An identity security crisis looms in the age of agentic AI  

COMMENTARY: As agentic AI rapidly enters the enterprise, security teams face a moment of déjà vu: A few years ago, robotic process automation (RPA) bots spread through organizations so quickly that security teams were caught off guard, unable to properly authenticate and monitor them.

When we look at RPA implementations today, virtually all of the bots either use shared credentials or impersonate employees. It’s common to see a group of RPA bots that all use the same employee's credentials.

[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]

This approach creates a security nightmare. When multiple bots share the same identity, it’s nearly impossible to attribute actions or contain breaches. In addition, duplicated credentials offer adversaries who trade in stolen credentials additional opportunities to gain access to sensitive systems.

We're about to see the same pattern with AI agents – but faster and with greater consequences. The business push for AI implementation is even stronger than RPA, and many security teams remain unprepared.

The key difference: AI agents aren't merely deterministic bots – they possess agency. They make decisions, access sensitive data and execute transactions with minimal human oversight. This establishes them as a genuine third identity type alongside humans and traditional machines, which means they require their own identity framework.

Agents are already demonstrating how the worlds of machine identity and human identity blur and are secured. Agents are workloads that can scale on demand, communicate and work autonomously at machine speed, and get recycled immediately after completing work. They require a unique and universal workload identity.

A unique identity for each agent

Unlike RPA bots, AI agents will interact not just with applications, but with other AI agents. Each agent needs proper authentication, authorization and oversight throughout its entire lifecycle. Without proper security and identity architecture, we can't implement essential controls—including kill switches for AI agents.

The emerging model context protocol (MCP), introduced in late 2024, offers a standard framework for agent communications, but it’s not “Secure MSP” by default. Enterprises must develop comprehensive security approaches for AI agents, just as they have for their workforce technologies and customer-facing systems. And the foundation of cybersecurity is secure identity. 

An emerging security standard like the secure production identity framework for everyone (SPIFFE), which has proven effective for workload identity, can be adapted for AI agents to establish proper authentication and authorization protocols.

SPIFFE offers a universal identity that teams can use across environments, applications, and clouds, including with today’s authentication methods like API keys and access token secured by a secrets manager. With these standards in place, each agent can operate with appropriate access controls, preventing credential sharing and impersonation issues that plagued RPA deployments.

Teams should implement these five essential controls for autonomous agents:

Security architects must participate in AI agent initiatives from day one, just as they do for critical infrastructure projects. Too often, security teams join after design decisions are locked in. Architects are needed to address how agents are secured, protected from compromise, and controlled if they become unsafe.

The regulatory horizon

While specific AI agent regulations are still emerging, the European Union's AI Act offers early guidance with its risk-based approach to AI systems. As AI agents increasingly perform work traditionally done by certified professionals, we should expect certification and testing regimes to develop. Compliance frameworks like Sarbanes-Oxley will extend to AI agents that access sensitive financial data or make material changes to systems. Without proper security controls and monitoring, attestation becomes impossible.

The gap between AI adoption and security implementation is alarming. Our recent 2025 Identity Security Landscape report indicates that 82% of organizations acknowledge that AI models create cyber risks because of their access to sensitive data, yet 68% do not have security controls in place for AI and large language models. Nearly half (47%) cannot secure shadow AI usage in their environment.

Unlike the RPA wave, we have the opportunity to approach agentic AI security proactively rather than reactively. The question isn't if AI agents will proliferate throughout the organization, but when – and whether teams are prepared to respond when they do.

Kevin Bocek, SVP of Innovation, CyberArk

SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.