惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

美团技术团队
P
Privacy International News Feed
P
Proofpoint News Feed
Security Archives - TechRepublic
Security Archives - TechRepublic
C
CXSECURITY Database RSS Feed - CXSecurity.com
Know Your Adversary
Know Your Adversary
Security Latest
Security Latest
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Attack and Defense Labs
Attack and Defense Labs
NISL@THU
NISL@THU
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
W
WeLiveSecurity
GbyAI
GbyAI
N
News and Events Feed by Topic
N
News | PayPal Newsroom
Y
Y Combinator Blog
C
CERT Recently Published Vulnerability Notes
N
Netflix TechBlog - Medium
S
Security Affairs
Spread Privacy
Spread Privacy
罗磊的独立博客
腾讯CDC
MyScale Blog
MyScale Blog
www.infosecurity-magazine.com
www.infosecurity-magazine.com
L
LINUX DO - 热门话题
The Cloudflare Blog
L
LangChain Blog
博客园_首页
H
Hacker News: Front Page
宝玉的分享
宝玉的分享
Martin Fowler
Martin Fowler
博客园 - 聂微东
SecWiki News
SecWiki News
A
Arctic Wolf
爱范儿
爱范儿
Google Online Security Blog
Google Online Security Blog
T
Threat Research - Cisco Blogs
Hacker News - Newest:
Hacker News - Newest: "LLM"
有赞技术团队
有赞技术团队
The GitHub Blog
The GitHub Blog
Cyberwarzone
Cyberwarzone
博客园 - 叶小钗
V
Visual Studio Blog
V
V2EX
T
Tailwind CSS Blog
Project Zero
Project Zero
T
The Blog of Author Tim Ferriss
F
Fortinet All Blogs
MongoDB | Blog
MongoDB | Blog
D
Docker

Search Security Resources and Information from TechTarget

How to operationalize threat modeling with AI | TechTarget CISO First fully agentic ransomware attack sparks readiness concerns | TechTarget Evaluating secure enterprise browsers vs. security plugins | TechTarget The AI vulnerability storm is here: Is your security program ready? | TechTarget Perimeter to posture: A roadmap to zero trust maturity | TechTarget TLS certificate lifetime changes: What CISOs must do now | TechTarget The agentic AI 8 key aspects of a mobile device security audit program | TechTarget Why mobile security audits are important in the enterprise | TechTarget Beyond the perimeter: The shift to data-centric protection | TechTarget How agentic AI threat intelligence aids NGO cyber defense: Case study | TechTarget How to conduct a mobile app security audit | TechTarget NO FAKES Act advances: What CISOs need to know | TechTarget What CISOs should know about AI runtime security | TechTarget As Q-Day looms, 90% of systems are unprepared for PQC | TechTarget A CISO Most security pros say their culture is Zscaler lays out its vision to secure the AI era at Zenith Live | TechTarget The OpenClaw security risks every CISO needs to know | TechTarget Cloud security metrics and KPIs: A CISO Florida public sector training on SimSpace cyber range: Case study | TechTarget Reporters' Notebook — Focus on Cyber Insurance: How Quantifying Risk Is Reshaping Security It's time to update incident response for the AI era How to build AI security guardrails without blocking innovation The prosecution gap: Why cybercrimes go unpunished AI in cyberdefense: Learning from threat actors' playbooks Top identity and access management risks CISO role changes as cyber-risk appetites in the C-suite grow CISO's guide to data minimization Researchers build autonomous AI worm that can reason and adapt How to secure data at rest, in use and in motion How to find cyber-risk data sources for a FAIR analysis Lost in translation: Cybersecurity board reporting for CISOs How to prepare security controls for future AI regulations EO 14390 raises stakes for enterprise cybersecurity First month of Mythos Preview testing exposes 10K flaws OT attacks shift from recon to physical control, raising stakes For CISOs, dawn of OpenAI Daybreak brings good and bad news Gartner Security & Risk Management Summit 2026: Adapting for AI | TechTarget Inside business email compromise attacks: Real-world examples Verizon 2026 DBIR: 6 key takeaways for CISOs How to build a business impact analysis checklist Taking care of business: The CISO's role in a cyber crisis What CISOs need to know about AI audit logs SOC vs. MDR: What CISOs need to consider Instructure cyberattack reignites ransom payment debate Transform SIEM rules with behavior-based threat detection CISO's guide: How to test an incident response plan How to implement zero trust for AI Data after the breach: Economics of the dark web The breakup: Why CISOs are decoupling data from their SIEMs | TechTarget News brief: Security worries and warnings as AI use expands How to construct an effective security controls evaluation 5 leading enterprise password managers to consider Claude Mythos changes the AI security threat matrix Buyer 6 things to check in your cyber insurance policy fine print How cyber insurance helped with breach recovery -- or not News brief: Critical infrastructure, OT cybersecurity attacks Tape's strategic role in modern data protection Top zero-trust use cases in the enterprise What every CISO should consider before a SIEM migration CISO's guide to centralized vs. federated security models Shadow code: The hidden threat for enterprise IT How to fix cybersecurity's agentic AI identity crisis 5 top SIEM use cases in the enterprise Top 8 e-signature software providers for 2026 How do digital signatures work? News brief: AI woes continue for security leaders Deepfake era demands proof-based security, not just awareness Is SOAR dead or alive? Sort of The push for digital sovereignty: What CISOs need to know Beyond awareness: Human risk management metrics for CISOs Cybersecurity in the age of AI means bigger, faster threats At RSAC 2026, AI optimism and anxiety -- and an MIA U.S. government Inside the SOC that secured RSAC 2026 Conference How to roll out an enterprise passkey deployment How to improve the SOC analyst experience -- and why it matters How contact centers detect and prevent fraud News brief: Iranian cyberattacks target U.S. water, energy CISO checklist: Cybersecurity platform or marketing ploy? RSAC 2026 Conference: Key news and industry analysis | TechTarget Next-generation firewall buyer's guide for CISOs Contact center monitoring best practices for CX leaders RSAC 2026: Cyber insurance and the rise of ransomware Agentic AI's role in amplifying and creating insider risks RSAC 2026 recap: AI security and network security trends Identity security at RSAC 2026: The new enterprise dynamics Meaningful metrics demonstrate the value of cyber-resiliency What to know about red team testing and the law News brief: Iran cyberattacks escalate, U.S. targets named 5 top SOC-as-a-service providers and how to evaluate them Cloud security architecture: Enterprise cloud blueprint for CISOs Contact center compliance checklist for modern workforces How AI caught a malicious North Korean insider at Exabeam Watch your words: Tim Brown's advice for CISOs News brief: U.S. absence at RSAC sparks leadership concerns Network security management challenges and best practices 10 enterprise secure remote access best practices
Identity security for AI agents: The proliferation challenge
Todd Thiemann · 2026-05-22 · via Search Security Resources and Information from TechTarget

