In Hollywood, agents earn their fat commissions by finding the best projects and locking down the best deals for their clients.Similarly, artificial intelligence (AI) agents are increasingly becoming center-stage within the realm of identity enterprise security, particularly for digital workers — promising better efficiency and lower risk in cybersecurity.
While “traditional security frameworks, designed for human users, are not equipped to manage the dynamic, often unpredictable behaviors and unique vulnerabilities of AI agents,” these agentic identity and security platforms (AISP) are quickly becoming the standard, reshaping the map for IT security, according to new findings from Aragon Research released June 4.
AI agents present “complex challenges,” according to the researcher. “Their ability to dynamically adapt and make decisions can lead to unintended consequences, data misuse, or severe security vulnerabilities if not properly overseen,” said Jim Lundy, founder and CEO of Aragon Research, as well as lead analyst on this research.Aragon Research predicted that the market for AISP is projected to grow at nearly 9% annually (CAGR). Still, threats such as "prompt injection, where malicious instructions manipulate agent behavior, or agent communication poisoning, which corrupts inter-agent interactions, are becoming increasingly prevalent," according to Aragon’s research. And the concern is growing.In addition to the usual threats, the proliferation of “shadow AI agents” may often lead to devastating data breaches and compliance failures, per Aragon Research.“Furthermore, the sheer volume of AI agents, potentially numbering in the millions within large enterprises, creates an exponential increase in machine identities that traditional identity and access management solutions struggle to govern,” said Lundy in a press release, “leading to unmanaged sprawl and over permissioning risks.”Yet, it is important not to throw out the baby with the bathwater. Aragon’s study found that AISP directly addressed advanced threats by “enabling granular, adaptive access control,” according to the research. Indeed, AISP confirms that all actions taken by an AI agent are “logged, auditable, and traceable back to its originating human user or organizational policy, thereby bridging the ‘Access-Trust Gap.’”
An In-Depth Guide to Identity
Get essential knowledge and practical strategies to fortify your identity security.
Karen “Pepper” Hoffman has been writing and analyzing IT security, financial technology and general business and technology issues for more than three decades. She lives in Olympia, Wash.
Attackers could achieve escalated SYSTEM privileges on Windows machines through the exploitation of a high-severity ASUS Armoury Crate system management software vulnerability, tracked as CVE-2025-3464, BleepingComputer reports.
