A report on AI agents warns that enterprises—potentially including universities—are delegating decision rights to autonomous systems faster than governance frameworks can account for non-human authority. It argues that only a minority of organizations treat AI agents as independent identities even as a large majority report suspected or confirmed AI-agent security incidents. The core risk is framed as decision-rights delegation: agents can retrieve sensitive data, initiate workflows, and trigger financial processes without logging behavior that resembles human employee activity. For higher education IT and compliance teams, the coverage points to the need for agent-specific identity management, authorization controls, and visibility into what systems agents can access and when—before deploying agentic workflows in student services, research operations, or administrative automation.