FB pixel

Identity is a zero-trust hard requirement for AI agents

Identity is a zero-trust hard requirement for AI agents
 

By Titus Capilnean, VP of Go-to-Market at Civic

By 2025, approximately 85% of enterprises are expected to implement AI agents, inevitably revolutionizing the future of work and advancing technologies’ role as supplemental tools that increase productivity. AI Agents will support enterprise operations through their ability to solve complex tasks and automate processes expeditiously. However, though investment and widespread adoption of AI have seen explosive growth, enterprise integration of AI systems has been limited.

The true obstacle for agentic AI is revealed once agents touch real systems, sensitive data, and live infrastructure. The risks of this information being compromised compound quickly through agents’ access to the open web. AI needs to overcome three set pain points, each one a trust gap—and right now, the technology isn’t closing them fast enough.

Agents without identity have no place in a zero-trust security posture

Contemporary AI agents now operate under overly lenient and extended-lived credentials with weak security restrictions. Such credentials typically grant broad access across the system with few limits on what the agent is able to do, how long it can do it, or strong boundaries for its permissions. In addition, their time-to-live is often not specified, and that implies a higher likelihood of misuse if they happen to be compromised. Most critically, there’s no easily verifiable identity being associated with the agent against which enterprises can assign accountability. Combined, this creates severe threats to the organization and security of AI systems.

You can’t secure AI agents that you can’t see

One of the most important factors in maintaining excellence in any business is identifying employee actions. If an employee makes an error, it is crucial to identify the error, who made it, correct it, and take steps to make sure it doesn’t happen again. The same could be said with AI agents — when an agent makes a mistake, businesses need to know where the mistake is and how to prevent it from recurring. Without agent identity, an enterprise wouldn’t be able to track agent activity, or miss the error completely, endangering the function of the organization.

Agents can run up your cloud bills without boundaries

While these security factors are problematic, they don’t hit the company’s coffers as much as the cost boundary problem. Human beings understand the cost of their actions and are conscious of resource expenditure. An AI agent is not. They are capable of autonomously triggering expensive Application Programming Interface (API) calls without visibility or limits. Without a clear identity, there is no way to determine who (or what) is using these costly APIs. Even worse, there is no way to implement cost caps that are tied to specific agents or tasks.

With all these pain points, it suits businesses to implement AI identity solutions that are secure and traceable. With the right ephemeral authentication and authorization strategy, businesses can easily verify credentials for their agents as their non-human identities. Even further, this can make sure the identity is matched with specific tasks and limits on those tasks. This ensures that agents performing tasks will be verified quickly and that they can perform those tasks without compromising the company’s IT infrastructure.

It would be a detriment to the future of the global economy and workforce to hamper agentic AI implementation because of security concerns. This technology has, correctly, been touted as revolutionary, and lives would be easier with an agentic AI performing those mundane tasks that human beings would rather not do. Without these obstacles, productivity will explode, businesses will increase profits, and products could become cheaper through leveraging the capabilities that AI agents offer.

The path forward

This future cannot come about without authentication and identity solutions, acting as a foundational verification layer for AI agents. Additionally, we must make sure to keep identity in mind when operating with AI agents to ensure we’re identifying any issues that come to the fore from their actions.

About the author

Titus Capilnean is Vice President of Go-to-Market at Civic, a leading provider of identity and access management solutions, including Civic Pass. A seasoned marketer and technologist, Titus brings extensive leadership experience across fintech, artificial intelligence, identity, blockchain, and AI data. Titus has also coordinated the writing for two books on artificial intelligence, co-authored a paper on AI with the World Economic Forum, and written a paper on decentralized identity.

Related Posts

Article Topics

 |   |   |   |   |   |   | 

Latest Biometrics News

 

Biometrics providers and systems evolve or get left behind

Biometrics are allowing people to prove who they are, speeding journeys through airports, and enabling anonymous online proof of age,…

 

Findynet funding development of six digital wallet solutions

Finnish public-private cooperative Findynet has announced it will award 60,000 euros (US$69,200) to six digital wallet vendors to help translate…

 

Patchwork of age check, online safety legislation grows across US

As the U.S. waits for the Supreme Court’s opinion on the Texas case of Paxton v. Free Speech Coalition, which…

 

AVPA laud findings from age assurance tech trial

The Age Verification Providers Association (AVPA), and several of its members, have welcomed the publication of preliminary findings from the…

 

Sri Lanka to launch govt API policies and guidelines

Sri Lanka’s government, in the wake of its digital economy drive, is gearing up to release application programming interface (API)…

 

Netherlands’ asylum seeker ID cards from Idemia use vertical ICAO format

The Netherlands will introduce new identity documents for asylum seekers Idemia Smart Identity, compliant with the ICAO specification for vertical…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Biometric Market Analysis

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events