Enterprise AI agents deployed outside IT governance are generating long-lived API keys, OAuth tokens, and service account credentials that persist indefinitely without audit or revocation, creating a dormant privileged access surface across Salesforce, Snowflake, GitHub, Gong, Slack, and MCP server integrations. Token Security’s Agentic Pulse dataset reports 65.4% of deployed agentic chatbots have never been used since creation, yet their credentials remain active. This is a structural IAM governance gap, not a discrete CVE, but the risk profile — dormant over-permissioned credentials in production systems — is identical to the Icarus/Klue attack pattern confirmed this same week.