Shifting Budget Dynamics for Identity Security and AI Agents TechTarget and Informa Tech’s Digital Business Combine.TechTarget and InformaTechTarget and Informa Tech’s Digital Business Combine.Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities.Dark Reading Resource LibraryBlack Hat NewsOmdia CybersecurityAdvertiseNewsletter Sign-UpNewsletter Sign-UpCybersecurity TopicsRelated TopicsApplication SecurityCybersecurity CareersCloud SecurityCyber RiskCyberattacks & Data BreachesCybersecurity AnalyticsCybersecurity OperationsData PrivacyEndpoint SecurityICS/OT SecurityIdentity & Access Mgmt SecurityInsider ThreatsIoTMobile SecurityPerimeterPhysical SecurityRemote WorkforceThreat IntelligenceVulnerabilities & ThreatsRecent in Cybersecurity TopicsApplication SecurityGitHub Confirms Breach, 4K Internal Repos StolenGitHub Confirms Breach, 4K Internal Repos StolenbyAlexander CulafiMay 20, 20263 Min ReadCybersecurity OperationsInterpol's 'Operation Ramz' Pioneers Cross-Region Collabs in Middle EastInterpol's 'Operation Ramz' Pioneers Cross-Region Collabs in Middle EastbyRobert LemosMay 20, 20264 Min ReadWorld Related TopicsDR GlobalMiddle East & AfricaAsia PacificLatin AmericaSee AllThe EdgeDR TechnologyEventsRelated TopicsUpcoming EventsPodcastsWebinarsSEE ALLResourcesRelated TopicsResource LibraryNewslettersPodcastsReportsVideosWebinarsWhite Papers Partner PerspectivesDark Reading Resource LibraryIdentity & Access Management SecurityCyberattacks & Data BreachesCommentaryEnterprise cybersecurity technology research that connects the dots.AI Agents Are Shifting Identity Security Budget DynamicsAI agent projects are proliferating throughout the enterprise, and those AI agent identities require management, security, and governance. New Omdia research shows the AI agent identity budget dynamics are very different than traditional IAM projects.Todd Thiemann,Principal Analyst,Enterprise Strategy GroupMay 21, 20265 Min ReadSource: Edgars Sermulis via Alamy Stock Photo COMMENTARYWhile Omdia's new research, "Identity Security for AI Agents," revealed numerous interesting findings, something that caught my eye was the radically changing budget dynamics around agentic AI adoption. The study, which surveyed identity leaders in the US and Canada, showed how identity teams are rapidly evolving their existing identity and access management (IAM) tooling, focused on human and non-human identities, to put management and identity security in place for AI agent populations as well. AI agent populations are expanding and evolving toward autonomous systems operating at machine speed, accessing sensitive data, APIs, and workflows across hybrid environments. The proliferation of identities and privileges is a challenge today, and will become even more so as AI agents needing authentication, fine-grained authorization, governance, and life cycle management move into production. Identity leaders and leaders driving AI initiatives recognize the need for IAM discipline for this new class of identities, which represent a significant expansion of the enterprise attack surface. Related:Identity Security 2026: Four Predictions & RecommendationsThe budget for previous identity security projects like identity governance and security (IGA), access management (SSO, MFA), or privileged access management (PAM) has typically come from an IT budget owned by the chief information officer (CIO), or a security budget owned by the chief information security officer (CISO). Projects for AI agents show a very different dynamic. Omdia surveyed 350 IT leaders in the first half of 2025 and found that 45% were using a completely new standalone budget for their AI agent projects. This bucket of funds for AI was separate from the digital transformation budget or an innovation/science project budget.  Then in January 2026, Omdia surveyed 400 identity leaders around "Identity Security for AI Agents" and probed into the source for funding identity security for AI agents. More than a third (36%) of enterprise identity leaders said they tapped a separate, standalone AI budget. There is an identity "tax" being levied against an AI budget to fund the identity security layers needed for AI agents. While having a standalone AI budget was the most frequent response, the other approaches to funding identity security for AI agents were reallocating funds from other technology/innovation budgets (28%), using a digital transformation or AI initiative (21%), and reducing existing identity budgets in other identity areas (15%). Given how diffused and diverse AI agent initiatives are in the enterprise, identity leaders are engaging with new constituents to ensure that the right identity management, governance, and security layers are in place. These are net-new layers. Identity security for AI agents requires visibility (inventory of AI agent identities, visibility into what agents are doing), fine-grained access management (guarding against over-permissioned agents and long-lived credentials), governance (ensuring access aligns with policy, controlling against AI drift), and life cycle management. Identity leaders are having to educate their security peers and other enterprise constituents about the role of identity for compliance, security, and efficiently scaling AI agent projects.  Related:Enterprises Aren't Confident They Can Secure Non-Human Identities (NHIs)Securing AI agents requires many technology layers, however identity security is a key pillar of any AI agent security strategy. AI agents represent a new, first-class identity that requires new policies, processes, and technology tooling. And that costs money and requires budget.  Something that caught my eye in comparing the Omdia survey results was that the IT audience indicated that 45% of enterprises had a standalone AI budget, but the identity teams reported that they tapped that AI budget to deliver identity security for AI agents 36% of the time. That nearly 10% delta means that identity teams probably have an underappreciated budget source to fund AI agent identity infrastructure. The 15% of identity teams use their existing identity budget for AI agent identity security, and that cost may be more appropriately covered by the AI budget. And I expect a similar dynamic holds true for other "cybersecurity for AI" projects. The budget is there, but someone has to educate the AI budget holder and make a business case. Related:Oracle Red Bull Racing Team Revs Up Automation to Boost SecurityAI Agent Security Data Highlights: For enterprise identity and security teamsMake certain you are plugged into the AI agent projects happening throughout the enterprise and educate stakeholders on the need for management, security, and governance for AI agent populations. Those projects might be raised to the internal "AI steering committee" or they may not. Getting visibility and control with the right identity security layers in place is preferable to scrambling to respond to a security incident when you find unsanctioned "shadow AI" causing mischief. Start tapping the AI budget to fund the needed identity security infrastructure. The executive(s) driving AI projects will understand the imperative to have the right identity and access management (IAM) layers in place for AI agents when you explain compliance obligations, security risks, and how the right identity "railroad tracks" can help accelerate and scale AI agent projectsFor vendorsStart to understand the new personas for AI initiatives. Every company is different, and vendor go-to-market teams may need to understand a new AI audience and decision maker. You will need to arm your existing identity security customers with the tools to make the case for any technology or service, or your sales and marketing teams will need to reach that enterprise AI leader to educate them. It is a great time to work in identity security — the dynamism around AI agents in particular makes your head spin! If you are a new technology player solving an interesting new identity problem or you have an innovating approach to an existing challenge, I would like to hear about it. You can reach me via LinkedIn.Read more about:OmdiaAbout the AuthorTodd ThiemannPrincipal Analyst, Enterprise Strategy GroupTodd Thiemann is a Principal Analyst at the Enterprise Strategy Group, researching data security and identity and access management (IAM). He is an information security veteran with more than a decade of experience across a range of subjects, including encryption, key management, IAM/authentication, identity security, and security operations, at leading cybersecurity companies such as Arctic Wolf Networks, Trend Micro, Vormetric/Thales, and Nok Nok Labs. He graduated from Georgetown University with a Bachelor of Science degree and earned an MBA from the Anderson School at UCLA. He enjoys cybersecurity because it is ever-changing and continually challenges us to explain things clearly without losing essential nuance.See more from Todd ThiemannWant more Dark Reading stories in your Google search results?Add Us NowMore InsightsIndustry ReportsHow Organizations Are Managing Incident ResponseHow Enterprises Are Developing Secure ApplicationsInside RSAC 2026: security leaders reveal the risks redefining your defense strategyHow Enterprises Are Harnessing Emerging Technologies in CybersecurityDitch the Data Center: Understanding Flexible Cloud Infrastructure Security ManagementAccess More ResearchWebinarsBuilding SecOps That Make the Most of Every DollarAI-Powered Credential Security: Intelligence Without ExposureAI-Powered Cybersecurity for Resource-Constrained OrganizationsHow Security Teams should apply Threat Intelligence into their DefensesYour Guide to Securing AI Adoption in Your OrganizationMore WebinarsDiscover MoreBlack HatOmdiaWorking With UsAbout UsAdvertiseReprintsJoin UsNewsletter Sign-UpFollow UsCopyright © 2026 TechTarget, Inc. d/b/a Informa TechTarget. This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world’s technology buyers and sellers. All copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.’s registered office is 275 Grove St. Newton, MA 02466.Home|Cookie Policy|Privacy|Terms of UseYour Privacy Choices

