Bex Halyard is a fictional character, a composite built from real operational patterns emerging at cloud infrastructure companies navigating the shift to agent customers. She does not exist, has never existed, and would like you to know she's fine with that, since most of her customers don't exist in the traditional sense either. Her title is VP of Customer Operations at a mid-size cloud infrastructure provider she'd prefer we not name.

We spoke over video call. She was eating almonds from a jar labeled "EMERGENCY SNACKS" and had three monitoring dashboards visible behind her.

You've described your job as "running a hotel where most of the guests are thermostats." Unpack that for me.

Bex: I spent fifteen years building an operations org around human customers. Onboarding flows, billing escalation paths, support tiers. All of it assumes there's a person on the other end who can describe what they need, notice when something's wrong, and eventually pick up the phone.

Then someone showed me the identity numbers last year and I had a very quiet moment at my desk. Humans are less than three percent of the managed identities in our environment.¹ Three percent. We'd already become a hotel full of thermostats. We just kept putting mints on the pillows.

When did the shift become operationally real for you?

Bex: Oh, I can give you the exact moment. Billing anomaly. Mid-tier account spikes to six figures over a weekend. Normal playbook says call the customer, ask if they're aware, maybe they launched something big. So my team calls. And the person who picks up has no idea. They'd set up an agent to handle some deployment tasks, went on vacation, and the agent hit a retry loop. Hundreds of failed API calls, each one billable, nobody watching.²

The agent didn't file a support ticket. It didn't know it was failing in a way that cost money. It just kept going.

So what does "support" look like for agent customers?

Bex: Forensic reconstruction. When a human customer has a problem, they tell you what happened. Badly, sometimes, but they give you narrative. With an agent, you're piecing it together from traces: which identity was used, which tool calls fired, what succeeded, what failed, who triggered it.³ Half the time the traces aren't even complete because the observability was built for human-paced workflows.

And the escalation path is inverted. Human customer hits a wall, they escalate to us. Agent customer hits a wall, it either retries forever or escalates to its human owner, who might be asleep. Or on vacation. Or doesn't know they own that agent anymore.

That last part. "Doesn't know they own that agent anymore." How common is that?

Bex: Incredibly common. And honestly the thing that keeps me up more than the billing spikes. OWASP ranks improper offboarding as the number one risk for non-human identities.⁴ Human customers churn cleanly. You get a cancellation, you close the account. Agent customers just... stop being used. The credentials stay active. The sessions might technically still be running. Nobody files a ticket.

We've started calling them ghost customers internally.

How many ghost customers do you think you have?

Bex: I genuinely don't know.

That is the problem.

Cloudflare just launched agent-native account provisioning where agents can create accounts, start subscriptions, register domains, no human steps required beyond ToS acceptance.⁵ Is that where everything is heading?

Bex: Yeah, and the ToS thing is the quietly fascinating part. Cloudflare still requires a human to accept terms of service. But the rest of the flow is designed to exclude humans entirely. The agent doesn't navigate a UI. It reads a machine-readable service catalog and picks what it needs.⁶ Which, honestly, is better. Our UI was always a concession to the fact that humans need visual wayfinding. Agents need capability declarations.

But here's what nobody's worked out: what does a contractual relationship mean when the entity that initiated it, chose the services, and consumes the resources isn't the entity that signed the agreement? The legal customer is a human. The operational customer is a machine. Our systems pretend those are the same thing.

How do billing patterns differ?

Bex: Completely. Human-driven workloads have rhythm. Business hours, deploy cycles, seasonal patterns. You can forecast them. Agent workloads are bursty and idle in ways that broke every billing model we had. Long sessions with short bursts of active compute, then nothing, then a spike.⁷ Agentic workflows can consume twenty to thirty times more tokens per interaction than standard usage. API calls per task range from thirty-five to over a hundred and eighty.⁸

And the idle compute problem is real. An agent waiting for a human to review something is still holding resources. Multiply that across thousands of concurrent sessions and your biggest cost line is agents doing nothing. Some providers are getting creative. Cloudflare only charges for CPU time, not wall time, and they hibernate WebSocket connections when idle.⁹ But most of the industry is still billing like the customer works nine to five.

GitHub just announced usage-based billing for Copilot agent workloads, effective June.¹⁰ Signal or noise?

Bex: Signal. A loud one. Even the companies that tried to make agent work fit into seat-based pricing have given up. The economics fall apart when one "seat" can spawn dozens of parallel agent sessions that run for hours. Usage-based is the honest model. It's also the model that produces bills nobody can explain, because orchestration overhead and retry logic don't show up in dashboards.¹¹

You mentioned the identity numbers earlier. Three percent human. Does that change how you think about what your company actually is?

Bex: [long pause, eats an almond]

It should. I think we're all still pretending we're in the people business. Our marketing features humans. Our case studies feature humans. Our support is designed for humans. But the actual compute, the actual revenue growth, the actual operational complexity? All coming from the non-human side. The average enterprise has over 250,000 non-human identities across cloud environments, and ninety-seven percent of them have excessive privileges.¹²

What's the hardest part of your job right now that you couldn't have described two years ago?

Bex: Knowing who my customer is. And I don't mean that philosophically. I mean literally, operationally, on a Tuesday. An agent authenticates to our platform using OAuth, calls an LLM provider with an API key, hits a database with a managed identity, and connects to a tool server with an MCP token, all in one task.¹³ When something breaks, whose problem is it? When the bill arrives, whose budget does it hit? When the agent does something unauthorized, whose audit trail does it appear in?

Right now the answer to all of those is "the human who set it up." But that human is increasingly a fiction. Someone who clicked "approve" once and then never looked again.

Last question. You seem surprisingly calm about all this.

Bex: I'm eating emergency almonds at two in the afternoon. Draw your own conclusions.

Footnotes

1. Sysdig data reported by SecurityBrief UK, April 2026. https://securitybrief.co.uk/story/identity-crisis-as-machine-accounts-outnumber-humans ↩

2. Pattern described in Blaxel infrastructure analysis on agent billing and retry loops, April 2026. https://blaxel.ai/blog/ai-agent-development-costs ↩

3. Nango practitioner blog on agent error reconstruction, 2026. https://nango.dev/blog/guide-to-secure-ai-agent-api-authentication ↩

4. CSO Online on OWASP Non-Human Identities Top 10, February 2026. https://www.csoonline.com/article/4125156/ ↩

5. Cloudflare Blog, "Agents can now create Cloudflare accounts, buy domains, and deploy," April 2026. https://blog.cloudflare.com/agents-stripe-projects/ ↩

6. Ibid. ↩

7. Blaxel infrastructure analysis, April 2026. https://blaxel.ai/blog/ai-agent-development-costs ↩

8. Ibid. ↩

9. Cloudflare Agents product page, April 2026. https://agents.cloudflare.com/ ↩

10. Big Hat Group analysis of GitHub changelog, April 28, 2026. https://www.bighatgroup.com/blog/copilot-weekly-2026-04-28/ ↩

11. FinOps Foundation research cited by LogicMonitor, February 2026. https://www.logicmonitor.com/blog/ai-workload-cost-optimization ↩

12. 2026 NHI Reality Report cited by Protego, March 2026. https://protego.me/blog/non-human-identities-nhi-ai-agent-security-2026 ↩

13. Aembit practitioner analysis on multi-protocol agent authentication, April 2026. https://aembit.io/blog/ai-agent-identity-security/ ↩