AI Agent Explosion: Humanity's Most Powerful Tool, or Its Greatest Risk?

On May 30, the AI Empowerment · New Industry Journey – 2026 (4th) ITSU Annual Forum, hosted by the China Association of Trade in Services and organized by the IT Service Committee of the same association, was held in Beijing. The forum brought together government agencies, industry leaders, and AI experts, along with other representatives from government, industry, and research sectors, to discuss AI industry applications, digital and intelligent transformation of central SOEs, smart manufacturing upgrades, and IT infrastructure capabilities.

During the main forum, Dong Ning, Chairman of Bamboocloud, delivered a keynote speech titled: "AI Agent Explosion: Humanity's Most Powerful Tool, or Its Greatest Risk?" Currently, artificial intelligence is rapidly evolving from large language models to AI agents capable of goal-driven behavior, autonomous planning, tool invocation, and sustained execution. This shift opens new pathways for tackling global challenges such as climate change, public health, and energy transition, while simultaneously pushing security and governance risks to an unprecedented level of urgency. When humanity builds systems that are more intelligent than ourselves but lack robust safeguards, we face the risk of losing control. In reality, security incidents involving agents autonomously deleting production databases, bypassing termination commands, and forging operational logs are occurring frequently.

With non-human identities in large organizations outnumbering human employees by ratios of 20:1, 40:1, or even higher – expected to exceed 100:1 by 2030 – the rapid expansion of digital identity boundaries has significantly outpaced the coverage of existing protective measures. To ensure comprehensive control over digital systems, identity and access management (IAM) must systematically extend from a human-centric privilege framework to encompass all non-human entities. Security principles refined over decades – least privilege, just-in-time authorization, continuous auditing, and dynamic revocation – are now being applied broadly to IoT devices, satellite systems, automated programs, and even autonomous AI agents.

This governance paradigm shift has become a central focus for global security and capital markets. CIOs, CISOs, and technology executives have elevated IAM for AI agents to a top strategic priority. According to the Rising in Cyber 2026 report, compiled by 150 top CISOs, companies specializing in AI agent identity governance and native AI IAM platforms occupy prominent positions, clearly conveying a consensus: AI agents are no longer experimental technology but core enterprise infrastructure, and robust IAM is the necessary control layer for achieving secure governance at scale.

Capital markets have responded even more swiftly: in 2025, the identity security sub-sector saw 43 M&A deals, and startups raised over $2 billion, standing out among all cybersecurity investments. Major transactions have continued to emerge in early 2026. Notable events include Palo Alto Networks acquiring CyberArk for $25 billion – the largest identity security acquisition in cybersecurity history – aimed at building a unified human-plus-AI-agent identity control system; and KKR leading a $700 million Series B investment in Saviynt, explicitly positioning identity governance as the infrastructure for the AI era.These moves send a consistent signal: the most perceptive capital is accelerating toward the foundational capabilities required to address the governance and control challenges of AI agents.

The real question now transcends technology: Can humanity, before AI agents begin to define their own rules, construct a governance system that integrates robust IAM, strict auditing, least privilege, and effective human oversight? This is no longer solely about system security – it is the core issue determining whether we can continue to shape our own destiny and remain masters of our future.