The proliferation of AI agent projects across the enterprise necessitates a fundamental shift in identity security budget dynamics, as these agent identities require dedicated management, security, and governance structures that differ significantly from traditional Identity and Access Management (IAM) projects. Research by Omdia has indicated that the identity security requirements for AI agents introduce substantial new demands, as these autonomous systems expand into accessing sensitive data, APIs, and workflows across hybrid environments, thereby expanding the overall enterprise attack surface. This evolution demands that identity leaders establish comprehensive IAM discipline for these new classes of identities, which represent a significant expansion of the security perimeter.

The financial allocation for securing AI agents presents a divergence from established budgeting practices. Historically, identity security initiatives, such as identity governance, access management (SSO, MFA), or privileged access management (PAM), were typically funded through existing IT or security budgets controlled by the CIO or CISO. However, the funding dynamic for AI agent projects is distinct. Omdia surveyed IT leaders in the first half of 2025 and found that forty-five percent were utilizing a separate, standalone budget specifically for their AI agent initiatives, distinct from existing digital transformation or innovation budgets. Furthermore, when probing the source of funding identity security for AI agents in January 2026, over one-third of enterprise identity leaders indicated that they tapped a separate, standalone AI budget to cover these identity security needs.

This suggests the existence of an identity security "tax" being levied against the AI budget to fund the necessary identity security layers for AI agents. While a standalone budget was the most frequently cited funding source, other approaches were also utilized, including reallocating funds from other technology or innovation budgets, allocating funds through digital transformation or AI initiatives, and reducing existing identity budgets in other domains. This multifaceted funding landscape highlights the need for identity leaders to engage new constituents to establish the necessary management, governance, and security layers for these emerging AI agent identities, which are fundamentally net-new security requirements.

Securing these non-human identities requires the implementation of critical identity security layers, including visibility—gathering an inventory of AI agent identities and monitoring their activities—fine-grained access management to prevent over-permissioning and manage long-lived credentials, robust governance to ensure access aligns with policy and controls for AI drift, and comprehensive life cycle management. Identity leaders must educate their peers and other enterprise constituents on the role of identity in compliance, security, and scaling AI agent projects. The comparison between the budget allocated for AI (45% standalone) and the use of that fund by identity teams to deliver agent identity security (36% usage) suggests that identity teams may have an underappreciated funding source within the broader AI budget. Consequently, executive leadership driving AI projects must understand the imperative for the right identity and access management (IAM) layers by clearly articulating the security risks, compliance obligations, and how appropriate identity infrastructure can accelerate and scale AI agent development.