Software Booked It in Your Name. Good Luck Proving You Didn't.

Imagine getting a confirmation email for a hotel you never booked. The reservation is in your name. Your card was charged. But you didn't do it — an A.I. agent did. And when you try to prove it wasn't you, the system has no way to tell anyone which human, if any, actually said yes.

That gap is real, and it's growing fast

That gap is real, and it's growing fast. If you've ever let an app act on your behalf — book a flight, pay a bill, fill out a form — this already touches your life. The unsettling part isn't that A.I. makes mistakes. It's that when one acts in your name, there's often no trail leading back to a real person who approved it. So the question for today is simple but huge — when software takes an action for you, who's actually accountable? This article is part of a series — start with One Stolen Badge Shouldnt Unlock Your Whole Office Heres Wha.

Let me start with how things normally work. When a human employee does something at work — approves a payment, opens a file — there's a chain of identity stuck to that action. We can trace it to one specific person. But when an A.I. agent does the same thing, that chain often just isn't there. Why? Because most of our online systems were built to verify people, not autonomous software. Today's A.I. agents usually log in with what experts call static, phishable credentials — basically passwords and digital keys that aren't tied to any actual human. The agent proves it has a key. It never proves a person sent it. That's the trap most teams fall into. They assume strong keys equal strong security. According to security researchers at GitGuardian, that misses the real issue. A credential just proves something is real — it doesn't say what that something is allowed to do, or who authorized it. Picture a strong key that opens the front door. It doesn't decide which rooms you can enter, what you can touch inside, or whether anyone actually invited you. For you and me, that means an agent could be technically "secure" and still book things in your name with nobody on record approving it. Now here's the part that stopped me cold. Many teams give their agents shared credentials — one key used by many agents — because it's convenient. But shared keys destroy accountability completely. If that key gets misused, investigators can't tell which agent did it, whether it was malicious or just a mistake, or which human was supposed to be watching. And the speed makes it worse. These agents make thousands of access decisions every single minute. The old way of checking permissions — a quarterly audit, a yearly review — can't possibly keep up with that. How bad is the gap? One industry survey found that more than one in four engineering teams — about twenty-seven percent — gave up on standard authorization tools entirely and hand-coded their own. Nearly a third just built one-off fixes. That tells you the guardrails barely exist yet. Previously in this series: Ai Agent Identity Governance Explained.