Connect
The numbers tell the story of a fundamental shift. According to recent findings in Deloitte’s Tech Trends report, the telephone took 50 years to reach 50 million users. The internet took seven years. A leading generative AI tool reached roughly twice that number in just two months.
Today, that single tool has over 800 million weekly users, roughly 10% of the planet’s population.
But behind these staggering adoption numbers lies a quieter, more urgent warning for IT and Security leaders. We are witnessing the rise of the “Silicon Workforce”—autonomous agents that don’t just chat, but execute tasks, access databases, and move data.
For IT and Security admins, this presents a paradox: You are about to onboard the largest, fastest, and most productive workforce in your company’s history. The problem is, you don’t know who they are, you didn’t hire them, and currently, you have no way to manage them.
The Disconnect Between the Boardroom and the Network
There is a dangerous gap between the strategy slides in the boardroom and the reality on the network.
Gartner predicts that by the end of 2026, many organizations will have more AI agents than human employees. These agents will be handling everything from customer support inquiries to code generation and financial analysis.
But the present reality is murky. Deloitte finds that only 11% of organizations currently report having agents in formal production. Even more concerning, 35% of organizations admit they have no agentic strategy at all.
Look at the discrepancy: If only 11% of companies have “official” agents, but 10% of the planet is using AI weekly, where is that usage coming from?
It’s coming from your users/employees.
It’s happening on unmanaged devices, in unapproved browser tabs, and through “free” accounts that are actively ingesting corporate data. This is the evolution of Shadow IT, but the stakes are significantly higher.
In the SaaS era, Shadow IT meant an employee using Trello without permission. In the Agentic era, Shadow IT has become shadow AI (adopting unauthorized AI tools), an employee spinning up an autonomous agent, granting it API keys, and letting it read, write, and delete corporate data.
These agents have permissions, but no HR record. They operate at machine speed, while your governance operates at human speed.
The Investment Imbalance: 93% vs 7%
Why are IT teams so unprepared for this shift? The answer lies in a fundamental misallocation of resources across the industry.
We are currently suffering from a “shiny object” syndrome. Recent data reveals a stark investment imbalance:
- 93% of AI investment is poured into technology
- While only 7% goes into people and process
Organizations are obsessed with the size of the Large Language Model (LLM) or the speed of the GPU, but they are neglecting the foundational layer that makes AI safe and usable: identity and visibility.
This imbalance has consequences. It is exactly why Gartner predicts that 40% of agentic projects will fail.. It is also why, despite a 280-fold drop in token costs over the last two years, many enterprises are seeing monthly inference bills in the millions.
When you invest 93% in tech and only 7% in process, you end up automating chaos. You scale broken workflows. You create a sprawling, ungoverned landscape where autonomous agents operate without guardrails. The technology works, but the implementation fails because the infrastructure—specifically the identity infrastructure—cannot handle the load.
Identity Is the Only Perimeter Left
The hard truth is that most IT environments are built on legacy concepts of “perimeter security.” We spent decades building firewalls, VPNs, and castle-and-moat architectures to keep bad actors out.
But the Silicon Workforce doesn’t attack your castle walls. It is invited in by your employees.
You cannot firewall an AI agent that is logging into a SaaS application using valid credentials. You cannot use traditional endpoint protection to stop a browser-based agent that an employee voluntarily installed to help them write code.
This forces a return to first principles: Identity is first for security.
In a world of autonomous agents, the only constant is the identity of the actor—whether human or machine. If you cannot assert identity with absolute certainty, you cannot secure the action. Security must move upstream. You have to validate the who (Identity) before you validate the what (Access).
For the Silicon Workforce, identity is the security architecture. Without a unified directory that governs both human and machine identities, every agent becomes a potential insider threat.
Why Legacy Systems Crumble Under Agentic Load
This shift exposes the fragility of legacy identity systems. Active Directory (AD) and fragmented SSO solutions were designed for a world where:
- Employees worked 9-to-5.
- Identity counts were relatively stable.
- Access requests were handled manually by IT helpdesks.
None of these assumptions hold true for the Silicon Workforce:
- Speed: AI agents work 24/7 and execute tasks in milliseconds. A manual provisioning process that takes 24 hours for a human is a lifetime for a bot.
- Scale: Agents can spin up thousands of instances in seconds to handle a workload spike. Legacy directories often choke on this level of dynamic creation and deletion.
- Context: Humans generally stay in one location or device type. Agents move fluidly across cloud, on-prem, and edge environments.
If you try to manage AI agents with 2005’s identity tools, failure is inevitable. The system will either break under the volume, or you will act as a bottleneck that slows the business to a crawl. To survive, IT admins need a directory that is as agile and cloud-native as the agents they are trying to manage.
How to Regain Control
At JumpCloud, we view this “blindness” to AI not just as an operational nuisance, but as a critical break in the security chain. You cannot secure an identity you do not know exists.
The solution is not to buy more “AI tools,” but to mature your identity strategy.
Step 1: Turn on the Lights (Shadow AI Discovery)
Before you can govern agents, you must find the humans hiring them. You need to close the gap between the “official” 11% and the actual usage in your company.
JumpCloud has engineered Shadow AI Discovery capabilities specifically to solve this visibility crisis. This allows IT teams to scan their environment to answer critical questions:
- Which AI tools and applications are active on our endpoints?
- Who are the users championing these tools?
- Is this usage compliant with our data privacy standards?
Often, the result of this first scan is a shock. Leaders who thought they had “zero AI usage” discover dozens of tools, from coding assistants to unapproved transcription bots, active on their networks.
Step 2: Classify and Unify
Once the shadows are revealed, the goal is not necessarily to ban them, but to bind them to a managed identity. This is where the Unified Open Directory becomes critical.
Since most AI agents today are triggered by humans, the governance strategy must focus on holding the human user accountable.
- User Accountability: Ensure that every instance of AI usage is traced back to a specific, managed employee profile. You cannot leave AI tools running under shared logins or unmanaged local accounts.
- Device Trust: Ensure the AI tool is only running on managed, secure devices. If an AI tool is running on a personal, unpatched laptop, it creates a pipeline for data exfiltration.
- Access Control: Apply the Principle of Least Privilege to the human. If an employee is using a coding assistant, ensure that employee’s permissions are strictly limited to the code repositories they need, preventing the AI tool from “inheriting” excessive access to financial or HR data.
Step 3: Governance at Machine Speed
Finally, organizations must move to continuous governance. Because AI scales exponentially, governance must be automated. A modern identity platform must be able to revoke access instantly if the host device falls out of compliance, ensuring that corporate data remains secure even if the tool or the device is compromised.
Paving the Road for an Identity-First Age
The “Silicon Workforce” is not a sci-fi concept for the distant future. It is effectively already on your network, hired unofficially by your employees.
The research from Deloitte and Gartner serves as a clear warning: The gap between the “leaders” who govern this shift and the “laggards” who are overrun by it is growing exponentially. The organizations that succeed will not be those with the flashiest AI models.
They will be the organizations with the discipline to invest in the “7%”—the people, the process, and the identity infrastructure.
You have a choice. You can let the new workforce operate in the shadows, creating risk and fragmentation. Or, you can future-proof your infrastructure.
You can bring them into a Unified Directory, subject them to Identity-First security, and turn a potential vulnerability into your greatest competitive advantage.
The bots are here. It’s time to manage them.
Beyond Humans and Bots
Find out what managing the third face of identity looks like in the Agentic age.
