A structural gap in OAuth 2.1 and JWT (RFC 9068) standards means AI agents operating in enterprise environments use standing, human-borrowed credentials that downstream systems cannot distinguish from legitimate human access — producing audit trails that are incomplete by design. This creates orphaned agent identities, silent privilege escalation in multi-agent chains, and a detection gap that existing PAM, IGA, and SIEM tooling was not designed to address. CrowdStrike Falcon Identity has announced continuous monitoring for AI agent identities as a detection-layer response.