惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Forbes - Security
Forbes - Security
L
Lohrmann on Cybersecurity
Simon Willison's Weblog
Simon Willison's Weblog
P
Proofpoint News Feed
P
Privacy International News Feed
The Hacker News
The Hacker News
AWS News Blog
AWS News Blog
S
Securelist
P
Proofpoint News Feed
Recent Announcements
Recent Announcements
GbyAI
GbyAI
B
Blog RSS Feed
A
About on SuperTechFans
C
CXSECURITY Database RSS Feed - CXSecurity.com
Y
Y Combinator Blog
Microsoft Azure Blog
Microsoft Azure Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Cyberwarzone
Cyberwarzone
I
Intezer
T
Tor Project blog
T
The Blog of Author Tim Ferriss
The GitHub Blog
The GitHub Blog
云风的 BLOG
云风的 BLOG
Recorded Future
Recorded Future
aimingoo的专栏
aimingoo的专栏
Cisco Talos Blog
Cisco Talos Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
W
WeLiveSecurity
D
DataBreaches.Net
U
Unit 42
Project Zero
Project Zero
Martin Fowler
Martin Fowler
V
V2EX
The Last Watchdog
The Last Watchdog
Security Archives - TechRepublic
Security Archives - TechRepublic
C
Cisco Blogs
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
V2EX - 技术
V2EX - 技术
Hacker News - Newest:
Hacker News - Newest: "LLM"
T
Threat Research - Cisco Blogs
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
T
Tenable Blog
F
Full Disclosure
T
The Exploit Database - CXSecurity.com
H
Heimdal Security Blog
Latest news
Latest news
Webroot Blog
Webroot Blog

SECURITY.COM

Humble Brag: Symantec® Data Center Security Achieves Common Criteria Certification Tips to Harden Your Air Gapped Environments The Visibility Challenge Nobody Asked For Your DLP Incident Backlog Owes You Closure 5 Reasons Symantec® CBX Delivers Total Endpoint Visibility 8 XDR Questions From the Show Floor Locking Down the Server Data Security Is Having A Moment 5 Ways XDR Helps SOCs Act Faster 5 Ways To Keep AI in Check DLP Made Easier on the Teams Running It Web Traffic Visibility is the New Non-Negotiable For Financial Services, a Wake-Up Call for Reclaiming IAM Control How Cloud-Managed DLP Lowers the Barrier to Entry As Identity Takes Control, Telecom Needs Repatriated IAM Capable of Keeping Up Post-Quantum Security Starts at the Edge The Public Sector Case for Repatriating IAM in the Age of AI The Data Sovereignty Paradox The Unseen Wall: How Billions of Attacks Were Blocked in 2025 The “Zero-Blindness” Roadmap: Achieving Maturity in the DLP Endpoint Workspace IAM Has a Fix for the Modern Identity Crisis Identity is the Control Plane, and AI Just Changed the Game
The Agentic AI Tsunami is Here: Is Your Legacy IAM Sinking or Swimming?
About the Author · 2026-04-16 · via SECURITY.COM
  • Agentic AI is introducing a whole new class of enterprise identity: autonomous, non-human agents operating at machine speed.
  • Traditional IAM platforms were designed for human users and point-in-time-authentication, leaving critical gaps for AI agents and stress around performance, cost, and data sovereignty. 
  • Organizations will need an identity platform based on open standards, capable of operating within sovereign deployment models with microservices that can scale fast.

Having worked in the Identity space for longer than I can remember, I’ve architected, deployed, and advised on IAM platforms through multiple massive technology shifts—from client-server architectures to N-tier architectures.

Each wave pushed infrastructure to its limits. But what I’m hearing in recent conversations feels different. The next paradigm shift is already upon us. This time, it's not just about a new device type or another migration to the cloud. We’re talking about an entirely new class of enterprise “user”: agentic AI.

Agentic automation is forecasted to enhance capabilities in over 40% of enterprise applications by 2027, according to the IDC’s 2026 FutureScape report. Capgemini’s 2026 research determined that agentic AI has officially shifted from basic experimentation to a critical business imperative—and Fortune Business Insights predicts the market value of agentic AI will increase to fifteen times the size it is now by 2034.

Before, Now, and Next
Before, Now, and Next

What’s the business appeal? Unlike your homosapien employees, AI agents don't take vacations, and they certainly don't operate at human speed. They independently formulate plans, request access to secure systems, and execute complex workflows.

But it raises a critical question for every identity leader: Is your existing IAM platform genuinely equipped to handle the functional capabilities, operational performance, and scale required by agentic AI?

From what I’ve seen so far, many organizations relying on legacy or rigid SaaS IAM platforms may find the answer is a resounding "no."

