How IAM suppliers are making ready for agentic AI
There’s a very actual sense that each organisation dabbling with synthetic intelligence (AI) – particularly, agentic AI – is heading straight into an IT safety disaster.
Richard Wainwright, discipline chief expertise officer for Europe, the Center East and Africa at Okta, says a lot of the companies he speaks to appear caught in pilots and aren’t acquiring worth from the AI investments they’re making.
“They’re constructing AI brokers utilizing a mix of API [application programming interface] keys and repair accounts, which supply long-lived credentials to offer non-human identities [NHIs] with entry to the company IT setting,” he says.
Wainwright warns that this creates a spread of issues for IT safety professionals. “It’s virtually unattainable to tie what the agent has completed again to the one that referred to as it,” he says.
One other space of concern, in keeping with Wainwright, is that if a service account is utilized by a generalist AI agent, the scope it has is huge open. “This implies it’s actually highly effective, however it could additionally break a whole lot of stuff,” he warns.
In its Workforce identification safety platforms, Q2 2026 report, analyst agency Forrester recognises the constraints of identification entry administration (IAM) for duties that many enterprises wish to streamline utilizing agentic AI.
Within the report, the Forrester notes that fashionable identification safety platforms unify authentication, authorisation, lifecycle governance and identification threat intelligence throughout human, machine and AI agent identities to ship constant, policy-driven controls at scale.
Many organisations’ use of AI and agentic AI is at a stage the place the agentic performance getting used may be very restricted and managed. Id and entry administration for AI brokers is a bit totally different to the way in which organisations handle staff.
Przemek Czarnecki, chief expertise officer at style retailer Asos, notes that whereas agentic AI shouldn’t be the identical as human identification and entry administration, it’s laborious to inform the distinction. For instance, he says: “If you’re in Groups, chances are you’ll confuse an AI agent for a human as a result of brokers within the Microsoft setting present up on Groups in the identical approach as people.”
Asos is utilizing Microsoft Copilot in section one in all its AI technique, the place staff are utilizing it to start out constructing agentic AI. “We’ve outlined a really restricted set of actions these brokers can do as a result of we need to make it possible for brokers developed by everyone can’t do hurt to the corporate,” says Czarnecki.
The style retailer is democratising the usage of AI throughout the enterprise, which doubtlessly allows IT and safety groups to grasp how individuals within the enterprise are deploying agentic AI. This is a crucial first step in putting in the precise observability instruments and dashboards.
Observing actions of AI brokers
Visibility is maybe the primary problem enterprises face when assessing the chance of introducing agentic AI into their organisations.
Amarinder Jassal, senior vice-president and world chief for pre- and post-sales engineering at Saviynt, says there aren’t any business requirements or certification authorities that may certify that an agent shouldn’t be a nasty actor, or engaged on behalf of a nasty actor, and doesn’t result in delicate knowledge being compromised, or that it has been audited and has achieved a degree of high quality assurance that makes it enterprise-ready.
Jassal says Saviynt is in search of to convey AI brokers below one umbrella to watch their behaviour. “We are attempting to convey all these brokers right into a single repository, which works fairly like a CMDB [configuration management database]. There may be one centralised repository for all of the AI brokers in your setting, whether or not they’re registered or unregistered,” he provides.
To realize this, Saviynt has developed integration with technical companions and is working with the likes of Zscaler and CrowdStrike to seize shadow elements of agentic AI.
Observability is essential as a result of even respectable makes use of of agentic AI programs can carry out duties they don’t seem to be designed for.
Chandra Gnanasambandam, government vice-president of product and chief expertise officer at SailPoint, just lately got here throughout an AI-powered mortgage processing system that had inadvertently bypassed safety measures to finish a credit score test it was not imagined to run. “The agent’s intent was to resolve a activity, and it discovered methods to take action even when it was being advised not to take action,” he says.
