Nine in 10 IT and C-suite leaders say identity management is a critical gap in agentic AI deployments
TINTON FALLS, N.J., July 16. Ninety percent of C-level and IT leaders surveyed say their organizations need identity-management improvements to address AI-related risks, according to findings released by Commvault (NASDAQ: CVLT). The survey, conducted by technology analysts and targeting senior decision-makers, identifies a specific exposure at the center of that concern: a surge of non-human identities gaining always-on access to corporate data.
TINTON FALLS, N.J., July 16. Ninety percent of C-level and IT leaders surveyed say their organizations need identity-management improvements to address AI-related risks, according to findings released by Commvault (NASDAQ: CVLT). The survey, conducted by technology analysts and targeting senior decision-makers, identifies a specific exposure at the center of that concern: a surge of non-human identities gaining always-on access to corporate data.
What the survey found
The research polled C-suite executives and IT leaders. Its central conclusion is that identity management, a control layer most enterprises built around human users, has become a recognized gap now that AI agents are operating inside corporate systems.
The mechanism is straightforward. A human employee's system access is tied to a login session. An AI agent's access is not. Whatever credentials an agent is provisioned with, it holds continuously, which makes a misconfigured or compromised non-human identity a standing exposure rather than a bounded incident. Nine in ten respondents told the survey their current controls are not adequate to manage that condition.
Non-human identities, as the survey frames them, include AI agents and similar automated systems that act on behalf of the organization without direct human involvement at each step.
Commvault and the source data
Commvault, based in Tinton Falls, N.J., and listed on Nasdaq as CVLT, describes itself as a provider of unified resilience. The company released the findings on July 16, 2026. The available summary does not specify sample size, full methodology, or the name of the technology analyst firm that conducted the research. Those details matter for gauging how broadly the 90% figure generalizes beyond the surveyed group.
Commercial implications
The survey frames identity management as the specific control point where agentic AI risk concentrates. Vendors in identity and access management and in data protection have a direct claim on remediation spending if organizations act on the gap they acknowledge.
Awareness of the problem is not what the data finds missing. Ninety percent of respondents have already concluded their controls fall short. What the survey does not answer is whether that acknowledgment moves budget.