ManitouAdvisory
Systems

You Gave Three Agents One Login

Phil Bolton · July 9, 2026 · 3 min read

A $16M SaaS company I advise turned on three agents over the past year. One codes and queues bills. One reconciles accounts and posts journal entries at close. One sweeps idle cash into a T-bill ladder. Different vendors, different jobs. The controller connected all three to NetSuite the same way, under one service login her predecessor had set up years ago and named "automation."

Last month a vendor got paid twice. The founder asked a simple question. Which agent did that? Nobody could answer. Three agents, one name in the log.

The log says "automation," not who

Every action those three agents take posts under one identity. To NetSuite, and to anyone reviewing the system later, they're a single actor doing a lot of work. When the duplicate went out, the log couldn't tell them whether the AP agent paid a bill twice or the close agent re-posted one the AP agent had already cleared. They had a full record of what happened and no way to attribute it to anyone.

This isn't a quirk of one company. Non-human identities now outnumber human ones in many enterprises by 40 to 1 or more, and most got provisioned exactly this way. NIST's agent standards work this year flagged the pattern directly: agents are commonly treated as generic service accounts, with no dedicated identity and no accountability attached to what they do.

Segregation of duties quietly collapsed

The bigger problem sits underneath the attribution gap. You separate the person who enters a bill from the person who approves it for one reason. One person doing both can move cash without a second set of eyes. That's the oldest control in finance.

When your AP agent codes the invoice and releases the payment under a single login, initiation and approval happen inside the same identity. Separation you built for humans doesn't apply, because the system sees one trusted account doing routine work. Nobody decided to switch that control off. It dissolved the moment three jobs ran through one credential.

A service account named "automation" isn't an identity. It's the place accountability goes to disappear.

Give each agent a name and a scope

Treat every agent as its own employee. Distinct login, permission set scoped to its actual job, its own line in the audit trail. The AP agent posts bills and queues payments but can't approve its own pay run. The close agent posts journal entries but can't touch AP. The treasury agent moves cash between two named accounts and can do nothing else.

Do that and the answers change. When something goes wrong, the log names the agent, and the agent's scope tells you what it could and couldn't have done. Singapore's agentic AI framework, published in January, now expects exactly this: each agent carrying a verifiable identity, plus a trail of which agent acted under whose authority.

Pull your NetSuite or QBO user list this week and count the logins that aren't people. If two agents answer to one name, you don't have automation you can audit. You have a room full of workers wearing the same badge.

Phil Bolton

Phil Bolton

Founder & Principal at Manitou Advisory

Want to talk about your finance setup?

We help growing companies build the right finance function.

Book a Call →