Identity, AI/ML, Privileged access management

Securing the AI-first enterprise: Access controls for AI agents and non-human identities

Robot workers in boiler suits standing in tidy formations on a factory floor.

Created with SocialSight AI.

In a recent SC Media webcast, our host Adrian Sanabria spoke with Ido Shlomo, Co-Founder and CTO at Token Security, to discuss how to use access controls for AI agents and other non-human identities to secure today's enterprises.

Sanabria and Shlomo highlighted the differences among human identities, machine identities, and the newly emerging category of AI-agent identities.

Human identities are defined as a single source of truth and role-driven access. Machine identities, while scalable and robust, are often designed to be task-specific, and can be more challenging to manage than their human counterparts due to their sheer number.

Agent identities mix the flexibility of human identities with the speed and scope of machine identities, which presents unique security challenges.

Sanabria and Shlomo discussed the difficulty of maintaining transparency and visibility over AI agents' permissions and activities as organizations accelerate their adoption of AI agents. They focused on the importance of being able to trace and audit AI agents, given the risks associated with over-permissioned or abandoned agents.

Common pitfalls that organizations encounter when trying to manage AI agents include failing to assign clear ownership, lack of standardized processes for discovery and inventory, and not tracking both human creators and the agents for which they are responsible.

Shlomo elaborated on Token Security's "identity-first" approach to AI security. Token gathers data from multiple sources (such as AWS, Okta, and agent platforms) to give organizations a comprehensive inventory of human and non-human identities.

Token's platform has three pillars: achieving full discovery of agents and their permissions; building strong ownership models to tie agents to human creators; and right-sizing permissions according to each agent's intended function.

Integrating with identity and agent providers, Shlomo said, lets Token map the relationships among consumers, credentials, and permissions, supporting better policy enforcement and anomaly detection.

"An AI agent without an identity is a chatbot. It's a big knowledge base that was trained on a certain corpus. It might have internal knowledge inside it, but that's it," said Shlomo. "It's like an isolated island. The only bridges that island has into your organizations are the doors that we call identities."

Shlomo and Sanabria also talked about the Privilege Guardian tool, a free Token resource aimed at helping agent developers shape access policies aligning with the principle of least privilege. The tool not only generates tailored policies but also warns developers and security teams about potential mistakes.

Another topic was the Model Context Protocol (MCP), the standardized method that lets AI agents access local and cloud-based resources and work with other applications. Shlomo said that managing which MCPs are present can help organizations prevent an attacker's lateral movement and contain the blast radius of agent compromise.

But he also stressed the need for specialized tools and frameworks to handle the scale, flexibility, and novelty of agent activities, which are far different from those encountered in previous generations of identity management. Shlomo also urged security teams to be flexible when communicating with AI developers.

"The worst thing that could happen is that the security team would be considered the bad guy," Shlomo said. "We want everybody to be aligned on what's important, to have a clear line of sight into a future where agentic partners are part of our departments, part of our workforce. It's really important to get it right and to start having that conversation."

While rapid experimentation with AI should be encouraged, Sanabria and Shlomo agreed, businesses must be careful to secure access and to understand the scope of agent capabilities. Robust monitoring, ownership assignments, and privilege management are vital when agents are handling sensitive operations or data. Best practices for agent identity security should not only safeguard against current threats but also lay the groundwork for scalable and responsible innovation.

Actionable recommendations from the webcast:

Actionable recommendations from the webcast:

  • Establish and maintain an up-to-date inventory of all human, machine, and agent identities across your organization, including clear ownership mapping for each agent.
  • Implement automated tools like Privilege Guardian to ensure least-privilege access policies are built in and regularly review privileges as agents' roles evolve.
  • Integrate security platforms capable of mapping, monitoring, and correlating agent activities (including MCP use and prompt data) to quickly spot anomalies and prevent unauthorized access or privilege escalations.
Paul Wagenseil

Paul Wagenseil is a custom content strategist for CyberRisk Alliance, leading creation of content developed from CRA research and aligned to the most critical topics of interest for the cybersecurity community. He previously held editor roles focused on the security market at Tom’s Guide, Laptop Magazine, TechNewsDaily.com and SecurityNewsDaily.com.

Related

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Access ControlBasic AuthenticationBiometricsCertificate-Based AuthenticationChallenge-Handshake Authentication Protocol (CHAP)Digest AuthenticationDigital CertificateDiscretionary Access Control (DAC)Escrow PasswordsFinger

You can skip this ad in 5 seconds