On this instance, Gnanasambandam says a financial institution had deployed a supervisor agent to handle the mortgage approval course of, with numerous helper brokers to carry out particular duties. One in all these brokers was tasked with performing a credit score test, but it surely was denied entry to the inner credit-checking software. It reported to the supervisor agent that it didn’t have entry to this software and so couldn’t full the duty. Nonetheless, the supervisor agent had a aim to finish mortgage purposes in three minutes, and all the opposite helper brokers had already accomplished their work.
In keeping with Gnanasambandam, the supervisor agent refused to simply accept the helper agent’s incapacity to finish its activity. As a consequence, in search of another solution to full its activity, the helper agent searched the web for vulnerabilities within the credit score threat system.
“It was making an attempt to entry a credit score threat rating and located a GitHub repository the place a developer had unintentionally left in a token that gives entry to the system. So it discovered the token and accessed the credit score threat system. The duty was full – besides it did one thing it was not imagined to do,” he says.
Monitoring agentic AI entry
This instance is illustrative of the IT governance nightmare that’s more likely to unfold as agentic AI is deployed in dwell manufacturing environments. What is evident is that AI brokers can’t merely be handled in the identical approach as human customers, and so they have the power to work round safety measures that restrict what they’re authorised to do.
Okta is recognized by Forrester as a pacesetter in IAM. It just lately up to date its Auth0 IAM instrument for autonomous brokers. The Auth0 for AI Brokers goals to handle the distinction between how software program builders write software program for human customers and when an agent is deployed to run the software program. The strategy Okta is taking reveals the challenges IAM software program suppliers wish to handle, together with usability, efficiency and scalability issues.
Conventional permission fashions have a tendency to make use of APIs to authenticate customers to purposes. However in keeping with Okta, this strategy slows efficiency in an agentic AI workflow and prevents the deployment of AI brokers in manufacturing environments, as Gareth Davies, Auth0 chief product officer, explains: “When an AI agent must entry dozens of various instruments, builders are sometimes compelled to manually hardcode API keys or construct customized authorisation logic from scratch. This impacts productiveness and exponentially will increase the chance of a breach.”
He says Auth0 for Brokers offers an impartial identification platform that securely connects brokers to any instrument, any system and any supplier, which implies builders can give attention to constructing purposes.
Relatively than treating AI brokers as person extensions, which Okta says can result in overly broad permissions or shadow identities that bypass enterprise controls, Auth0 for Brokers provides a characteristic referred to as Agent as Principal. This permits software program builders to assign distinctive identities to AI brokers, which Okta says are distinct from the customers they serve and means agent actions will be independently permissioned and audited, enabling them to function with correct oversight.
One other downside space Okta is in search of to handle with Auth0 for Brokers is the efficiency overhead incurred by fine-grained authentication (FGA) when deploying relationship-based entry management. FGA is a approach to make sure that solely knowledge the person or the agent is authorised to view is accessed after they run a search question throughout enterprise programs.
This may be achieved through the use of an AI agent that performs retrieval-augmented technology (RAG) to run a search with a permissions activity to reinforce and generate the responses it’s authorised to entry. Okta says builders have to make trade-offs: both constructing a safe system that’s too gradual to make use of, or a quick system that dangers delicate knowledge being disclosed. To beat these trade-offs, Auth0 implements a permissions index, which works fairly like a database index, for lookups of permissions knowledge. Since permissions are saved regionally in a normal database format, Okta says purposes or engines like google can question enterprise knowledge that the person or agent is authorised to entry by trying up a precomputed permissions desk.
Id and entry administration firms are taking totally different approaches to securing agentic AI programs. What is evident from the conversations Laptop Weekly has had with IAM corporations is that monitoring agentic AI is essential.
Simon Gooch, discipline CIO at Saviynt, says: “Agentic AI is essentially shadow IT again with a vengeance.” As organisations begin democratising the usage of agentic AI, Gooch urges IT and safety leaders to make sure they’ve controls in place to make it possible for the democratisation of agentic AI is predictable and the expertise is getting used sensibly inside a framework that the organisation considers protected and safe.
