COMMENTARY: How many security teams really know their AI agents?It’s a question more organizations must answer as they introduce agentic AI into their processes and interactions. After all, they wouldn’t give faceless, anonymous humans access to sensitive data and or let them conduct transactions. The same holds true with AI agents.[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]Organizations around the world are investing aggressively in agentic AI, with the spending expected to reach $9.4 billion this year and more than $139 billion by 2034. That rate of adoption requires careful consideration of the security implications of all those agents interacting with sensitive data.
AI agents need identities — a way to verify each one individually and set guardrails on what it’s allowed to do. Much in the way that security teams manage access to systems and applications based on an employee’s role and responsibilities, governance of AI agents has become essential as these digital taskers handle customer inquiries, manage inventory, or get involved in business operations in myriad other ways. The case for a full-fledged approach to managing digital identities for AI agents includes access control, the ability to limit and revoke privileges, and auditability. Fortunately, giving AI agents secure identities doesn’t require mastering entirely new skills. Security teams can apply much of the know-how and the public key infrastructure (PKI) they already use for security documents, email, and websites.Managing identities at unprecedented scaleIt’s common for tech vendors developing and selling AI agents to include identity management among their security capabilities. That’s a good start, and these point solutions are often sufficient for tightly controlled agentic projects. But from my experience in securing IoT environments, which can comprise millions of devices, scalability remains one of the big challenges with agentic AI. Enterprises that go all-in with AI agents could find themselves with 10 times as many digital certificates to wrangle as they do today. They need a more comprehensive approach.There are other practical reasons to take a more comprehensive platform approach to provisioning and the administration of non-human identities (NHIs). Some organizations might decide on a multi-vendor strategy, maybe with customer service agents from one supplier and sales agents from another. Or, business partners may have diverse AI agents that need to share data. These and similar situations may work best with a vendor-neutral approach that uses industry standards for interoperability.X.509 has been as a vital specification for years, an international standard for public key certificates, the digital credentials that enable secure transport and transactions. These X.509 certificates are widely used for authentication and data encryption across the web and other channels, and these same safeguards can (and should) be applied to AI agents. The inner workings of X.509 include a certificate authority that verifies identity, digital signatures and unique serial numbers – all components required of strong AI agent governance.Other important specs that fit into a robust framework for agentic AI identities at scale are OAuth and OpenID Connect, which support authorization and authentication, respectively. The open-standard Model Context Protocol (MCP), now used to give AI agents access to data sources, leverages both of these standards. This shows how identity management has become tightly woven into agentic AI.Make data access privileges dynamicAgentic AI environments are ever-changing, as AI agents increasingly reason and perform tasks autonomously. To keep up, it’s essential for teams to ensure that identity assignment and lifecycle management are equally dynamic. This includes, for example, the ability to rescind data-access privileges when they’re no longer needed.What we don’t want are static identities within systems that sit like a problem waiting to happen. A valuable concept in digital identities are “shared secrets,” which are passwords, API keys, and other confidential data that are centrally stored and used for secure execution. However, with shared secrets, we risk that this highly sensitive information gets misappropriated by rogue AI agents.Practitioners can minimize that possibility by using short-lived or one-time access tokens, among other techniques. I also recommend prompt signing, in which electronic signatures ensure that only the intended agents are taking action.Much of this is blocking and tackling for experienced security pros. But I believe a broad cross-section of business and tech leaders should understand what’s at stake as they begin to deploy AI agents across departments and work streams. In doing so, enterprises can forge ahead with confidence that their AI agents are bonafide colleagues and contributors — not digital strangers.Ellen Boehm, senior vice president, strategy and innovation, KeyfactorSC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
AI agents need identities — a way to verify each one individually and set guardrails on what it’s allowed to do. Much in the way that security teams manage access to systems and applications based on an employee’s role and responsibilities, governance of AI agents has become essential as these digital taskers handle customer inquiries, manage inventory, or get involved in business operations in myriad other ways. The case for a full-fledged approach to managing digital identities for AI agents includes access control, the ability to limit and revoke privileges, and auditability. Fortunately, giving AI agents secure identities doesn’t require mastering entirely new skills. Security teams can apply much of the know-how and the public key infrastructure (PKI) they already use for security documents, email, and websites.Managing identities at unprecedented scaleIt’s common for tech vendors developing and selling AI agents to include identity management among their security capabilities. That’s a good start, and these point solutions are often sufficient for tightly controlled agentic projects. But from my experience in securing IoT environments, which can comprise millions of devices, scalability remains one of the big challenges with agentic AI. Enterprises that go all-in with AI agents could find themselves with 10 times as many digital certificates to wrangle as they do today. They need a more comprehensive approach.There are other practical reasons to take a more comprehensive platform approach to provisioning and the administration of non-human identities (NHIs). Some organizations might decide on a multi-vendor strategy, maybe with customer service agents from one supplier and sales agents from another. Or, business partners may have diverse AI agents that need to share data. These and similar situations may work best with a vendor-neutral approach that uses industry standards for interoperability.X.509 has been as a vital specification for years, an international standard for public key certificates, the digital credentials that enable secure transport and transactions. These X.509 certificates are widely used for authentication and data encryption across the web and other channels, and these same safeguards can (and should) be applied to AI agents. The inner workings of X.509 include a certificate authority that verifies identity, digital signatures and unique serial numbers – all components required of strong AI agent governance.Other important specs that fit into a robust framework for agentic AI identities at scale are OAuth and OpenID Connect, which support authorization and authentication, respectively. The open-standard Model Context Protocol (MCP), now used to give AI agents access to data sources, leverages both of these standards. This shows how identity management has become tightly woven into agentic AI.Make data access privileges dynamicAgentic AI environments are ever-changing, as AI agents increasingly reason and perform tasks autonomously. To keep up, it’s essential for teams to ensure that identity assignment and lifecycle management are equally dynamic. This includes, for example, the ability to rescind data-access privileges when they’re no longer needed.What we don’t want are static identities within systems that sit like a problem waiting to happen. A valuable concept in digital identities are “shared secrets,” which are passwords, API keys, and other confidential data that are centrally stored and used for secure execution. However, with shared secrets, we risk that this highly sensitive information gets misappropriated by rogue AI agents.Practitioners can minimize that possibility by using short-lived or one-time access tokens, among other techniques. I also recommend prompt signing, in which electronic signatures ensure that only the intended agents are taking action.Much of this is blocking and tackling for experienced security pros. But I believe a broad cross-section of business and tech leaders should understand what’s at stake as they begin to deploy AI agents across departments and work streams. In doing so, enterprises can forge ahead with confidence that their AI agents are bonafide colleagues and contributors — not digital strangers.Ellen Boehm, senior vice president, strategy and innovation, KeyfactorSC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
