The Rise of Agentic Identities
AI agents are rapidly being adopted across enterprises, but their autonomous and non deterministic behavior introduces a new class of identity risk. Unlike traditional software, AI agents can be manipulated through prompt engineering, lack inherent codes of conduct, and operate at machine speed. This creates an unmanaged identity attack surface that traditional security models are not designed to handle.
Impact and Scope
Security leaders like Proofpoint CEO Sumit Dhawan emphasize that AI agents carry the same risk profile as human users, yet they are often deployed without proper governance. The result is a growing gap where agentic identities can access sensitive systems and data without oversight. Organizations must build purpose built integrity frameworks to monitor and control these non human identities, or face potential data breaches and compliance failures. Without these controls, the rapid adoption of AI agents will outpace the ability to secure them.
Required Actions for Defenders
To mitigate this emerging threat, enterprises need to extend their identity and access management strategies to include machine and AI identities. This means implementing continuous behavioral monitoring, enforcing strict privilege limits, and integrating AI governance into existing security stacks. The shift from brute force attacks to AI powered phishing already challenges defenders, and agentic identities represent the next frontier of identity based threats.
Source: Healthcareinfosecurity
