Enterprise identity security for non-human identities (NHIs) has traditionally centered on machine-to-machine (M2M) communications. Applications, APIs, service accounts, and other NHIs operate within predefined rules, making traditional identity governance relatively effective.
Enterprise
AI agents introduce an entirely different operating model. Unlike deterministic NHIs that follow preset instructions, AI agents are designed to be unpredictable and innovative.
AI agents also reason, adapt, collaborate, and delegate work to other agents. As organizations move toward agent-to-agent (A2A) workflows spanning all business departments,
identity systems must evolve from governing static credentials to governing autonomous decision-making.
Treating AI agents simply as another type of
non-human identity addresses only part of the challenge, argues AI-identity-security provider aizome, because AI agents are fundamentally different.
Like humans, enterprise AI agents possess changing objectives, dynamic permissions, and the ability to initiate complex chains of actions across multiple systems. Securing them requires continuous visibility,
runtime governance, and validation that every action remains aligned with the intent that originally authorized the agent.
"We believe the world is going to a place where every employee within the company will be an agent creator," said aizome CEO and co-founder Amir Ofek in a
recent conversation at Identiverse. "Every person will be able to build his or her own agent. And then you drive to areas where people are not always tech-savvy. They don't know always what the agent can potentially be doing, etc. It's becoming much more dangerous from that perspective."
Why the shift from M2M to A2A is reshaping enterprise security
Traditional M2M environments are predictable. One service authenticates to another using well-defined credentials, and trust relationships remain relatively stable. Enterprise AI agents change that model by introducing A2A communication, in which agents invoke other agents, delegate tasks, and make independent decisions across multiple enterprise systems.
As Ofek notes, enterprise AI agents are designed to execute business processes rather than isolated technical tasks. They will increasingly support HR, finance, logistics, and other mission-critical operations, making them far more consequential than today's service accounts or automation scripts.
"Enterprise AI agents are types of agents that are driving business logic as opposed to, let's say, coding agents or kind of bots," said Ofek. "Those, I believe, are the future of the agentic world."
How AI agents introduce new trust and accountability challenges
An often-proposed solution to the problem of AI accountability is to assign each agent a human "owner." But AI agents cannot simply borrow a human's static identity. Multiple employees may invoke the same enterprise agent, and its effective identity depends on the combination of the requesting user, the agent itself, and the target system being accessed.
This creates what aizome describes as a hybrid identity — neither fully human nor traditionally non-human. Accountability thus becomes contextual. Organizations must determine not only which agent performed an action, but who initiated it, what kind of permissions were applied, and whether the action remained consistent with the user's original authorization.
"Agents do not behave on a one-to-one basis," Ofek said. "Let's say an HR agent or a finance agent, there's multiple people that can use that agent. The real combination of the user with the agent, with the target system, that three-layer combination, that's what builds the context of the identity that needs to be assigned to that agent in that specific context."
Why traditional non-human identity governance falls short in multi-agent environments
Existing NHI governance platforms were designed for deterministic identities such as API keys, bots, and service accounts. Enterprise AI agents are fundamentally different because they continuously reason, adapt, and modify their behavior at runtime.
As agents begin invoking sub-agents, static provisioning quickly loses relevance. Traditional least-privilege controls remain important, but they cannot explain whether an action taken several hops into an agent chain still reflects the original business purpose — the intent — that initiated the workflow.
"[One] agent can talk to another agent and start a chain of events that you were not thinking of or call for a skill that was not the original part of the development of the agent," Ofek explained. "All of those chains of events that agents can trigger, you need to make sure that the identity somehow cascades from the original invoker of the agent that was invoking that change."
How intent becomes harder to preserve and validate across agent chains
Intent is emerging as the defining governance challenge. An AI agent created in the morning may behave differently by the evening as prompts evolve, new tools become available, or additional agents are introduced into a workflow.
"The intent can change very, very quickly over time," said Ofek. "But how do you know the original intent?"
According to aizome, the original prompt provides a baseline for intended behavior. Runtime monitoring can then determine whether subsequent actions still align with that original intent, even as agents work together across complex chains of execution.
"The intent is in the prompt," Ofek added. "You can read into that prompt and understand what's the intent of the agent. Then you can monitor that and see that constantly the agent is doing things that are aligned with that original intent."
Why runtime governance is emerging as a critical control layer
Provisioning alone is no longer enough. Organizations need continuous runtime governance that evaluates every agent action against current identity, context, policy, and intent.
Instead of relying on
audit logs alone after an event occurs, runtime controls maintain identity integrity throughout multi-agent workflows, continuously validating permissions while detecting intent drift, behavioral anomalies, and unauthorized delegation before risks escalate.
What organizations can do today to prepare for agent-driven enterprise workflows
Preparing for agentic AI in the enterprise begins with continuous discovery. Organizations first need to take an accurate inventory of every enterprise AI agent — including unauthorized "shadow" agents — and ongoing visibility into their activities. Each agent should receive its own governed identity, be assigned an accountable human owner, and be monitored continuously as its behavior evolves.
Finally, organizations should extend traditional joiner-mover-leaver processes, once reserved for humans, to AI agents. Discovery, identity assignment, continuous monitoring of behavioral and intent changes, ownership management, and proper retirement together provide a governance framework better suited to an enterprise moving from deterministic machines to autonomous agents.
"You need to treat [AI agents] like other employees in the company," Ofek explained. "They're actually carrying a lot of capabilities that a human person cannot do at much faster speed, and you need to give them the identity, same way as you give an identity to a human being joining the company."
