How IAM providers are preparing for agentic AI

There is little doubt that enterprises will be deploying agentic AI. As such, technology firms are looking at various ways to secure these systems

Cliff Saran

By

Published: 29 Jun 2026

There is a very real sense that every organisation dabbling with artificial intelligence (AI) – in particular, agentic AI – is heading directly into an IT security catastrophe.

Richard Wainwright, field chief technology officer for Europe, the Middle East and Africa at Okta, says most of the businesses he speaks to seem stuck in pilots and are not obtaining value from the AI investments they’re making.

“They are building AI agents using a combination of API [application programming interface] keys and service accounts, which offer long-lived credentials to provide non-human identities [NHIs] with access to the corporate IT environment,” he says. 

Wainwright warns that this creates a range of problems for IT security professionals. “It’s almost impossible to tie what the agent has done back to the person who called it,” he says.

Another area of concern, according to Wainwright, is that if a service account is used by a generalist AI agent, the scope it has is wide open. “This means it’s really powerful, but it can also break a lot of stuff,” he warns.

In its Workforce identity security platforms, Q2 2026 report, analyst firm Forrester recognises the limitations of identity access management (IAM) for tasks that many enterprises are looking to streamline using agentic AI.

In the report, Forrester notes that modern identity security platforms unify authentication, authorisation, lifecycle governance and identity risk intelligence across human, machine and AI agent identities to deliver consistent, policy-driven controls at scale.

Many organisations’ use of AI and agentic AI is at a stage where the agentic functionality being used is very limited and controlled. Identity and access management for AI agents is a bit different to the way organisations manage employees.

Przemek Czarnecki, chief technology officer at fashion retailer Asos, notes that while agentic AI is not the same as human identity and access management, it is hard to tell the difference. For example, he says: “If you are in Teams, you may confuse an AI agent for a human because agents in the Microsoft environment show up on Teams in the same way as humans.” 

Asos is using Microsoft Copilot in phase one of its AI strategy, where employees are using it to start building agentic AI. “We have defined a very limited set of actions these agents can do because we want to make sure that agents developed by everybody cannot do harm to the company,” says Czarnecki.

The fashion retailer is democratising the use of AI across the business, which potentially enables IT and security teams to understand how people in the business are deploying agentic AI. This is an important first step in putting in place the right observability tools and dashboards. 

Observing actions of AI agents

Visibility is perhaps the first challenge enterprises face when assessing the risk of introducing agentic AI into their organisations.

Amarinder Jassal, senior vice-president and global leader for pre- and post-sales engineering at Saviynt, says there are no industry standards or certification authorities that can certify that an agent is not a bad actor, or working on behalf of a bad actor, and does not lead to sensitive data being compromised, or that it has been audited and has achieved a level of quality assurance that makes it enterprise-ready.

Jassal says Saviynt is seeking to bring AI agents under one umbrella to observe their behaviour. “We are trying to bring all these agents into a single repository, which works rather like a CMDB [configuration management database]. There is one centralised repository for all the AI agents in your environment, whether they are registered or unregistered,” he adds.

To achieve this, Saviynt has developed integration with technical partners and is working with the likes of Zscaler and CrowdStrike to capture shadow aspects of agentic AI.

Observability is key because even legitimate uses of agentic AI systems can perform tasks they are not designed for.

Chandra Gnanasambandam, executive vice-president of product and chief technology officer at SailPoint, recently came across an AI-powered loan processing system that had inadvertently bypassed security measures to complete a credit check it was not supposed to run. “The agent’s intent was to solve a task, and it found ways to do so even when it was being told not to do so,” he says.

In this example, Gnanasambandam says a bank had deployed a supervisor agent to manage the loan approval process, with various helper agents to perform specific tasks. One of these agents was tasked with performing a credit check, but it was denied access to the internal credit-checking application. It reported to the supervisor agent that it did not have access to this application and so could not complete the task. However, the supervisor agent had a goal to complete loan applications in three minutes, and all the other helper agents had already completed their work.

According to Gnanasambandam, the supervisor agent refused to accept the helper agent’s inability to complete its task. As a consequence, seeking an alternative way to complete its task, the helper agent searched the internet for vulnerabilities in the credit risk system.

“It was trying to access a credit risk score and found a GitHub repository where a developer had accidentally left in a token that provides access to the system. So it found the token and accessed the credit risk system. The task was complete – except it did something it was not supposed to do,” he says.

Monitoring agentic AI access

This example is illustrative of the IT governance nightmare that is likely to unfold as agentic AI is deployed in live production environments. What is clear is that AI agents cannot simply be treated in the same way as human users, and they have the ability to work around security measures that limit what they are authorised to do.

Okta is identified by Forrester as a leader in IAM. It recently updated its Auth0 IAM tool for autonomous agents. The Auth0 for AI Agents aims to address the difference between how software developers write software for human users and when an agent is deployed to run the software. The approach Okta is taking shows the challenges IAM software providers are looking to address, along with usability, performance and scalability considerations.

Traditional permission models tend to use APIs to authenticate users to applications. But according to Okta, this approach slows performance in an agentic AI workflow and prevents the deployment of AI agents in production environments, as Gareth Davies, Auth0 chief product officer, explains: “When an AI agent needs to access dozens of different tools, developers are often forced to manually hardcode API keys or build custom authorisation logic from scratch. This impacts productivity and exponentially increases the risk of a breach.”

He says Auth0 for Agents provides an independent identity platform that securely connects agents to any tool, any system and any provider, which means developers can focus on building applications.

