The rapid emergence of agentic AI is transforming how businesses operate. Acting autonomously behind the scenes, these software agents can trigger workflows, generate outputs and interact with multiple systems without human input. Their potential is undeniable, from forecasting sales to detecting phishing attempts, but their power comes with risk.
For IT leaders, the key challenge is integrating these intelligent agents into their organisation’s broader cybersecurity strategy without compromising trust, compliance or control. Many teams are already familiar with the benefits of large language models and generative AI, and most leadership teams now recognise the associated risks. Yet, without a clear deployment framework, agentic AI can become a security liability, particularly in how it interacts with identity systems.
Treating AI agents as an afterthought or applying them as one-off tools leaves businesses vulnerable. Without proper oversight, they can bypass critical controls and create blind spots in security monitoring. To harness their capabilities safely, agentic AI must be embedded into architecture from the start, not bolted on later.
Identity systems under pressure
Agentic AI may mimic human behaviour, but it doesn’t operate like human users. This mismatch creates significant strain on traditional Identity and Access Management (IAM) tools, which were never designed to manage non-human identities operating at scale and struggle to differentiate between trustworthy AI agents and harmful software.
Without proper adaptation, organisations may face two serious risks: AI tools could be rendered non-functional, halting operations or, worse, create new vulnerabilities for attackers. It’s therefore vital IAM frameworks are prepared for the use of AI agents, by treating them as an integral part of the security architecture.
Malicious agents are on the rise
Cybercriminals are increasingly developing AI agents of their own, designed for phishing, deepfakes and scanning for system weaknesses. These malicious agents exploit weak IAM systems by masquerading as legitimate users or generating fake login credentials.
To fight this, organisations should consider adaptive security strategies and flexible response protocols that can automatically tighten authentication as risks emerge. This is crucial for enhancing customer trust satisfaction, as almost 90% of consumers fear AI-driven attacks on their digital identity, according to our 2024 consumer survey.
IAM systems need to be able to detect malicious agents, which is complicated because AI behaves more erratically and dynamically than human users. These agents interact with numerous systems and often have broad access rights, allowing potential lateral movement across networks if compromised. Without time and location restrictions, requiring continuous and agile identity management. And if companies want to comply with governance standards, they need to ensure their AI decisions are traceable and explainable.
Four essentials for agent security
To integrate agentic AI securely and sustainably, organisations should focus on these four core areas:
- AI identity management: Just like human users in enterprises, AI agents need managed identities. Organisations should clearly define their permissions and user rights and track their activity, particularly in sensitive environments.
- Adaptive access policies: Static authentication methods are inadequate and cannot provide secure access for human users or AI agents. Dynamic, context-aware access controls should be used to grant AI agents only the permissions they need at a given time.
- Verification processes: Since AI agents don’t follow typical multi-factor authentication paths, human oversight is essential when granting short-term permissions. Real-time monitoring adds an extra layer of protection and ongoing risk assessment.
- Real-time monitoring: Continuous monitoring allows security teams to detect abnormal behaviour and quickly take action. It also ensures that AI agents stay within their defined roles and legal limits. Changes in the overall threat landscape can also be quickly reflected in IAM policies.
Building secure foundations for autonomous AI
Agentic AI offers undeniable efficiency and potential, but only when it’s deployed with security in mind. By placing identity systems at the centre of deployment strategies, IT leaders can mitigate risk without stifling innovation.
Ultimately, agentic AI shouldn’t just be a tool that exists alongside the security architecture, it must be part of it. With the right governance, organisations can confidently embrace automation, scale their digital capabilities and build trust. This will enable companies to fully realise AI’s potential without sacrificing security or compliance.
Alex Laurie
Alex Laurie is Senior Vice President at Ping Identity. With over twenty years of experience in security and identity technology, Alex has been involved with digital transformation on both the vendor and system integrator side, working alongside government departments, the military, multiple police forces and the banking sector.
