Connect
Mark started his new role on a Tuesday.
The engineering team needed him onboarded fast. He’d be pulling from production systems and a handful of analytics datasets, so there was significant access to coordinate. IT got the request. What does Mark need? What systems should he touch? Who is accountable if something goes wrong? And what happens to his access when the project ends?
The IT team asked the right questions, scoped his permissions, and set expectations. Standard onboarding, done right. Except Mark is not a person. It’s an AI agent that an engineer built to speed up a data project. Every conversation about its access, its costs, and its accountability happened with IT — not HR.
That is not unusual. It is not wrong. It is the beginning of something every IT team needs to build: HR for Agents™.
What does that process look like, and why is IT the right team to own it?
The Hire Nobody Planned For
According to JumpCloud’s Agentic IAM Pulse Report, 72% of organizations already have AI agents in production. Most are skipping the governance process entirely. Engineers spin them up to automate tasks. Business teams wire them into workflows. Nobody calls HR, and in most cases, nobody calls IT either.
That creates two problems. The first is visibility. You cannot govern what you cannot see. Without a registered owner, an agent has no access review, no entitlement check, and no offboarding path. It runs until someone notices, or until it causes a problem.
The second is accountability. When a human employee accesses a production system, there is a clear chain of responsibility. When an agent does, that chain has to be deliberately engineered:
- Who authorized it?
- What is it allowed to do?
- Who is responsible for what happens next?
These are the same questions HR has always asked about people. IT needs to start asking them about agents.
The Lifecycle HR Knows by Heart
HR built its discipline around one core idea: every person moves through three stages, and each one needs structure:
- Onboarding sets the baseline. A new hire gets access scoped to their role, with a clear owner. Nothing more.
- Active management tracks what changes. As roles shift, access gets updated. HR keeps the records current so the right people have the right access at every stage of their tenure.
- Offboarding closes the loop. When someone leaves, access ends. Credentials get revoked. Nothing lingers.
Agents need the same three stages.
When one gets deployed, IT should onboard it the way HR onboards a new hire. Name its purpose, scope its access, and assign a human owner who is accountable for what it does. While it runs, track what it is accessing and adjust as the work shifts. When the project ends, the agent gets offboarded. It should not keep running as an abandoned process with credentials it no longer needs.
According to the same report, 55% of organizations lack a centralized kill switch for their AI agents, and 33% say their only option to shut one down is to go system by system. That is how zombie agents are created.
This is what HR for Agents™ looks like in practice.
IT Is the Right Owner
This is not HR’s job. Agents are not people. They do not have employment records or performance reviews. What they have is access to APIs, to data, and to infrastructure. IT controls all of it.
That makes IT the natural owner of the agent lifecycle. You already hold the keys. The work now is building the process to match the responsibility.
The concept is not complicated, and it has a name: HR for Agents™. Treat every agent deployment with the same structure and oversight HR brings to every new hire. Scope it. Track it. Shut it down when the work is done.
JumpCloud is building toward exactly this: a unified platform to manage the full lifecycle for humans, machines, and agents together.
The organizations that will manage the agentic era well are not waiting for someone else to build a framework. They are the IT teams that recognized the problem early and built their process before the problem built itself. Learn more about how JumpCloud is enabling AI-powered IT today.
