Human-centric IAM is failing: Agentic AI requires a new identity control plane
In the rapidly evolving landscape of enterprise technology, the race to deploy agentic AI is gaining momentum, promising remarkable efficiencies across various business applications. However, amidst this automation frenzy, a critical aspect is being neglected: scalable security. As organizations increasingly rely on digital employees—AI agents that can plan, execute tasks, and collaborate across systems—ensuring secure access to data and applications is paramount. Traditional identity and access management (IAM) systems, which were designed for human users, are proving inadequate in this new context. The challenge lies in the fact that these systems often rely on static roles and long-lived passwords, which can easily become obsolete when non-human identities begin to outnumber human ones by significant margins. To harness the full potential of agentic AI, organizations must rethink their approach to identity management, evolving it from a mere gatekeeper to a dynamic control plane that governs the entire AI operation.
Shawn Kanungo, a noted innovation strategist, emphasizes the importance of using synthetic data to validate AI workflows before engaging with real data. This strategy allows organizations to test and refine their policies, ensuring that AI agents operate within defined parameters and do not inadvertently cause security breaches or operational errors. The shift towards treating AI agents as first-class citizens within the identity ecosystem is essential. Each agent should possess a unique, verifiable identity connected to a human owner and a specific business purpose, moving away from the outdated practice of shared service accounts. Furthermore, organizations need to implement session-based, risk-aware permissions that grant access based on immediate tasks rather than static roles, ensuring that agents have only the necessary permissions for their current functions.
To build a scalable security architecture for agentic AI, organizations should focus on three core pillars: context-aware authorization, purpose-bound data access, and tamper-evident evidence. Authorization must evolve into a continuous evaluation process, assessing the context of each access attempt in real time. Additionally, embedding policy enforcement directly into the data layer ensures that access aligns with the intended use of the data, thus preventing misuse. Finally, maintaining a comprehensive audit trail for every action taken by an AI agent is crucial for accountability and incident response. By taking these steps—starting with an inventory of non-human identities, implementing just-in-time access platforms, and conducting incident response drills—organizations can effectively secure their AI operations. Ultimately, embracing a robust identity management strategy is vital for navigating the complexities of an AI-driven future, allowing businesses to scale their operations while minimizing security risks.
https://www.youtube.com/watch?v=PpyTo5kNnsE
The race to deploy
agentic AI is on
. Across the enterprise, systems that can plan, take actions and collaborate across business applications promise unprecedented efficiency. But in the rush to automate, a critical component is being overlooked: Scalable security. We are building a workforce of digital employees without giving them a secure way to log in, access data and do their jobs without creating catastrophic risk.
The fundamental problem is that traditional identity and access management (IAM) designed for humans breaks at agentic scale. Controls like static roles, long-lived passwords and one-time approvals are useless when non-human identities can outnumber human ones by 10 to one. To harness the power of agentic AI, identity must evolve from a simple login gatekeeper into the dynamic control plane for your entire AI operation.
“The fastest path to responsible AI is to avoid real data. Use synthetic data to prove value, then earn the right to touch the real thing.” —
Shawn Kanungo, keynote speaker and innovation strategist; bestselling author of The Bold Ones
Why your human-centric IAM is a sitting duck
Agentic AI
does not just use software; it behaves like a user. It authenticates to systems, assumes roles and calls APIs. If you treat these agents as mere features of an application, you invite invisible privilege creep and untraceable actions. A single over-permissioned agent can exfiltrate data or trigger erroneous business processes at machine speed, with no one the wiser until it is too late.
The static nature of legacy IAM is the core vulnerability. You cannot pre-define a fixed role for an agent whose tasks and required data access might change daily. The only way to keep access decisions accurate is to move policy enforcement from a one-time grant to a continuous, runtime evaluation.
Prove value before production data
Kanungo’s guidance offers a practical on-ramp. Start with synthetic or masked datasets to validate agent workflows, scopes and guardrails. Once your policies, logs and break-glass paths hold up in this sandbox, you can graduate agents to real data with confidence and clear audit evidence.
Building an identity-centric operating model for AI
Securing this new workforce requires a shift in mindset.
Each AI agent
must be treated as a first-class citizen within your identity ecosystem.
First, every agent needs a unique, verifiable identity. This is not just a technical ID; it must be linked to a human owner, a specific business use case and a software bill of materials (SBOM). The era of shared service accounts is over; they are the equivalent of giving a master key to a faceless crowd.
Second, replace set-and-forget roles with session-based, risk-aware permissions. Access should be granted just in time, scoped to the immediate task and the minimum necessary dataset, then automatically revoked when the job is complete. Think of it as giving an agent a key to a single room for one meeting, not the master key to the entire building.
Three pillars of a scalable agent security architecture
Context-aware authorization at the core.
Authorization can no longer be a simple yes or no at the door. It must be a continuous conversation. Systems should evaluate context in real time. Is the agent’s digital posture attested? Is it requesting data typical for its purpose? Is this access occurring during a normal operational window? This dynamic evaluation enables both security and speed.
Purpose-bound data access at the edge.
The final line of defense is the data layer itself. By embedding policy enforcement directly into the data query engine, you can enforce row-level and column-level security based on the agent’s declared purpose. A customer service agent should be automatically blocked from running a query that appears designed for financial analysis. Purpose binding ensures data is used as intended, not merely accessed by an authorized identity.
Tamper-evident evidence by default.
In a world of autonomous actions, auditability is non-negotiable. Every access decision, data query and API call should be immutably logged, capturing the who, what, where and why. Link logs so they are tamper evident and replayable for auditors or incident responders, providing a clear narrative of every agent’s activities.
A practical roadmap to get started
Begin with an identity inventory.
Catalog all non-human identities and service accounts. You will likely find sharing and over-provisioning. Begin issuing unique identities for each agent workload.
Pilot a just-in-time access platform.
Implement a tool that grants short-lived, scoped credentials for a specific project. This proves the concept and shows the operational benefits.
Mandate short-lived credentials.
Issue tokens that expire in minutes, not months. Seek out and remove static API keys and secrets from code and configuration.
Stand up a synthetic data sandbox.
Validate agent workflows, scopes, prompts and policies on synthetic or masked data first. Promote to real data only after controls, logs and egress policies pass.
Conduct an agent incident tabletop drill.
Practice responses to a leaked credential, a prompt injection or a tool escalation. Prove you can revoke access, rotate credentials and isolate an agent in minutes.
The bottom line
You cannot manage an
agentic, AI-driven future
with human-era identity tools. The organizations that will win recognize identity as the central nervous system for AI operations. Make identity the control plane, move authorization to runtime, bind data access to purpose and prove value on synthetic data before touching the real thing. Do that, and you can scale to a million agents without scaling your breach risk.
Michelle Buckner is a former NASA Information System Security Officer (ISSO).