Identity teams can accelerate AI adoption with strong security foundations. But managing nondeterministic AI agents is different from securing human identities and traditional NHIs.

Todd Thiemann

By

  • Todd Thiemann,
  • Omdia

    Intelligence and advice powered by decades of global expertise and comprehensive coverage of the tech markets.

Published: 22 May 2026

AI agents are proliferating across the enterprise, with use cases ranging from IT and security operations to legal and compliance tasks.

Omdia, a division of Informa TechTarget, published the results of a survey of 400 security leaders that showed the state of identity security for AI agents. There has been a lot of noise about AI agent security in the marketplace, and the data provided clarity around the importance of building a strong foundation of identity security to enable AI adoption.

Identity security and AI agents

AI agents represent a dramatic expansion of the enterprise attack surface. There are multiple layers to any technology stack for AI agent security. For example, teams need AI security posture management to counter model poisoning and prompt injection attacks, data security posture management to ensure the right data reaches the AI infrastructure, and data loss prevention and insider risk protection.

Any AI agent security strategy needs to be built on a solid identity security foundation for AI agents to deliver management, security and governance.

Identity teams have a unique perspective on AI agents. They already manage identity and access management (IAM) for human identities and nonhuman identities (NHIs), and are now responsible for managing and securing AI agent identities. So, how can they build an effective program to manage those identities, too?

AI agents: NHIs or something else?

At first blush, an AI agent is another type of NHI, alongside service accounts, API keys and OAuth tokens. But dig deeper and they have significant differences.

NHIs are mostly deterministic -- use input X, and consistently get output Y. And NHIs typically cannot make decisions and act. AI agents, on the other hand, are nondeterministic. Use input A, and you might get different outputs -- B1, B2 or B3 -- depending on the circumstances. AI agents work 24/7 and take whatever steps necessary -- within some guardrails -- to achieve their goals.

Omdia research found that a slight majority of identity leaders consider AI agents a distinct category of identity rather than another type of NHI, and I expect that perception will grow over time.

