How prepared are businesses for a world where AI agents are quietly becoming some of the most powerful users inside their systems?
In this episode of Business of Cybersecurity, I sit down with Uri Haramati, CEO and co-founder of Torii, to unpack a shift that is happening faster than most organizations can keep up with. AI is no longer sitting on the sidelines as a productivity tool. It is now deeply embedded across platforms like Slack, Google Workspace, and CRM systems, often operating with levels of access that rival or even exceed human users. As Uri explains, that changes the entire security conversation, especially when many of these agents are effectively invisible to traditional identity and governance models.
What stood out to me in this conversation is how quickly AI adoption has moved from experimentation to something far more operational. Uri shares insights from Torii’s 2026 SaaS Benchmark Report, which reveals that enterprises added nearly 700 new AI applications in just one year, with 61 percent of all apps operating outside of IT oversight. That creates a growing blind spot, where non-human identities, API tokens, and automated workflows are interacting with sensitive data without clear ownership or lifecycle management. It is a shift that feels familiar, echoing past waves like BYOD, but this time the scale and speed are on another level.
We also explore why this is not simply a story about risk. There is a clear business driver behind this surge in AI adoption. Organizations are under pressure to control costs, reduce manual work, and get more value from their software stack. AI is stepping into that role, but it introduces new challenges around usage-based pricing, unexpected spend, and governance models that were designed for a much slower era of IT. Uri makes the case that the real issue is not adopting AI too quickly, but failing to evolve governance at the same pace.
By the end of the conversation, one idea really stayed with me. Within the next couple of years, non-human identities could outnumber human ones inside most enterprises. That raises a simple but uncomfortable question. If every actor in your system needs to be treated as an identity, how many do you actually have, and how many are you truly managing?
If this is a topic you are grappling with, I highly recommend checking out Torii’s 2026 SaaS Benchmark Report and connecting with Uri to continue the conversation. But for now, I would love to hear your perspective. Are we building the right guardrails for this new era of AI-driven access, or are we already further behind than we think?