The AI agent explosion is happening, and the sheer numbers are going to be staggering. AI identities will soon outnumber human users 25:1. Organizations aren’t going to hire 25 times more IT staff to manage this shift—that’s not how budgets work.
History provides a useful model to understand what this wave could mean.
The Density Curve: A History
I grew up in the era of physical servers moving to virtual machines (VMs), then to containers, and now to serverless computing. Looking back, it was wild—we went from ordering physical servers from Dell or HP, installing a single operating system on them, and running them for a decade before unplugging them, to a world where we could spin up virtual machines at scale. Virtualization eliminated a lot of supply chain headaches, enabling businesses to be more agile.
Then we saw the shift to containers. If the first phase was about efficiency, this next phase was about density. VM monitoring tools could keep up for a while, but eventually the scale demanded a new model. Security, networking, and operations had to adapt. Serverless computing pushed this even further—individual compute instances could last for seconds, yet still required permissions, logging, and updates just like a traditional server did.
If we apply this model to AI agents, we see a similar pattern emerging. The underlying concerns—identity, security, access management—don’t go away, but they evolve. The density of entities we need to govern explodes. The lifecycle of an agent isn’t measured in years, but potentially in minutes.
Modeling The AI Agent Explosion
So, what does this mean? Let’s take a 1,000-person company. In a traditional identity model, that company might have a few hundred SaaS applications, some service accounts, and some ephemeral identities. With AI, every core business application will start to have an associated agent: a Salesforce AI agent managing leads, a GitHub AI agent reviewing code, a Confluence AI agent summarizing knowledge. Then there are the personal productivity agents—AI assistants helping employees write emails, automate workflows, or query company data.
This isn’t just a doubling of identities; this is an explosion. Every ephemeral AI task could have a different identity. That 1,000-person company could suddenly be managing hundreds of thousands or even millions of AI agent identities annually. And just like we saw with the shift from physical servers to VMs to containers, the old ways of managing identity won’t scale.
The Takeaway: Prepare for Density
We are on the cusp of an identity transformation. A few key lessons from density growth:
- Ephemeral by default: AI agents are short-lived, requiring short-lived credentials and real-time provisioning.
- Automation at scale: AI can spawn more AI, which can lead to rapid identity proliferation and “identity sprawl.”
- Inherent complexity: Multi-layered access requires automated governance.
- Call to action: Plan for more identities, adopt ephemeral security patterns, and consider an AI-native IDP approach.
The future isn’t 10 years away—it’s months away. Companies need to prepare now, or they’ll be overwhelmed by the tidal wave of AI agents that will soon flood the enterprise.
