Identity security for AI agents: The proliferation challenge

Identity security and AI agents

AI agents represent a dramatic expansion of the enterprise attack surface. There are multiple layers to any technology stack for AI agent security. For example, teams need AI security posture management to counter model poisoning and prompt injection attacks, data security posture management to ensure the right data reaches the AI infrastructure, and data loss prevention and insider risk protection.

Any AI agent security strategy needs to be built on a solid identity security foundation for AI agents to deliver management, security and governance.

Identity teams have a unique perspective on AI agents. They already manage identity and access management (IAM) for human identities and nonhuman identities (NHIs), and are now responsible for managing and securing AI agent identities. So, how can they build an effective program to manage those identities, too?

AI agents: NHIs or something else?

At first blush, an AI agent is another type of NHI, alongside service accounts, API keys and OAuth tokens. But dig deeper and they have significant differences.

NHIs are mostly deterministic -- use input X, and consistently get output Y. And NHIs typically cannot make decisions and act. AI agents, on the other hand, are nondeterministic. Use input A, and you might get different outputs -- B1, B2 or B3 -- depending on the circumstances. AI agents work 24/7 and take whatever steps necessary -- within some guardrails -- to achieve their goals.

Omdia research found that a slight majority of identity leaders consider AI agents a distinct category of identity rather than another type of NHI, and I expect that perception will grow over time.

AI agent proliferation

The research found that AI agents are being deployed in nearly every function across the enterprise with a variety of use cases, from supporting IT ops to streamlining sales and marketing. AI agents are being prioritized for deployment in the cloud, in SaaS environments and on endpoints.

Omdia asked identity security leaders how many distinct AI agent projects, workflows or deployments -- each involving a multitude of agents -- they were involved in. The answer was surprising: 22. The number of projects for midmarket companies (<1000 employees) was slightly lower (16). But that is still a hefty number of projects, and identity teams will need consistent management, governance and identity security policies and processes to support them.

The AI agent identity imperative: Enabling AI agent adoption

Identity teams have frequently had the undeserved reputation of being "Team No" within their organizations. The perception is that IAM teams slow down projects due to compliance, governance and identity security concerns.

Identity teams now have an opportunity to be "Team Yes" and help accelerate AI agent projects through consistent, scalable management and governance. Laying down common IAM "railroad tracks" along which a multitude of AI agent projects can run will improve scalability, business velocity, security and compliance posture. Getting ahead of the problem now will help control against tool fragmentation in the future.

Solving the identity security problem requires multiple core capabilities:

• Visibility of agents across the enterprise. This includes cloud -- Amazon Bedrock, Google Gemini Enterprise Agent Platform (formerly Vertex AI), Microsoft Copilot Studio, etc.; SaaS -- Salesforce Agentforce, Workday agents, etc.; endpoints -- Cursor, Claude Code, copilots, etc.; and points in between. Visibility requires an inventory that includes human creators and owners, as well as observability to understand what agents are doing and whether they are drifting from their intended state.
• Fine-grained access controls ensure agents are granted the minimum permissions required to perform their tasks. Policies need to be context-aware and adapt to factors such as task scope and risk level to reduce the risk of misuse and limit the incident blast radius.
• Governance extends human identity governance and administration to AI agents. It enforces policies around who or what can create, approve and manage agent identities and their entitlements. This aligns AI agent access with organizational policies, compliance requirements and risk management frameworks and helps control against agent drift.
• Lifecycle management for agents, from creation and onboarding to modification and decommissioning. This avoids orphaned or stale identities from becoming security risks and enables teams to terminate anomalous behavior inconsistent with agent intent.

This is a fast-moving space. The questions practitioners were asking six months ago are different from those they ask today.

In addition to the above core capabilities, adjacent identity security capabilities will emerge over time and with experience. For example, identity threat detection and response and identity security posture management need to cover AI agents alongside existing human identities and NHIs. In addition, identity verification for the human owner of an AI agent will become increasingly important in an era of AI deepfakes. The list will grow.

Established platform players -- including Cisco, CrowdStrike, Microsoft, Okta, Palo Alto Networks and CyberArk, Ping Identity, SailPoint and Saviynt -- are expanding their existing identity security offerings to cover AI agent identity security. Cloud service providers -- AWS, GCP and Azure -- are securing AI agent identities in their environments and beyond. There is also a host of new and emerging players, such as Aembit, Andromeda Security, AppViewX, Barndoor AI, BlueFlag Security, C1, Entro Security, Keycard, Natoma, Oasis Security, Silverfort, Token Security and Teleport.

Adequately securing and managing AI agent identities will require multiple identity tools to accommodate diverse use cases. AI agents are evolving at an astounding pace. Identity security for AI agents is nascent and moving quickly, and identity issues and standards are still emerging.

Enterprises need to take steps now to avoid having the search for perfection be the enemy of the good. That translates into understanding the risks associated with AI agents' identities and then beginning the journey to mitigate them, rather than falling into analysis paralysis.

An existing vendor might have a strong enough tool today, or teams might need to explore an emerging player's offerings. CISOs and their teams should start by assessing their organization's risks, priorities and requirements. Then look for a tool or tools that work today and can grow as organizational needs evolve to maintain strong identity security for the AI agent fleet.

It is an amazing time to work in identity; the dynamism makes your head spin! If you are a new technology player solving an interesting new identity or data security problem, or an innovative approach to an existing challenge, I would like to hear about it. You can reach me via LinkedIn.

Todd Thiemann is a senior analyst covering identity access management and data security for Omdia. He has more than 20 years of experience in cybersecurity marketing and strategy.

Omdia is a division of Informa TechTarget. Its analysts have business relationships with technology vendors.