Gihan Munasinghe, CTO at One Identity (www.oneidentity.com), says enterprises must adopt a zero-trust, just-in-time approach to identity and access management (IAM). The reason, he argues, is that agentic AI is moving into its next generation, where AI makes its own agents.

Non-human identities

In a typical enterprise, non-human identities (NHIs) are thought to outnumber human users by at least 50:1.

NHIs are various and include:

• Cloud workloads,
• RPA bots,
• Microservices that use API keys or OAuth tokens to communicate with each other
• Scripts logging into sensitive databases
• AI agents.

It is estimated that the NHI: human ratio may have leapt to 144:1 as more AI agents were deployed over the last year.

CISOs are already alive to the risks posed by orphaned accounts on their systems. They know that automated rotation is required to revoke privileges as soon as NHIs complete tasks.

Managing the next generation of agents

A recent article in Enterprise Times raised the issue that, while the first generation of agentic AI assumed agents had the same rights and permissions as their human creators, AI is now creating agents. AI agents require access to data to complete their assigned tasks.

This presents three major questions for CTOs and CISOs:

• Who, or what, is in control of granting rights and permissions to the AI agents that are accessing your organisation’s data?
• Can your existing IT security measures detect and respond quickly enough if AI-generated AI agents exceed their assigned privileges?
• Can your Identity and Access Management (IAM) and Privileged Access Management (PAM) systems scale to handle the massive influx of authentication and access requests?

Make access momentary

The Kuppinger Cole Leadership Compass for Non-Human Identities assesses how well vendors support enterprise customers in the discovery, inventory and lifecycle management of NHIs.

The report emphasises that privileged access management (PAM) tools must evolve to manage API keys, service accounts, and AI agents.

In my view, the proliferation of machine identities across enterprise estates requires a just-in-time approach to access management.

Specify single sign-on

Single sign-on (SSO) is already well-established in enterprise environments and removes the need to provision accounts and access in each system.

SSO offers administrators a unified mechanism for managing each Identity’s roles, privileges, and access to apps, systems, and configurations. Rather than statically defining the role and privilege level for each Identity, they can be hooked into a single session and granted at the session time. When the session ends, all privileges are removed.

However, many enterprise systems still do not support SSO on the other end. I see too many examples of administrators continuing to grant access statically. The problem with that approach is that we now need to synchronise all identities and accesses in multiple places.

As the enterprise technology stack grows, it becomes harder to keep track of everything that everybody, and everything, needs to access.

One of my fundamental rules as CTO is to block the adoption of any application that does not support single sign-on.

Apply IAM indiscriminately

Risk scales in line with credential sprawl. Machine identities must not be permitted to languish on your system.

The golden rule is to apply the same rigour to managing access and monitoring usage for AI agents and other machine identities as you do for human users.

Apply zero trust

Moving from zero-trust theory to zero-trust execution requires a shift in mindset.

Never trust where a request is coming from; instead, trust the authentication sent by the requester.

Re-authenticate each new request, even if it appears to be coming from the same Identity. At each level, Identity and access need to be checked, including internal API calls.

As we move towards a more SaaS API-driven world, where everything is accessed via the public Internet, I foresee zero trust being designed into systems from day one.

Managing MCP server risk

Anthropic’s Model Context Protocol (MCP) provides a standard method for connecting AI agents to data repositories. While this has dramatically accelerated workflows, the person who writes the MCP server may not always know which AI bot will connect to your system to fetch the required data.

So, how will you know how AI agents access data and move through your systems?

This demands a robust privilege management system for bot identities that is not open-ended. Privilege management needs to be more granular, automated, and based on each query, system, or request.

Monitor behaviour

The accumulation of AI-generated Identities makes the application of zero trust and adoption of just-in-time access management ever more important.

Zero-trust principles need to go beyond managing access to enterprise networks and applications and also govern agentic access to data.

If a user or machine entity attempts to access a data repository at an unusual time or from a suspicious location, that is a red flag.

AI offers the most powerful tool for maintaining logs showing which identities have access to which data, tracking behaviour, and auditing what is happening in your systems.

Make security simple

Security works best when it doesn’t impinge on normal activity and productivity. Our guiding principle is to make IAM easy to use, easy to integrate, and reliable.

When identity and access controls are painful, people will resort to insecure practices, such as leaving sensitive applications open. People with the most privilege may use their position to bypass controls entirely.

The same simplicity principle applies to integrating multiple Identity and access management tools into a single identity fabric that makes governance more manageable for IT security teams.

Tackling AI credential sprawl

We can’t bury our heads in the sand. Agentic AI is already here, and its activity needs to be managed, tracked and audited. Modern frameworks, including NIST CSF 2.0, NIST SP 800-53, PCI DSS, and ISO 27001:2022, already mandate credential rotation, identity lifecycle management, least privilege enforcement, and continuous monitoring and auditing.

AI-generated agents demand just-in-time provisioning and automated revocation of privileges.

Start securing AI agents now

The strategies, tools, identity fabrics, and frameworks are already available to us.

Zero trust needs to go beyond protecting network access and extend to governing access to data repositories used by AI agents. We need to look more closely at the privileges and access granted to bots and restrict them to a specific set of segmented data.

To summarise, all Identities, whether they be microservices, RPAs, or AI-generated agents, must be treated with the same rigour and regular rotation as human identities. SSO, zero-trust, and just-in-time access management with behaviour-driven governance and auditing, are powerful strategies at our disposal.

---

One Identity (www.oneidentity.com) delivers trusted identity security technologies, helping enterprises worldwide to protect and simplify access to digital identities. With flexible deployment options and subscription terms – from self-managed to fully managed – its solutions integrate seamlessly into enterprises’ identity fabrics to strengthen their identity perimeter, protect against breaches, and ensure governance and compliance. Trusted by more than 11,000 organisations, and managing over 500 million identities, One Identity is a recognised leader in identity governance and administration (IGA), privileged access management (PAM), and access management (AM), for security without compromise.

The post When humans are a minority, IAM requires a rethink appeared first on Enterprise Times.