Agents

Veza Access Agents, launched today, automate identity governance spanning humans, non-human identities, and AI agents. A new Suggested Owner Agent maps agents to human owners, tackling the attribution problem directly. Early access is live now; GA is targeted for end of Q2 2026.

Protocol Governance

MCP Joins Linux Foundation, Apps Extension Goes Official

Anthropic donated MCP to the Agentic AI Foundation under the Linux Foundation, co-founded with Block and OpenAI. Separately, MCP Apps went official, letting tools return interactive UI components like dashboards and forms directly inside agent conversations.

Supply Chain

OpenClaw Exposure Reveals Agent Security at Breaking Point

Censys found over 21,000 publicly exposed OpenClaw instances. Researchers flagged roughly 12% of ClawHub skills as malicious, distributing infostealers through professional-looking plugins. The npm and PyPI "claw" package ecosystem has exploded from near-zero to over 1,000 packages, with an estimated 900 now malicious.

Framework Consolidation

Microsoft Unifies AutoGen and Semantic Kernel Into One

The Microsoft Agent Framework, now in public preview, merges AutoGen's agent abstractions with Semantic Kernel's enterprise plumbing. Both predecessors enter maintenance mode. The consolidated framework targets 1.0 GA by end of Q1 2026, with MCP and A2A interoperability baked in.

Enterprise Adoption

Gong Launches MCP Support to Bridge AI Silos

Gong shipped MCP support today under its Mission Andromeda initiative, connecting to Salesforce, HubSpot, and Microsoft Dynamics 365. The company positioned the move as a response to AI fragmentation, where siloed agents can't orchestrate across the full customer journey.