AI agent proliferation

The research found that AI agents are being deployed in nearly every function across the enterprise with a variety of use cases, from supporting IT ops to streamlining sales and marketing. AI agents are being prioritized for deployment in the cloud, in SaaS environments and on endpoints.

Omdia asked identity security leaders how many distinct AI agent projects, workflows or deployments -- each involving a multitude of agents -- they were involved in. The answer was surprising: 22. The number of projects for midmarket companies (<1000 employees) was slightly lower (16). But that is still a hefty number of projects, and identity teams will need consistent management, governance and identity security policies and processes to support them.

The AI agent identity imperative: Enabling AI agent adoption

Identity teams have frequently had the undeserved reputation of being "Team No" within their organizations. The perception is that IAM teams slow down projects due to compliance, governance and identity security concerns.

Identity teams now have an opportunity to be "Team Yes" and help accelerate AI agent projects through consistent, scalable management and governance. Laying down common IAM "railroad tracks" along which a multitude of AI agent projects can run will improve scalability, business velocity, security and compliance posture. Getting ahead of the problem now will help control against tool fragmentation in the future.

Solving the identity security problem requires multiple core capabilities:

  • Visibility of agents across the enterprise. This includes cloud -- Amazon Bedrock, Google Gemini Enterprise Agent Platform (formerly Vertex AI), Microsoft Copilot Studio, etc.; SaaS -- Salesforce Agentforce, Workday agents, etc.; endpoints -- Cursor, Claude Code, copilots, etc.; and points in between. Visibility requires an inventory that includes human creators and owners, as well as observability to understand what agents are doing and whether they are drifting from their intended state.
  • Fine-grained access controls ensure agents are granted the minimum permissions required to perform their tasks. Policies need to be context-aware and adapt to factors such as task scope and risk level to reduce the risk of misuse and limit the incident blast radius.
  • Governance extends human identity governance and administration to AI agents. It enforces policies around who or what can create, approve and manage agent identities and their entitlements. This aligns AI agent access with organizational policies, compliance requirements and risk management frameworks and helps control against agent drift.
  • Lifecycle management for agents, from creation and onboarding to modification and decommissioning. This avoids orphaned or stale identities from becoming security risks and enables teams to terminate anomalous behavior inconsistent with agent intent.

This is a fast-moving space. The questions practitioners were asking six months ago are different from those they ask today.

In addition to the above core capabilities, adjacent identity security capabilities will emerge over time and with experience. For example, identity threat detection and response and identity security posture management need to cover AI agents alongside existing human identities and NHIs. In addition, identity verification for the human owner of an AI agent will become increasingly important in an era of AI deepfakes. The list will grow.

Established platform players -- including Cisco, CrowdStrike, Microsoft, Okta, Palo Alto Networks and CyberArk, Ping Identity, SailPoint and Saviynt -- are expanding their existing identity security offerings to cover AI agent identity security. Cloud service providers -- AWS, GCP and Azure -- are securing AI agent identities in their environments and beyond. There is also a host of new and emerging players, such as Aembit, Andromeda Security, AppViewX, Barndoor AI, BlueFlag Security, C1, Entro Security, Keycard, Natoma, Oasis Security, Silverfort, Token Security and Teleport.

Adequately securing and managing AI agent identities will require multiple identity tools to accommodate diverse use cases. AI agents are evolving at an astounding pace. Identity security for AI agents is nascent and moving quickly, and identity issues and standards are still emerging.

Enterprises need to take steps now to avoid having the search for perfection be the enemy of the good. That translates into understanding the risks associated with AI agents' identities and then beginning the journey to mitigate them, rather than falling into analysis paralysis.

An existing vendor might have a strong enough tool today, or teams might need to explore an emerging player's offerings. CISOs and their teams should start by assessing their organization's risks, priorities and requirements. Then look for a tool or tools that work today and can grow as organizational needs evolve to maintain strong identity security for the AI agent fleet.

It is an amazing time to work in identity; the dynamism makes your head spin! If you are a new technology player solving an interesting new identity or data security problem, or an innovative approach to an existing challenge, I would like to hear about it. You can reach me via LinkedIn.

Todd Thiemann is a senior analyst covering identity access management and data security for Omdia. He has more than 20 years of experience in cybersecurity marketing and strategy.

Omdia is a division of Informa TechTarget. Its analysts have business relationships with technology vendors.

Dig Deeper on Identity and access management