AI agents are showing up in more workplaces every month. Here is the catch. Almost nobody is keeping an eye on them.
That is the blunt takeaway from JumpCloud’s new Q3 2026 IT Trends Report, titled AI Agents Are Entering Critical Workflows. Who’s Governing Them? The Louisville, Colorado company released the report on July 14, 2026. It paints a picture of businesses moving fast on AI and moving slow on the guardrails.
More than six in 10 organizations now run AI agents in production. Deploying agents has become the default, not the experiment. Governance? That part of the story reads very differently.
A Widening Gap Between Doing and Governing
Organizations have adopted fewer than a third of standard AI governance and security practices. Read that again. Two-thirds of the basic safeguards are sitting on the shelf.
Only 21% have put controls in place for non-human identities, or NHIs (the accounts, service credentials, and access tokens that software agents use instead of a person logging in). The rest are flying without that instrument on the dashboard.
Human Review Is Quietly Disappearing
Six months ago, 40% of organizations required a human to sign off before an AI agent took a high-risk action. Today that number is 25%. In half a year, a large share of companies pulled the person out of the loop.
Full autonomy tells the same story from the other side. Agents acting with no human review more than doubled, climbing from 11% to 26%. One in four organizations now lets AI act on its own for consequential tasks. The corporate attack surface grows wider with every one of those handoffs.
Confidence Fell Off a Cliff
Something strange happened to how IT leaders rate themselves. Six months ago, 40% called their organizations mature in AI deployment. Today, 23% say the same.
Agents gained more access over those six months. They moved deeper into production systems. And the people running them grew less sure they had a real handle on it. JumpCloud calls this a maturity reset. It looks like an honest one. Reality caught up with the hype.
Machines Now Outnumber People
In 83% of organizations, non-human identities outnumber human users. Bots, scripts, service accounts, and AI agents have quietly become the majority of the “users” on the network.
Yet only 21% have governance controls for those identities. Most companies are minding a fast-growing crowd of autonomous systems with no clear owner, no regular access review, and no plan for retiring stale accounts. Picture an office where nobody knows who holds keys to which door. That is the current state for a lot of IT teams.
Shadow AI Keeps Spreading
AI is being adopted from the ground up. Marketing tries a tool. Finance wires up an agent. Support automates a workflow. Nobody tells IT. That pattern, often called shadow AI, leaves blind spots all over the business. IT teams then fight to track, manage, and secure AI use across the whole company.
Unified IT Pulls Ahead
The report found one bright spot, and it is a big one. Companies with unified IT environments are five times more likely than average to report zero barriers to growing their use of AI agents. They are also nearly five times more likely to put agents into business-critical workflows, at 55% versus 11%.
The lesson is plain. Pull identity, devices, and access into one place, and scaling AI stops feeling like a bet. Leave those systems scattered, and every new agent adds risk you cannot see.
What JumpCloud Recommends
Joel Rennich, senior vice president of product management at JumpCloud, put it this way: “The next phase of AI adoption will not be won by the fastest deployers. It will be won by the organizations that can govern what they have built.”
He added that the companies that scale with confidence will be the ones that treat every identity, human or not, as something that needs security, management, and governance. In his words, “Intelligent, secure IT for the agentic era is not a future state. It is the requirement right now.”
JumpCloud is backing that message with a product. Its Agentic IAM (Identity and Access Management) solution stretches identity controls past human users to cover AI agents, automated workflows, and other non-human identities. The idea is simple. Apply the same access rules, lifecycle management, and audit trails to an agent that you already apply to an employee. Then hand IT teams a clear view of the whole picture.
My Read on the Numbers
Here is my take after years of watching security trends play out. This gap was predictable. New technology almost always arrives before the rules that keep it safe. We saw it with cloud storage. We saw it with mobile apps. AI agents are the newest version of the same old pattern. The numbers in this report show the gap getting wider, not smaller. That should get your attention.
The Takeaway for IT Leaders
The message from JumpCloud’s Q3 2026 report is hard to miss. AI agents have moved into production at most companies. Human oversight has thinned out. Non-human identities have taken over the network. And formal governance has barely started. Full autonomy doubled in six months. Human review shrank. Self-rated maturity dropped. Machines outnumber people in the vast majority of organizations, yet only one in five has controls built for them.
None of this means AI agents are a bad bet. They are already earning their keep. It does mean the smart move right now is governance, not more speed. Know which agents you run. Know what each one can touch. Give every agent an owner, a review schedule, and an off switch. Companies that build those habits will scale AI without losing sleep. The ones that keep handing over the keys and looking the other way are writing a security incident they have not read yet.