Managing identities in the agentic AI era

If your organisation is grappling with how to align the traditional rules of security designed for human accounts with those needed for AI agents, you’re not alone. 

 

Central to this challenge is ensuring that these agent identities don’t create a security black hole into which your company’s proprietary IP, financial data, customer information, employee records and other critical assets disappear. This is the era in which trying to squeeze the old rules of authorisation and access won’t cut it anymore.

 

Systems for human users relied on knowing who you are and what you’re doing. They were built around predictable patterns of behaviour, working hours and access needs. But they were never designed for the identities and lifecycles of virtual AI agents, which communicate and operate in different ways. 

 

As organisations race to deploy agentic AI for productivity gains, many are sleepwalking into serious security vulnerabilities without proper processes for managing these digital identities. The time to address this risk is now.

 

Human identity rules don’t work for AI agents

Traditional identity management assumes a relatively stable relationship between users, their roles and their access requirements. A finance manager logs in during business hours, accesses specific applications and works within defined parameters. The identity framework is built around this predictability.

 

AI agents operate entirely differently. You may very soon be giving a virtual laptop or desktop to an agentic AI, and it will be their device performing tasks on behalf of your organisation. These agents work in dynamic, unpredictable contexts rather than following set patterns. They might need access to multiple data sources across the network, spin up and down as required, and operate continuously without the natural boundaries that human working patterns provide.

 

This creates significant risks around overprovisioned access. When an agent requires broad permissions to complete its tasks, there’s a greater chance of privileges being misused. Unlike a human employee who can exercise judgment about whether they should access certain information, an AI agent will access whatever it’s been granted permission to reach. If those permissions are too broad, the potential for damage increases.

 

The auditing challenges are significant. With human accounts, you can track login times, review access patterns and identify anomalies relatively easily. But when you have agents churning away on problems for hours or even days, accessing various data sources as needed to complete their objectives, the audit trail becomes far more complex. How do you determine what’s normal behaviour for an agent versus what represents a security incident? How do you even know which accounts belong to AI agents rather than humans if you haven’t properly identified and categorised them?

 

This isn’t entirely unprecedented. In the past, organisations dealt with service accounts – system-level accounts that applications used to access databases or email systems. These were always recognised as requiring different controls because compromising a service account meant compromising entire systems. But service accounts operated in relatively constrained ways, performing specific, repeatable functions.

 

AI agents are service accounts on a completely different scale. They’re more autonomous, more capable and potentially more dangerous if compromised or misconfigured. You can’t apply the same limited controls you used for service accounts, and you certainly can’t treat them like human users.

 

The amplified supply chain risk

The security implications become even more acute when you consider data sharing between organisations. Supply chain security has always been difficult. Partnerships and supplier connections push your security perimeter well beyond what you can directly control.

 

Now imagine AI agents operating across these boundaries. An agentic AI working for a supplier might need access to certain data within your environment to complete its tasks. But without proper visibility and controls, how do you ensure that the agent isn’t accessing information beyond its legitimate scope? How do you track where data is flowing when agents on both sides are communicating directly with each other?

 

The risks scale up rapidly. A misconfigured agent at a supplier could leak sensitive data without anyone noticing. Agents with excessive permissions might share proprietary information across systems they’ve been told to integrate with. Machine-to-machine interactions move too quickly for traditional monitoring to catch problems in real time.

 

Many organisations have been quick to enable AI capabilities because the productivity gains seem too compelling to ignore. ChatGPT can connect to your emails and integrate with OneDrive, but nobody’s asking what this means for security. The productivity gains look too good, so organisations are choosing efficiency over protection – a risky gamble.

 

Building visibility and guardrails for AI 

The foundation of managing AI agents is visibility. You cannot secure what you cannot see. Organisations need the capability to identify every physical and virtual device across their estate, including the virtual desktops and servers that AI agents are operating from.

 

This means being able to see every single device – whether that’s a traditional desktop, a laptop, a server or a virtual environment spun up specifically for an AI agent. Only with that level of visibility can you begin to categorise which devices and accounts belong to AI agents rather than human users. Without proper identification and tagging, you have no way to apply the appropriate controls.

 

Once you’ve identified which entities are AI agents, you need to implement distinct controls around them, and these need to address several key areas. First, strict access governance over what data sources each agent can reach, operating on the principle of minimum necessary access for each specific task. Second, comprehensive audit trails that track what data is accessed, where and by which agents. Third, clear boundaries around how agents interact with external systems and partners, with mechanisms to ensure agents operating across organisational boundaries are properly authenticated, authorised and monitored.

 

The challenge is implementing these guardrails without destroying the productivity benefits that made AI adoption attractive in the first place. The answer lies in building controls into your AI deployment strategy from the start, rather than retrofitting security after you’ve already given agents broad access.

 

The old rules of authorisation and identity access simply weren’t designed for this new reality. Organisations that fail to rethink their approach to identity management for the AI era are creating exactly the kind of security black hole that will inevitably lead to serious breaches. The time to address this challenge is now, before these digital entities become an unmanageable blind spot in your security posture. 

 

---

 

Jon Abbott is CEO and Co-founder at ThreatAware 

 

Main image courtesy of iStockPhoto.com and iQoncept