Rather than treating AI agents as user extensions, which Okta says can lead to overly broad permissions or shadow identities that bypass enterprise controls, Auth0 for Agents offers a feature called Agent as Principal. This enables software developers to assign unique identities to AI agents, which Okta says are distinct from the users they serve and means agent actions can be independently permissioned and audited, enabling them to operate with proper oversight.

Another problem area Okta is seeking to address with Auth0 for Agents is the performance overhead incurred by fine-grained authentication (FGA) when deploying relationship-based access control. FGA is a way to ensure that only data the user or the agent is authorised to view is accessed when they run a search query across enterprise systems.

This can be achieved by using an AI agent that performs retrieval-augmented generation (RAG) to run a search with a permissions task to augment and generate the responses it is authorised to access. Okta says developers need to make trade-offs: either building a secure system that is too slow to use, or a fast system that risks sensitive data being disclosed. To overcome these trade-offs, Auth0 implements a permissions index, which works rather like a database index, for lookups of permissions data. Since permissions are stored locally in a standard database format, Okta says applications or search engines can query business data that the user or agent is authorised to access by looking up a precomputed permissions table.

Identity and access management companies are taking different approaches to securing agentic AI systems. What is clear from the conversations Computer Weekly has had with IAM firms is that monitoring agentic AI is key.

Simon Gooch, field CIO at Saviynt, says: “Agentic AI is fundamentally shadow IT back with a vengeance.” As organisations start democratising the use of agentic AI, Gooch urges IT and security leaders to ensure they have controls in place to make sure that the democratisation of agentic AI is predictable and the technology is being used sensibly within a framework that the organisation considers safe and secure. 

Read more on Artificial intelligence, automation and robotics

Read More
Laine Volkman

Latest

Company of Heroes 3: Final Stand Announced for PC

by William D'Angelo , posted 3 hours ago / 447 Views Relic Entertainment has announced roguelite wave-defense,  Company of Heroes 3: Final Stand , for PC via Steam. It will launch on July 29. View the announcement trailer below: Read details on the game below: Company of Heroes 3: Final Stand  delivers a standalone roguelite wave-defense

Bloomberg’s Jason Schreier Says Xbox is Not Shutting Down Obsidian Despite Report

by William D'Angelo , posted 6 hours ago / 757 Views Bloomberg's Jason Schreier in a post on social media said T he Outer Worlds, Avowed, and Grounded developer Obsidian Entertainment is safe from being shutdown and Xbox is keeping the studio. "Despite a report this morning, I can confirm that Obsidian is *not* in

Is yet another Microsoft studio, Obsidian, negotiating with Xbox to avoid closure? Conflicting reports emerge

There's "a real sense amongst some teams that they're being punished for the poor performance of Call of Duty". Image credit: Eurogamer A new report from The Game Business suggests that Obsidian Entertainment is another studio currently negotiating with Microsoft to avoid closure as part of the company's controversial reassessment of its business. Only yesterday

Tumors hijack macrophages after they clear dead cells, real-time tracking reveals

🛡️ Just a quick check We’re checking your connection to prevent automated abuse

Newsletter

Don't miss

Company of Heroes 3: Final Stand Announced for PC

by William D'Angelo , posted 3 hours ago / 447 Views Relic Entertainment has announced roguelite wave-defense,  Company of Heroes 3: Final Stand , for PC via Steam. It will launch on July 29. View the announcement trailer below: Read details on the game below: Company of Heroes 3: Final Stand  delivers a standalone roguelite wave-defense

Bloomberg’s Jason Schreier Says Xbox is Not Shutting Down Obsidian Despite Report

by William D'Angelo , posted 6 hours ago / 757 Views Bloomberg's Jason Schreier in a post on social media said T he Outer Worlds, Avowed, and Grounded developer Obsidian Entertainment is safe from being shutdown and Xbox is keeping the studio. "Despite a report this morning, I can confirm that Obsidian is *not* in

Is yet another Microsoft studio, Obsidian, negotiating with Xbox to avoid closure? Conflicting reports emerge

There's "a real sense amongst some teams that they're being punished for the poor performance of Call of Duty". Image credit: Eurogamer A new report from The Game Business suggests that Obsidian Entertainment is another studio currently negotiating with Microsoft to avoid closure as part of the company's controversial reassessment of its business. Only yesterday

Tumors hijack macrophages after they clear dead cells, real-time tracking reveals

🛡️ Just a quick check We’re checking your connection to prevent automated abuse

Shared Versus Private Offices for Docs: What Works Best?

You don't have permission to access "http://www.medpagetoday.com/special-reports/features/122027" on this server. Reference #18.ce6ccd17.1783026825.14dbbc8 https://errors.edgesuite.net/18.ce6ccd17.1783026825.14dbbc8

AI for business services: From job fears to productivity

AI for business services: From job fears to productivity

Business Insurance-AZ Achieves Record Response Times for 2026 Arizona Construction Bids

Business Insurance-AZ achieves milestone response speeds for commercial construction bids across Arizona, accelerating documentation delivery to keep local projects moving forward without delay. Phoenix, AZ, June 06-2026, ZEX PR WIRE — Business Insurance-AZ has achieved record-breaking processing speeds and response times for commercial construction bids throughout Arizona, directly supporting the state’s massive infrastructure and advanced manufacturing boom

Business delegation visits Kazakhstan to strengthen economic and trade cooperation

Astana, Kazakhstan, Jun 2, 2026 - (ACN Newswire) - A business delegation led by the Chief Executive of the Hong Kong Special Administrative Region (HKSAR), John Lee, and organised by the Hong Kong Trade Development Council (HKTDC), began its visit to Astana, the capital of Kazakhstan, on 1 June. During the visit, a total of 43