Identity, AI/ML

Inheriting trust: Why unified identity fabrics are becoming essential for agentic AI

AGI and autonomous AI transforming employment concept, robot replacing humans silhouette with copy space

The rise of agentic AI is forcing organizations to rethink identity from the ground up, said the panelists in a recent SC Media webcast.  

AI agents should not be treated as simply another type of non-human identity, the panelists agreed, because autonomous agents create dynamic inheritance chains that span humans, applications, service accounts, APIs, and other AI agents.

As these inheritance chains grow, traditional identity governance models — designed for humans and later adapted for machine identities — have a hard time providing the visibility, accountability, and real-time authorization needed to secure autonomous workflows.

What's needed is a unified identity fabric that continuously correlates identities, permissions, and relationships across disparate systems to expose inherited privileges and enable governance of AI agents.

The panelists — Dr. Charles Herder, co-founder of Badge Inc.; Akshay Srinivas Rajanbabu, Distinguished Engineer at Radiant Logic; independent security advisor Andy Weeks; and host Mandy Logan — agreed that identity governance needs more than static permissions and periodic reviews.

Organizations must now continuously map relationships among human identities, non-human identities, and AI agents while dynamically evaluating authorization based on context and intent.

The panelists also explored how cryptographic trust, ephemeral credentials, delegated authority, and relationship graphs could work together to provide secure identity inheritance across increasingly autonomous enterprise environments, creating a foundation for governing AI agents without slowing innovation.

As Akshay Rajanbabu explained, the industry has entered a fundamentally new era of identity:

"The big takeaway for me was that agentic identity governance cannot be treated as a future problem," said Rajanbabu. "It exists today. We need to start working on it today. We need to map that inherited access chain."

The greatest challenge isn't just authenticating AI agents but also understanding how permissions can build up as agents call on other agents, applications, APIs, and workflows.

AI agents often inherit more privileges as they interact with enterprise systems, creating long chains of delegated authority that can quickly become invisible. The panelists said fragmented identity repositories might prevent security teams from seeing these inheritance paths, making unified identity graphs essential for understanding who or what can ultimately access sensitive resources.

Another major theme involved accountability. AI agents may create additional agents and delegate tasks long after the employee who created them has changed roles or left the organization. Organizations must pre-determine who in the company inherits these delegated identity chains after an employee moves on.

"What keeps me up is that it's not just visibility, it's accountability," said Weeks.

Herder argued that AI agents should operate using delegated, time-limited credentials rooted in verified human identities. Combined with a unified identity platform, he said, cryptographic trust lets organizations prove both identity and delegated authority while reducing opportunities for credential abuse.

The most forward-looking portion of the discussion focused on moving beyond static authorization toward intent-aware authorization. Rather than making access decisions solely on identity attributes or predefined roles, future identity systems should continuously evaluate the business purpose behind an agent's actions using contextual information derived from relationship graphs and inherited permissions.

Authorization must occur in seconds, or even milliseconds, to prevent AI agents from exploiting temporary misconfigurations or excessive privileges.

"Dynamic authorization is the only way that this scales as we go forward," Weeks said.

AI agents are a fundamental shift in enterprise identity, the panelists agreed, not just another category of machine identity. Successfully governing them requires continuously updated identity data, relationship mapping, cryptographic trust, dynamic authorization, and intent-aware policy enforcement operating together as a unified identity fabric.

Paul Wagenseil

Paul Wagenseil is a custom content strategist for CyberRisk Alliance, leading creation of content developed from CRA research and aligned to the most critical topics of interest for the cybersecurity community. He previously held editor roles focused on the security market at Tom’s Guide, Laptop Magazine, TechNewsDaily.com and SecurityNewsDaily.com.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds