AI is rapidly moving from experimentation to real business usage. Organizations are no longer only testing chatbots or productivity assistants. They are increasingly exploring AI agents that can interact with applications, access data, trigger workflows and make decisions on behalf of users or business processes.
This creates enormous opportunities, but also introduces a new set of security, identity and governance challenges.
The core issue is not only that AI can generate content or automate tasks. The bigger challenge is that AI agents can become autonomous digital actors inside the enterprise. They can use tools, call APIs, delegate tasks and interact with other agents.
This changes how we need to think about identity security. AI agents shift identity from static access control toward continuous risk assessment. The key question is no longer only who or what has access. It becomes broader: is this agent allowed to act, on behalf of whom, for which purpose, under which conditions, and does its behavior still fit the expected risk profile?
Why traditional IAM models will not be enough
Traditional IAM was built around human users, applications and relatively predictable access patterns. Organizations could define who the user was, which role they had, which systems they accessed and which approvals were required.
AI agents challenge that model.
An agent may act on behalf of a user, a team, a process or even another agent. It may combine multiple tools, adapt its path depending on context and make decisions that were not fully predictable upfront.
Classic IAM and IGA models remain important, but they were not designed for highly dynamic, autonomous AI agents. Traditional RBAC and PBAC models alone will likely not scale efficiently in agentic environments.
AI agents operate in context. Their access needs may depend on the task, the user or process they represent, the data involved, the tool being used, the risk level and the behavior observed at runtime.
Access control will therefore need to become more signal-driven, context-aware and behavior-based. Static access models will need to be complemented with runtime trust evaluation and continuous risk assessment.
From periodic access review to continuous risk assessment
Traditional identity governance often relies on periodic reviews. These remain useful, but they are too slow for autonomous AI environments.
AI agents can make decisions, access tools and trigger workflows in real time. Their risk profile can change during execution, depending on context, data, actions and observed behavior.
This means identity governance will need to evolve from periodic access review toward continuous risk assessment.
Organizations will need to continuously evaluate whether an agent’s behavior still fits the expected risk profile. Which tools are being used? Which systems are accessed? Which data is consulted? Which authorization is being used? Does behavior deviate from expected patterns?
Think about an AI agent acting on behalf of a finance manager. It may retrieve invoice data, prepare a payment proposal, update supplier details or request contract information. In such a scenario, it is not enough to know whether the agent technically has access. Organizations also need to continuously assess whether the action fits the mandate, the business context and the expected behavior.
The focus shifts from reviewing access at fixed moments in time to continuously assessing trust, context and behavior.
That is a fundamental change.
Agent lifecycle, mandate and temporary authorization
Just like human identities have a lifecycle, AI agents will need one as well.
Organizations will need to know which agents exist, who owns them, what purpose they serve, which tools and data they can access, and when they should be decommissioned.
This creates the need for Agent Lifecycle Management: registration, ownership, provisioning, delegated access, monitoring, risk review and deprovisioning.
A key principle should be human accountability. Even if an agent acts autonomously, there should always be a human owner responsible for its purpose, access, risk and behavior.
AI may act autonomously, but accountability should remain human.
One useful way to think about agent delegation is a form of digital power of attorney. This describes the mandate: who the agent is acting for, what it is allowed to do, under which conditions, how long the mandate remains valid and who remains accountable.
Temporary authorization is the technical enforcement of that mandate.
Instead of granting broad or permanent credentials, the agent should receive short-lived, task-specific access that expires automatically once the mandate has been fulfilled or the context changes.
For example, an AI agent that needs to retrieve one invoice from an ERP system should not receive a permanent account with broad ERP access. It should receive temporary, task-specific access that expires automatically after the action is completed or after a short period of time.
This also means organizations need to govern delegated access explicitly: who issued the authorization, which agent received it, for which task, how long it remains valid, which systems it can access and whether it was reused outside its intended context.
In a world of autonomous agents, temporary authorization becomes more than a technical mechanism. It becomes a governance object.
This also aligns with industry concerns described in frameworks such as the OWASP Top 10 for Large Language Model Applications, where risks such as prompt injection, excessive agency and insecure tool usage highlight the need for runtime controls and least-privilege access.
A layered approach to AI security
To make AI security manageable, we will likely need a layered approach.
We have seen a similar evolution before in the networking world. As networks became more complex, the OSI model helped structure the problem into seven layers, each with its own purpose, responsibilities and controls. That did not solve every security challenge, but it made the complexity easier to understand, design and secure.
We expect a similar evolution in the AI world.
AI agent security should not be treated as one single problem. It will need to be broken down into clear layers such as identity, delegation, authorization, context, runtime control, monitoring and governance.
The identity layer helps us understand who or what is acting. The delegation layer defines on behalf of whom the agent is acting. The authorization layer determines what the agent is allowed to do. The context layer evaluates under which conditions the action takes place. The runtime control layer allows us to inspect, constrain or block actions before execution. The monitoring layer observes behavior over time. The governance layer defines who remains accountable.
This layered model makes the problem more manageable. It also helps different teams work together: IAM, security operations, data governance, legal, risk and business owners.
A strong AI security model will not rely on one single control. It will require control points around identity, access, data, tools, runtime behavior and monitoring.
Concepts such as control planes, runtime gateways or guardian layers around AI agents are becoming increasingly relevant. These controls do not try to make AI fully deterministic. Instead, they create inspection and enforcement points around non-deterministic AI logic.
The goal is not to pretend that AI agents can be fully controlled in the traditional sense. The goal is to create enough visibility, governance and runtime control to make their behavior manageable and auditable.
A new role for Identity Security
AI will not make identity less important. It will make identity more complex and more strategic.
The future of identity will likely become more dynamic, contextual and behavior-driven. Organizations will need to govern not only human users, but also agents, workloads, delegated access, tools and trust chains.
There are still more questions than answers. The market is evolving quickly, and vendors are still defining how their platforms will respond to these challenges.
But one thing is becoming clear: AI security will require a combination of governance, identity, monitoring and operational response.
ACEN's perspective
At ACEN, we believe this is exactly the type of challenge where a broad cybersecurity portfolio becomes valuable.
By bringing together our IAM, IGA, PAM and MDR expertise, we can help organizations think through the next generation of AI security and identity governance models.
Agent governance will not be purely an IAM problem. It will also not be purely a SOC problem. It will sit at the intersection of identity governance, runtime control, continuous risk assessment, behavior monitoring and incident response.
That is why the integration between identity governance, privileged access, authorization services, security monitoring, runtime analytics and MDR capabilities will become increasingly important.
Identity teams know who should have access. Security operations teams know what is happening in the environment. AI agents will force these disciplines to come closer together.
We do not believe there is one simple solution today. The technology, standards and vendor landscape are still evolving. But we do believe organizations should already start preparing.
The first steps are visibility, ownership and governance.
Organizations should know which AI initiatives exist, understand which agents or automation flows are being introduced, identify which systems and data they can access, avoid permanent credentials where possible and start thinking about temporary access, delegated authorization and continuous risk assessment.
Organizations should not wait until AI agents are widely deployed before thinking about governance. The time to define visibility, ownership, temporary access and continuous risk assessment is now.
AI agents will create new risks, but also a unique opportunity to rethink identity security for a more dynamic world.
At ACEN, we look forward to helping organizations navigate this next chapter in identity security.
Sources and Inspiration
This article was inspired by insights and discussions with ACEN security experts, KuppingerCole’s Non-Human & Agentic AI Identity Workshop, and the Cyber Security Coalition IAM Focus Group, including contributions from Ward Duchamps, Thales.
