Are you ready for the era of agentic AI? Businesses are racing to deploy systems that can plan, take action, and collaborate like never before. But amidst this automation frenzy, one crucial aspect is often neglected: scalable security. We are introducing a workforce of digital employees into our systems without providing them with a secure way to access data and perform tasks without posing significant risks.
The issue lies in the fact that traditional identity and access management (IAM) systems, designed for humans, struggle to accommodate agentic AI at scale. Static roles, long-lived passwords, and one-time approvals are ineffective when non-human identities outnumber human ones. To fully leverage the power of agentic AI, identity needs to evolve from a basic gatekeeper to a dynamic control plane that oversees your entire AI operation.
“The fastest path to responsible AI is to avoid real data. Use synthetic data to prove value, then earn the right to touch the real thing.” — Shawn Kanungo, keynote speaker and innovation strategist; bestselling author of The Bold Ones
Why your human-centric IAM is a sitting duck
Agentic AI behaves like a user, not just software. It authenticates, assumes roles, and interacts with APIs. Treating these agents as mere application features opens the door to invisible privilege escalation and untraceable actions. A single over-permissioned agent can cause data breaches or trigger incorrect processes at lightning speed, often without detection until it’s too late.
The static nature of legacy IAM systems is a significant vulnerability. You can’t pre-define fixed roles for agents whose tasks and data access requirements change constantly. The key to maintaining accurate access decisions is to shift from one-time authorizations to continuous, real-time evaluations.
Prove value before production data
Following Kanungo’s advice is a practical approach. Start by validating agent workflows, scopes, and safeguards using synthetic or masked datasets. Once your policies and logs are robust in this controlled environment, you can confidently transition agents to real data with clear audit trails.
Building an identity-centric operating model for AI
To secure this new workforce, a mindset shift is needed. Each AI agent must be treated as a primary entity within your identity ecosystem.
First, every agent requires a unique, verifiable identity linked to a human owner, a specific business use case, and a software bill of materials. Shared service accounts are outdated and risky, akin to handing out a master key to an anonymous crowd.
Second, replace static roles with session-based, risk-aware permissions. Grant access just-in-time, limited to the immediate task and essential data, and automatically revoke it upon task completion. Think of it as providing an agent with a key to a single room for a specific meeting, rather than a master key to the entire building.
Three pillars of a scalable agent security architecture
Context-aware authorization at the core. Authorization must evolve from a binary yes or no decision to a continuous dialogue. Systems should evaluate context in real-time, considering factors like the agent’s digital posture, requested data, and operational timing. This dynamic evaluation balances security and efficiency.
Purpose-bound data access at the edge. The ultimate defense is at the data layer. By integrating policy enforcement directly into the data query engine, you can enforce granular security based on the agent’s intended purpose. This ensures data is used appropriately, not just accessed by an authorized identity.
Tamper-evident evidence by default. Auditability is crucial in a world of autonomous actions. Every access decision, data query, and API call should be securely logged, capturing all relevant details. Log links should be tamper-evident and replayable, providing a comprehensive record of each agent’s activities.
A practical roadmap to get started
Begin with an identity inventory. Identify and catalog all non-human identities and service accounts, addressing any sharing or over-provisioning issues by assigning unique identities to each agent workload.
Pilot a just-in-time access platform. Implement a tool that issues short-lived, scoped credentials for specific projects. This validates the concept and showcases operational benefits.
Mandate short-lived credentials. Issue tokens with short expiration times to enhance security. Remove static API keys and secrets from code and configurations.
Stand up a synthetic data sandbox. Test agent workflows, scopes, and policies using synthetic or masked data before transitioning to real data. Ensure controls, logs, and egress policies are effective.
Conduct an agent incident tabletop drill. Practice responses to potential security incidents like leaked credentials or unauthorized actions. Demonstrate your ability to revoke access, rotate credentials, and contain breaches swiftly.
The bottom line
Human-centric IAM tools are inadequate for managing an AI-driven future. Identity must become the central nervous system of AI operations. Elevate identity to the control plane, implement runtime authorization, tie data access to purpose, and validate on synthetic data before engaging with real data. By adopting these practices, you can scale to a million agents without increasing breach risks.
Michelle Buckner is a former NASA Information System Security Officer (ISSO).
Read more from our guest writers. Or, consider submitting a post of your own! See our guidelines here.
