Every agent-discoverable app is a new identity in your tenant.
There is a shift most software founders are racing to get ahead of: making their products discoverable to AI agents, not just humans. It is real, and it is a good thing. But it has a second-order consequence nobody selling it mentions, and it lands in every Microsoft 365 tenant an MSP manages.
Every new agent is a new non-human identity
When a SaaS product exposes itself to agents, it does so with credentials. An MCP server authenticates. An agent-to-agent hand-off carries a token. An "agentic commerce" flow acts on someone's behalf. Each of those is a non-human identity, with permissions, sitting inside the tenant that connected it.
Multiply that across every app your clients switch on, every Copilot extension, every third-party AI connector an employee wires up because it "just needed read access to the calendar," and you get the fastest-growing, least-watched population in the tenant. Machine identities already outnumber humans ~45 to 1 on Gartner’s estimate, and some vendor telemetry runs as high as 144 to 1, up 44% in a single year.1 The agent-discoverability wave pours fuel on exactly that fire.
Here is the uncomfortable part for the tooling meant to catch it. Microsoft's own discovery leans on naming conventions to classify what it sees. The whole point of the new protocols is that anyone can publish an agent, named anything, from any vendor. A connector called acme-gpt-connector or a service principal called svc-openai-prod-07 does not announce itself as an AI agent. It just quietly holds Files.Read.All and waits.
1 Gartner (analyst estimate, ~45:1); vendor telemetry: Entro Labs, NHI & Secrets Risk Report (H1 2025), 144:1. The Model Context Protocol (MCP) was introduced by Anthropic in late 2024 and has since been adopted across the major AI platforms. Market-size figures quoted elsewhere for the agent economy are third-party projections; this piece keeps them qualitative.
The trend and the tool are the same story
This is why the agent-discoverability wave is not a threat to fear but a market to serve. The more the software world races to be orchestrated by agents, the more non-human identities appear inside the Microsoft 365 tenants MSPs already manage. Someone has to see them, score them and govern them. That someone is the MSP.
Sabiki AIRM discovers every AI agent and non-human identity in a client tenant by behaviour and real Microsoft Graph permissions, not by name. So the third-party and non-conforming agents a naming-based scan misses, the ones the discoverability wave is creating by the thousand, get surfaced, scored against an independent NHI Risk Score, mapped to their blast radius, and handed back to your team with a fix. Agentless, read-only, and additive to Microsoft rather than a replacement for it.
What this means for MSPs, practically
The founders reading the "new SEO" essays are optimising to be found by agents. Your clients are the ones absorbing the identity sprawl that creates. That gap is a service line.
- Name the risk before it bites. Run a read-only assessment on a client tenant and show them how many AI and non-human identities already exist, and how many are over-permissioned or dormant. Most owners have never seen the number.
- Turn it into recurring governance. Continuous monitoring, a quarterly posture review, and an independent score the client can take to the board. Priced per tenant, delivered as a managed service.
- Be the adult in the room. As agentic commerce and agent-to-agent workflows arrive, the MSP who already governs the identity layer is the one clients trust to say yes to the next AI thing, safely.
The software industry is busy making itself legible to machines. The MSPs who win the next few years will be the ones who make that new machine population legible to their clients.
See the identities the agent wave is creating.
Register free and run one read-only NHI Risk report on any Microsoft 365 tenant, and see every AI identity and what it can reach.
Free NHI Risk Score →