Enterprises, large and small, are under pressure to leverage AI agent capabilities to improve business opportunities by both lowering operating costs and driving business growth. In the white paper "Identity Security: In the Critical Path for Agent Deployment," I argue that a critical path for AI agent deployment at scale includes a fundamental redesign of identity-security capabilities.Legacy identity governance platforms and processes were designed to manage human identity access by humans making decisions. Each user had to be provisioned and certified, often manually, when joining an organization, then deprovisioned upon leaving. The consequences of this record-keeping architecture include increased costs and wait time as the business grows.Enterprises have a backlog of application-integration projects. Existing processes are unable to handle the accelerating growth in the number of non-human identities, which outnumber human identities by as much as 80 to 1 today — a ratio that is projected to be 400 to 1 in a few years.To meet today's requirements, including the rapid implementation of AI agents, identity security must adopt a new architectural model based on a data lake of entitlement usage attributes. These attributes should enable every identity (human and non-human) to be registered and risk-scored, and to have policies applied that will block specific transactions while enabling others.This redesign of identity security should lead to an increase in the volume of transactions, but at a lower cost. It should also lead to higher satisfaction for stakeholders and support the concept of least privilege to improve cyber resilience.The business case for this transformation is that dynamic provisioning will lower costs while increasing capacity, a case that will ultimately be realized with a layer of continuous validation applied to privileged access management that operates in real time.Controls will be enforced by AI agents that will govern the capabilities of other AI agents operating within the enterprise, in addition to agents from third parties.AI deployment is already occurring inside many enterprises in unsanctioned and ungoverned ways, with no formal processes in place to discover, register, or manage AI agent identities. Organizations risk expanding the unknown attack surface even as they accelerate AI adoption.In such environments, identity security is not simply a control overlay for AI deployment. It is the prerequisite for scaling AI agents safely, with the policy guardrails and visibility required for enterprise use.This transformation is as much operational as architectural. Dynamic provisioning that uses activity patterns and risk scores to automate low-risk access approvals lets organizations make entitlement decisions in minutes instead of weeks. This reduces backlog, lowers transaction costs, improves stakeholder satisfaction, and applies least privilege more consistently.Just as importantly, the same model supports the automatic revocation of unused entitlements, shrinking the attack surface while reducing the manual certification burden that legacy identity processes have imposed on business leaders.The end state is a digital immune system for the enterprise. Because the restructured identity architecture will compare real-time activity to established identity patterns and trigger automated responses when deviations occur, organizations will be able detect and respond to threats in milliseconds rather than waiting minutes or hours for human review.The continuous validation of privileged access made possible by this new architecture will disrupt modern attackers before they can escalate privileges or exfiltrate data.For CISOs, revamping the identity-security architecture is not simply a technology upgrade, but a strategic operating-model shift. The goal is to move beyond legacy, compliance-driven identity processes and to define a transformation agenda built around lower operating costs, faster responses, stronger resilience, and the ability to identify, register, and govern AI agents at enterprise scale.With this model, identity security can become a core enabler of agentic AI adoption, helping organizations fund modernization through operational savings while building the digital immune system needed to protect the business in real time.Read the full white paper "Identity Security: In the Critical Path for Agent Deployment."
Identity, AI/ML, Security Architecture, Government security
Identity security: In the critical path for agent deployment
(Adobe Stock)
Jim Routh
Jim Routh serves on the Boards of Savvy Security, Accountable Digital Identity Association, and the Global Resiliency Federation. He is the former Board Chair for the Health Information Sharing & Analysis Center (H-ISAC) and former Board member for the Financial Services Information Sharing & Analysis Center (FS-ISAC). Jim is the Chief Trust Officer for Saviynt. Jim is a former CSO/CISO for American Express, DTCC, KPMG, Aetna, CVS, and MassMutual. Jim brings a vast business and technology background to the boards and senior executives and is considered a digital and cyber security industry expert and thought leader. Jim is an advisor for Wiz, Netskope, Armis, Transmit Security, Security Scorecard, Gurucul, Data Theorem, Panaseer, Legit Security, CodeZero, Picnic, and Rekin. He serves in an advisory capacity and is an investor for cyber-specific venture funds including Syn Ventures, CyberStarts, Security Leadership Capital, Ballistic Ventures, and Rain Capital. Jim is an ICIT Fellow and an adjunct faculty member, and he teaches cybersecurity at the NYU Tandon School of Engineering. Jim also mentors over 90 cybersecurity professionals and students.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds