Token Security Warns: Dormant AI Agent Credentials Remain Active

Most security teams treating shadow AI as a data-leakage problem have the threat model backwards. According to The Hacker News, the real exposure is not an employee pasting a customer list into ChatGPT. It is the AI agents already operating inside your network, provisioned with real credentials, connected to live systems, and left running long after anyone stopped paying attention to them.

Token Security's Agentic Pulse data is the number worth dwelling on: 65.4% of agentic chatbots deployed in enterprise environments have never been used since creation, yet their credentials remain fully active. These are not fringe cases. They are agents deployed across departments through browser extensions, SaaS-native features, developer tools, MCP servers, and custom scripts, often without the security team ever knowing they existed. In a related finding from the same research, 82% of organizations discovered at least one AI agent or workflow that IT and security did not previously know about.

What makes this structurally different from ordinary shadow IT is how agents hold and use access. Traditional identity and access management was designed for human users following predictable paths. AI agents break those assumptions: they inherit broad permissions rather than being provisioned with least-privilege access, they chain through multiple systems sequentially using those inherited credentials, and they stay active indefinitely, including after the person who created them has left the organization. Cloud Security Alliance research found that 78% of organizations lack formally adopted policies for managing non-human identities at all, which means the gap between what agents can access and what any human is monitoring is not a configuration problem. It is a governance gap.

The honest caveat is that Token Security sells identity security products for AI agents, so treat the Agentic Pulse percentages as directionally serious rather than fully independent benchmarks. What the reporting also does not give you is breach rate data. Knowing that 65.4% of agents carry dormant but live credentials tells you about exposure surface, not about how often those credentials are actually exploited or what a realistic attacker does with them.

The argument for acting before an incident forces the issue is simple arithmetic. As agent deployment accelerates, the unmanaged credential surface scales with it unless organizations build lifecycle management in from the start: defined ownership at creation, scoped access that matches actual purpose, and genuine decommissioning when an agent is retired rather than just left to sit. The vendors focused on non-human identity security are already well positioned for the enterprise attention this problem is beginning to draw.