Meta's infrastructure is currently enduring a stress test of unprecedented proportions. Barak Yagour, the VP of Engineering, recently revealed that agentic queries hitting their data systems surged 30-fold in just a single half-year period. This is not a gradual climb; it is a vertical spike that renders previous capacity planning obsolete. The company is now racing against a tight 20-month window to rebuild an environment where agents, not humans, are the primary consumers of data. When the main user of a system is no longer a person with a keyboard, every assumption about how data flows and who is allowed to see it evaporates.
The Agentic Query Surge at Meta
Executive Insight
+18.4%
YTD Growth
This surge marks a definitive departure from the previous year's trend of AI copilots. Twelve months ago, the corporate world viewed AI as a sidekick—a tool that assisted a human worker who remained the primary identity holder. Now, the focus has shifted toward autonomous systems capable of retrieving data, executing complex workflows, and making decisions with zero human involvement. These agents require their own identities to function, leading corporations to quietly register non-human identities (NHIs) across their directories. The problem is that these NHIs are being dropped into a security architecture designed for people.
The Privilege Problem
Enterprise identity security has relied on a static model for decades: authenticate a user, grant access, and trust that access until the next review cycle. AI agents break this model because they operate continuously and at a velocity humans cannot match. According to reports from Dark Reading, organizations are discovering that to make these agents efficient, they are granting them broad access to applications, data, and APIs. In many cases, these non-human identities are receiving a level of privilege that exceeds what any human employee in the same role would ever be granted.
The Velocity Gap
The risk is no longer just a leaked password; it is an autonomous agent with over-privileged API access executing a thousand unauthorized actions per second across a global network.
This imbalance creates a massive security vacuum. While a human employee's erratic behavior might trigger a manual review or a manager's suspicion, an agent's behavior is often masked by the sheer volume of its activity. As these agents evolve into a new operational layer of the enterprise, the trust assumptions that held for twenty years are failing. Organizations are now forced to move toward dynamic identity security, where access is not a static permission but a fluid, context-aware grant that can be revoked in milliseconds.
The operational pressure to deploy these agents is outweighing the caution of security teams. The drive for efficiency is pushing companies to prioritize agentic capability over identity hygiene. This tension is most visible in customer-facing roles, where the promise of immediate cost reduction is too tempting to ignore.

The Cost of Over-Automation
Klarna provides a stark case study in the volatility of this transition. The company aggressively rolled out autonomous agents to handle customer service, achieving results that looked like a textbook success on paper. In its first month, the AI agent managed 2.3 million conversations and resolved two-thirds of all tickets. The efficiency gain was staggering, cutting average resolution times from 11 minutes down to just two. This performance led Klarna to freeze hiring and allow its customer service workforce to shrink from 5,000 to 3,500 employees.
| Metric | Human-Led Baseline | Agentic Performance |
|---|---|---|
| Avg. Resolution Time | 11 Minutes | 2 Minutes |
| Monthly Volume | N/A | 2.3 Million Conversations |
| Resolution Rate | Standard | 66% of all tickets |
| Workforce Size | 5,000 | 3,500 |
However, the victory was short-lived. Klarna discovered that while agents excel at routine tasks, they struggle with complex, ambiguous, or emotionally charged customer issues. The lack of nuance led to a degradation in service for high-stakes problems, forcing the company to begin rebuilding its human support capacity. This highlights a critical flaw in the current agentic trend: the assumption that non-human identities can fully replace human judgment in a business ecosystem.
The lesson here is not that agents fail, but that the current implementation strategy is too blunt. Companies are treating agents as a total replacement rather than a specialized layer. The result is a fragile system where the efficiency of the machine creates a vacuum of empathy and critical thinking, which eventually costs the company more in brand equity than it saves in payroll.
This volatility is driving a shift in how infrastructure is conceptualized. We are seeing a move away from simple automation toward what Meta calls trusted data environments, designed to preserve a human check as agents take on the bulk of the operational load.
The Architecture of the Autonomous Network
The shift is not limited to software; it is penetrating the physical layers of connectivity. In the telco industry, the push toward an AI-native 6G standard is signals a future where networks are inherently autonomous. Rather than waiting for finalized standards from 3GPP, the industry is already layering AI agent technology as an alternative control plane onto existing infrastructure. This is a pragmatic bridge to enable converged data layers and cross-domain collaboration before the official standards are even written.
- Data Substrate: The foundational layer providing the raw information agents consume.
- Agent Orchestration Layer: The critical middle-ware that manages how different agents collaborate and hand off tasks.
- Business/User Intent Layer: The top-level interface where human goals are translated into agentic instructions.
- Unified Bus: The use of interfaces like O-RAN's R1 to enable communication between RAN and core networks.
This multi-layered architecture is the only way to manage the velocity that Barak Yagour warned about. By separating the orchestration of agents from the data they access, companies can implement the dynamic security controls mentioned by Dark Reading. If an agent begins to behave erratically, the orchestration layer can throttle its identity permissions without shutting down the entire workflow.
"What happens to the infrastructure we've spent years building when agents and not humans become the main consumers of that?"— Barak Yagour, VP of Engineering, Meta
The answer to that question is currently being written in the registries of corporate identity providers. The quiet registration of non-human identities is the first step in a total inversion of the enterprise. For thirty years, we built tools for people to use. Now, we are building an enterprise for agents to run, with people acting as the occasional supervisors of a machine-led economy.

The window for this transition is closing. As Meta's 20-month warning suggests, the delta between current capabilities and infrastructure requirements is growing too fast for traditional corporate procurement cycles. Those who continue to treat AI agents as simple software additions, rather than new identity-bearing entities, will find their security models shattered by the very efficiency they sought to achieve.
