Marionettes and ghosts: The AI agent identity problem

A payment is approved, a customer record is updated and a policy exception is cleared. Taken at face value, nothing seems out of place. The work gets done, quickly, consistently and at scale. But when we step back for a moment and take a closer look, one question emerges: Who’s actually doing the work?

An important question: Who’s accountable?

This question is significant and will matter even more than many organizations realize.

For the past two years, most enterprise AI conversations have centered on productivity. The focus has been on deploying better copilots, enabling faster workflows, reducing manual effort and delivering more output from the same teams.

But while that focus creates value, it is only one part of a much bigger story. AI agents are not just chat interfaces with better prompts. They can pull in context, call tools, trigger actions, work across systems and complete multistep tasks with limited human involvement. That’s what makes them useful, but it’s also why we need to shift the conversation to one of risk management.

At some point, we must stop asking only whether these agents are helpful. We also need to determine what exactly we allow these systems to do.

Identity: The real issue

The AI agents we introduce into the workplace are autonomous entities that can act with enough independence to resemble a human worker.

Most enterprise security models still assume that the actor behind access is human, reasonably predictable and straightforward to trace. Agents don’t fit that model neatly. They can operate at machine speed, move across services quickly and behave in ways shaped not just by permissions but also by prompts, data, tools, memory and runtime conditions.

That’s not a reason to slow AI adoption down; it is, however, a reason to put stronger security foundations in place.

Here’s a useful way to frame the identity problem: Is an agent a marionette or a ghost?

Marionettes and ghosts: The difference matters

As set out in an NTT DATA guide, Marionettes and ghosts: Security considerations when AI agents join your workplace, a marionette acts through a human identity, borrowing that person’s access and authority. A ghost, on the other hand, is defined as a distinct digital identity, with permissions scoped to its own role.

That distinction is important because the two models behave very differently at scale.

Take something as ordinary as an invoice agent. If it inherits a finance leader’s full permissions, it may be able to see records and settings it was never meant to access. Assign that same agent its own governed identity, limited to reading pending invoices and writing approved records, and the risk profile changes immediately. This is not a superficial difference; it is the contrast between borrowed power and bounded authority.

Autonomy without context is risk

There is no one-size-fits-all model here. A low-risk internal workflow is not the same as an agent accessing payments, regulated records, customer data, HR actions or production systems. AI leaders are usually not the ones making the fastest progress; they’re the ones that understand where autonomy helps, where it needs guardrails and where human checkpoints remain critical.

The question now is whether organizations will build that governance before scale creates a larger problem than the one AI was meant to solve.