You Gave Three Agents One Login
Phil Bolton · July 9, 2026 · 3 min read
A $16M SaaS company I advise turned on three agents over the past year. One codes and queues bills. One reconciles accounts and posts journal entries at close. One sweeps idle cash into a T-bill ladder. Different vendors, different jobs. The controller connected all three to NetSuite the same way, under one service login her predecessor had set up years ago and named "automation."
Last month a vendor got paid twice. The founder asked a simple question. Which agent did that? Nobody could answer. Three agents, one name in the log.
The log says "automation," not who
Every action those three agents take posts under one identity. To NetSuite, and to anyone reviewing the system later, they're a single actor doing a lot of work. When the duplicate went out, the log couldn't tell them whether the AP agent paid a bill twice or the close agent re-posted one the AP agent had already cleared. They had a full record of what happened and no way to attribute it to anyone.
This isn't a quirk of one company. Non-human identities now outnumber human ones in many enterprises by 40 to 1 or more, and most got provisioned exactly this way. NIST's agent standards work this year flagged the pattern directly: agents are commonly treated as generic service accounts, with no dedicated identity and no accountability attached to what they do.
Segregation of duties quietly collapsed
The bigger problem sits underneath the attribution gap. You separate the person who enters a bill from the person who approves it for one reason. One person doing both can move cash without a second set of eyes. That's the oldest control in finance.
When your AP agent codes the invoice and releases the payment under a single login, initiation and approval happen inside the same identity. Separation you built for humans doesn't apply, because the system sees one trusted account doing routine work. Nobody decided to switch that control off. It dissolved the moment three jobs ran through one credential.
A service account named "automation" isn't an identity. It's the place accountability goes to disappear.
Give each agent a name and a scope
Treat every agent as its own employee. Distinct login, permission set scoped to its actual job, its own line in the audit trail. The AP agent posts bills and queues payments but can't approve its own pay run. The close agent posts journal entries but can't touch AP. The treasury agent moves cash between two named accounts and can do nothing else.
Do that and the answers change. When something goes wrong, the log names the agent, and the agent's scope tells you what it could and couldn't have done. Singapore's agentic AI framework, published in January, now expects exactly this: each agent carrying a verifiable identity, plus a trail of which agent acted under whose authority.
Pull your NetSuite or QBO user list this week and count the logins that aren't people. If two agents answer to one name, you don't have automation you can audit. You have a room full of workers wearing the same badge.

Phil Bolton
Founder & Principal at Manitou Advisory
More from the blog
You Put a Human in Every Loop and Reviewed Nothing
Keeping a human approval step on every AI action feels safe. When the loop moves faster than the person can think, the checkpoint clears everything and catches nothing.
Your Cash Forecast Got Precise. So You Locked Up the Buffer.
AI treasury tools now claim 92% forecast accuracy, and CFOs are using that precision to sweep idle cash into yield. The other 8% still lands on the day the cash is locked up.
Your AP Agent Takes Orders From the Invoice
An invoice used to be a document your team read. Now it's input your agent obeys, and a line of hidden text can reroute a payment before anyone sees it.
Want to talk about your finance setup?
We help growing companies build the right finance function.
Book a Call →