THE Hacker News reports on how AI agents are transforming enterprise work by scheduling meetings, accessing data, triggering workflows, writing code and acting in real time, which raises a central question: who approved this? The piece explains that AI agents are not like ordinary users or service accounts; they operate with delegated authority, can act autonomously across systems, and may accumulate broad, long‑lived permissions that existing IAM models struggle to govern.
It highlights access drift, where agents quietly gain permissions as their scope expands, and notes that ownership and accountability are often unclear when something goes wrong.
The article organises AI agents into three types: Personal Agents (user‑owned, with access inherited from the user and relatively small blast radii), Third‑Party Agents (vendor‑owned, embedded in SaaS and AI platforms with clearer vendor accountability), and Organizational Agents (shared across teams with often no clear owner and the highest risk).
It also introduces the Agentic Authorization Bypass problem, where agents act on behalf of users using their credentials, potentially enabling actions beyond what the user could directly approve. The piece calls for redefining risk and ownership to manage these new dynamics.