According to the World Economic Forum, non-human and agentic identities will exceed 45 billion by the end of 2025, a figure more than 12 times the size of the global workforce. The downstream implications for identity and access management (IAM) will be massive.
Consider the shift underway. Human identity, the anchor of enterprise security, involves provisioning an account for each employee, assigning a role, and governing them through static permissions. Now imagine multiplying that model by dozens of ephemeral, polymorphic AI agents spinning up for every individual. The traditional identity scaffolding will collapse under the pressure.
From Deterministic to Adaptive Identity
Current applications behave predictably; they are deterministic. They execute deterministic flows: “pull data from HubSpot every Monday, compile a report, send an email.” Easy to model, easy to secure.
AI agents are different. Given autonomy, the same inputs may produce wildly different outputs. An agent asked to summarize inbound leads might one day write polished insights, the next day pull in data from Google Drive, and another day escalate anomalies to an executive system.
This non-deterministic unpredictability erodes the foundation of static role assignments. Permissions cannot be pre-assigned when behaviors change minute by minute. Approving every action manually is untenable. However, granting broad, durable access is an invitation to disaster.
Dynamic Permissions at Machine Speed
To manage the surge of AI agents, permissions must be implemented using a dynamic and just-in-time model. Instead of assigning agents static credentials, security teams must design systems that issue ultra-short-lived tokens scoped to a single operation. These credentials should expire in seconds, not hours or days.
The objective is to enforce least privilege at machine speed. Agents get precisely what they need, no more, no less, for the specific action they’re performing. When the action is complete, the privilege vanishes. If an agent is compromised, the blast radius is measured in seconds, not weeks.
The Dual Persona Problem
An agent often acts both as itself (the actor) and on behalf of a human (the subject). Think of an analyst delegating research to an AI assistant: the analyst’s identity must be represented, but the agent also has an independent execution context. This creates a dual persona model.
Traditional identity systems were not designed to express this duality and bind both personas into each request: who the human is, what the agent is allowed to do, the intent of the request, and the context in which the action occurs.
Failing to capture this nuance risks agents operating outside intended boundaries, reading sensitive data, executing trades, or modifying records under the wrong identity model.
Extending Zero Trust to Agents
The next frontier is agent-to-agent trust. Enterprises will not just field isolated AI assistants; they’ll deploy fleets of agents collaborating across infrastructure. Picture a cluster-management swarm: one agent monitors workloads, another scales clusters, and another orchestrates blue/green deployments.
Without careful design, these agents may bypass traditional identity controls altogether, exchanging instructions without leaving traceable audit trails. Instead, every agent-to-agent call must be authenticated, authorized, and logged — no implicit trust, no shadow channels.
Agents may appear and disappear in seconds. Some will persist, others will spin up for a single transaction. Their ephemeral nature breaks the conventional identity management lifecycle.
Just as importantly, every action must be auditable. Without a non-repudiable event trail, incident response and compliance are impossible. Enterprises need logging and traceability tailored to AI agents, capturing not just what was done, but under what identity, on whose behalf, and in what context.
An Agent Identity Playbook
AI agents won’t wait for legacy IAM to catch up. Their speed, scale, and unpredictability will overwhelm static models built for humans. To stay ahead of this shift, security leaders need a playbook built for machines: dynamic, automated, and uncompromising. Here are four best practices to consider:
- Automate agent identity lifecycles: Provision, monitor, and retire agents in real time, without manual intervention.
- Enforce least privilege dynamically: Grant permissions just-in-time and scope them to single operations with ultra-short token lifetimes.
- Extend zero trust to agents: Treat inter-agent communications with the same scrutiny as human logins — authenticate, authorize, and audit every call.
- Monitor with full auditability: Ensure that every action leaves a verifiable trail, even when agents exist only for seconds.
The scale of the identity challenge is inevitable. Enterprises will unleash armies of AI agents because the business case is too strong to ignore. The challenge for security leaders is to ensure those agents operate within predefined guardrails. This requires moving beyond static IAM models and adopting practices built for machine speed.
The real agentic identity challenge is to turn principle into practice. This means investing in systems that can automatically issue and revoke credentials, embedding identity context into every workflow your agents touch, and instrumenting inter-agent traffic so that all activity can be observed and controlled.
Just as necessary, build feedback loops that use telemetry and audit data to refine policies over time. Security teams that make these capabilities part of their daily operations won’t just adapt to the rise of AI agents — they’ll use it to deliver speed, resilience, and trust at scale.
Loading ...