The functional gap: Securing the autonomous workforce

Traditional IAM platforms were built around human behavior: logins, sessions, and relatively predictable patterns of activity. Agentic AI turns these legacy models on its head. And securing these new users requires a fundamental rethink of how we issue access. 

Meet your new team: non-human identities 

Security leaders frequently tell me they are deeply concerned about introducing AI securely into their enterprise. Traditional identity models focus heavily on human user experience, but organizations must now design systems that support the coexistence of human identities with the massive evolution of non-human identities (NHIs). 

For AI agents, point-in-time authentication simply isn’t enough. Because these agents operate autonomously and continuously across different systems, identity systems must incorporate ongoing risk assessment deeply into our authentication journeys. If an agent's behavior drifts from its baseline intent, the IAM platform needs to instantly recognize the anomaly and revoke or restrict access.

Access that matches the job 

Supporting new, modern authentication types also presents an immediate hurdle. AI agents work best with  modern authentication frameworks that rely on short-lived, tightly scoped tokens. Agents are only doing their job when they reason that they need additional data, but should they have access to that data, possibly across data boundaries, or even cross-organization? To avoid the risk of overreach, platforms should issue a short-lived, tightly scoped token, specific to the task the agent (or child agent) is undertaking. 

Traceability across agent workflows

Agentic applications frequently spawn additional agents to complete subtasks which in turn spawn multiple child agents of their own, creating complex decision execution chains. Organizations need a complete chain of evidence from start to finish. Without that traceable record, understanding how decisions were made becomes an unnecessary challenge. 

Scale changes everything

While the productivity capabilities are a boon, the operational realities of agentic AI are what keep enterprise architects awake at night. Major challenges to consider include:

Machine-speed scale

An AI agent can fire off hundreds of parallel API requests, or spawn hundreds of child agents in the time it takes a human to type a password. That kind of machine-speed activity places enormous pressure on identity infrastructure. Legacy IAM architecture will buckle under the sheer volume of concurrent machine-speed authentication requests.

To handle this agentic traffic without inflating your Total Cost of Ownership (TCO), a transition to a microservices architecture offers a more sustainable path forward. Instead of scaling an entire monolithic system just because authentication requests spike, microservices allow you to auto-scale only the specific identity components under load.

Keeping operations sustainable

With this massive increase in authentication activity, comes greater complexity and greater pressure on High Availability and Disaster Recovery (HA/DR). At the same time, many organizations are under increasing pressure to reduce operational costs.

The only viable path forward is a modern, cloud-native, microservices-based foundation that can scale dynamically without demanding armies of administrators to maintain it. Deploying this level of resilience isn't the operational nightmare it used to be. My own experience deploying a modern, cloud-native, container-based IAM platform proved remarkably straightforward.

The regulatory reality of AI

This is perhaps the most urgent operational hurdle. As AI agents process vast amounts of sensitive enterprise data, deciding exactly where your identity data and policy resides is no longer just a preference—it’s often a strict legal mandate. A recent 2026 Data Sovereignty Report by Kiteworks revealed a startling reality: 1 in 3

organizations experienced a sovereignty-related incident in the past twelve months, despite nearly half (44%) of companies claiming to be very well informed about sovereignty requirements.

This anxiety is justified by the current regulatory landscape. The Digital Operational Resilience Act (DORA), fully enforceable for the EU financial sector since January 2025, mandates strict management of ICT supply-chain risks. In many cases, achieving DORA-compliant resilience often requires maintaining single-tenant, in-country deployments to ensure operational independence. 

Meanwhile, as the EU AI Act reaches full implementation in August 2026, organizations will need to guarantee that the data feeding their AI agents remains within specified jurisdictional borders. This means organizations must keep direct control over the identities they manage—and where the associated data lives. That level of sovereignty an opaque legacy SaaS providers simply cannot offer.

What this means for your IAM strategy 

IT modernization is rarely ever easy. But ignoring the wave of agentic AI may be far more fatal (and costly). The massive scale of autonomous machine identities, combined with the security risks and regulatory complexities they introduce, means that "good enough" IAM is now a liability. 

Organizations that want to harness the power of AI safely will need identity platforms built for this new reality—prioritizing open standards, in-country deployment options, and robust microservices that can scale at machine speed. 

The agentic AI wave isn’t coming. It’s already here. And a modern IAM strategy built for it starts with the right architecture. Explore how Broadcom IDSP supports non-human identities securely and at scale. 

You might also enjoy

The Agentic AI Tsunami is Here: Is Your Legacy IAM Sinking or Swimming?

 Paul Toal

Paul Toal

Strategic Advisor, IMS - EMEA