Human-centric IAM is failing: Agentic AI requires a new identity control plane
The race to implement agentic AI across enterprises is accelerating, promising remarkable efficiency through systems that can autonomously plan, act, and collaborate within business applications. However, this rapid deployment poses a significant risk: the lack of scalable security measures. As organizations increasingly rely on digital agents—software that behaves like human users—traditional identity and access management (IAM) systems are proving inadequate. Legacy IAM practices, which often include static roles and long-lived passwords, are ill-suited for environments where non-human identities may outnumber human ones by ten to one. This discrepancy can lead to severe security vulnerabilities, such as privilege creep and untraceable actions that could result in data breaches or operational mishaps.
To effectively harness the power of agentic AI, a paradigm shift in IAM is essential. Experts like Shawn Kanungo advocate for a new approach, emphasizing the importance of using synthetic data to validate AI workflows before granting access to real data. This strategy allows organizations to test and refine their security policies and controls in a controlled environment, mitigating risks associated with deploying agents in live scenarios. Furthermore, each AI agent should be treated as a unique entity within the identity ecosystem, requiring a verifiable identity linked to a human owner and specific business use cases. This transition involves moving away from static, long-term access roles to dynamic, session-based permissions that are granted only when necessary and revoked immediately upon task completion.
The article outlines three foundational pillars for developing a robust security architecture for agentic AI: context-aware authorization, purpose-bound data access, and tamper-evident evidence. Context-aware authorization necessitates continuous evaluation of an agent’s digital posture and operational context, ensuring that access decisions are informed and timely. Purpose-bound data access embeds security policies directly into data query processes, preventing unauthorized data usage based on an agent’s declared purpose. Lastly, establishing tamper-evident logging is crucial for maintaining auditability in a landscape where autonomous actions are the norm. By adopting these strategies, organizations can create a secure framework that supports the scaling of AI agents while minimizing breach risks. Ultimately, the success of AI operations will hinge on recognizing identity as the central control plane, allowing enterprises to thrive in an increasingly automated future.
https://www.youtube.com/watch?v=PpyTo5kNnsE
The race to deploy
agentic AI is on
. Across the enterprise, systems that can plan, take actions and collaborate across business applications promise unprecedented efficiency. But in the rush to automate, a critical component is being overlooked: Scalable security. We are building a workforce of digital employees without giving them a secure way to log in, access data and do their jobs without creating catastrophic risk.
The fundamental problem is that traditional identity and access management (IAM) designed for humans breaks at agentic scale. Controls like static roles, long-lived passwords and one-time approvals are useless when non-human identities can outnumber human ones by 10 to one. To harness the power of agentic AI, identity must evolve from a simple login gatekeeper into the dynamic control plane for your entire AI operation.
“The fastest path to responsible AI is to avoid real data. Use synthetic data to prove value, then earn the right to touch the real thing.” —
Shawn Kanungo, keynote speaker and innovation strategist; bestselling author of The Bold Ones
Why your human-centric IAM is a sitting duck
Agentic AI
does not just use software; it behaves like a user. It authenticates to systems, assumes roles and calls APIs. If you treat these agents as mere features of an application, you invite invisible privilege creep and untraceable actions. A single over-permissioned agent can exfiltrate data or trigger erroneous business processes at machine speed, with no one the wiser until it is too late.
The static nature of legacy IAM is the core vulnerability. You cannot pre-define a fixed role for an agent whose tasks and required data access might change daily. The only way to keep access decisions accurate is to move policy enforcement from a one-time grant to a continuous, runtime evaluation.
Prove value before production data
Kanungo’s guidance offers a practical on-ramp. Start with synthetic or masked datasets to validate agent workflows, scopes and guardrails. Once your policies, logs and break-glass paths hold up in this sandbox, you can graduate agents to real data with confidence and clear audit evidence.
Building an identity-centric operating model for AI
Securing this new workforce requires a shift in mindset.
Each AI agent
must be treated as a first-class citizen within your identity ecosystem.
First, every agent needs a unique, verifiable identity. This is not just a technical ID; it must be linked to a human owner, a specific business use case and a software bill of materials (SBOM). The era of shared service accounts is over; they are the equivalent of giving a master key to a faceless crowd.
Second, replace set-and-forget roles with session-based, risk-aware permissions. Access should be granted just in time, scoped to the immediate task and the minimum necessary dataset, then automatically revoked when the job is complete. Think of it as giving an agent a key to a single room for one meeting, not the master key to the entire building.
Three pillars of a scalable agent security architecture
Context-aware authorization at the core.
Authorization can no longer be a simple yes or no at the door. It must be a continuous conversation. Systems should evaluate context in real time. Is the agent’s digital posture attested? Is it requesting data typical for its purpose? Is this access occurring during a normal operational window? This dynamic evaluation enables both security and speed.
Purpose-bound data access at the edge.
The final line of defense is the data layer itself. By embedding policy enforcement directly into the data query engine, you can enforce row-level and column-level security based on the agent’s declared purpose. A customer service agent should be automatically blocked from running a query that appears designed for financial analysis. Purpose binding ensures data is used as intended, not merely accessed by an authorized identity.
Tamper-evident evidence by default.
In a world of autonomous actions, auditability is non-negotiable. Every access decision, data query and API call should be immutably logged, capturing the who, what, where and why. Link logs so they are tamper evident and replayable for auditors or incident responders, providing a clear narrative of every agent’s activities.
A practical roadmap to get started
Begin with an identity inventory.
Catalog all non-human identities and service accounts. You will likely find sharing and over-provisioning. Begin issuing unique identities for each agent workload.
Pilot a just-in-time access platform.
Implement a tool that grants short-lived, scoped credentials for a specific project. This proves the concept and shows the operational benefits.
Mandate short-lived credentials.
Issue tokens that expire in minutes, not months. Seek out and remove static API keys and secrets from code and configuration.
Stand up a synthetic data sandbox.
Validate agent workflows, scopes, prompts and policies on synthetic or masked data first. Promote to real data only after controls, logs and egress policies pass.
Conduct an agent incident tabletop drill.
Practice responses to a leaked credential, a prompt injection or a tool escalation. Prove you can revoke access, rotate credentials and isolate an agent in minutes.
The bottom line
You cannot manage an
agentic, AI-driven future
with human-era identity tools. The organizations that will win recognize identity as the central nervous system for AI operations. Make identity the control plane, move authorization to runtime, bind data access to purpose and prove value on synthetic data before touching the real thing. Do that, and you can scale to a million agents without scaling your breach risk.
Michelle Buckner is a former NASA Information System Security Officer (ISSO).
Read more from our
guest writers
. Or, consider submitting a post of your own! See our
guidelines here
.
