By Tom Eggleston, CEO at ProofID
We're currently in the midst of an AI arms race. In boardrooms across the globe, the conversation has decisively shifted from Generative AI, chatbots that passively provide information, to Agentic AI. These are autonomous software entities that can reason, plan, and execute complex workflows without human intervention. The excitement is entirely justified, as the potential ROI from automating intricate business processes is massive.
However, as identity security professionals, we must temper this excitement with a dose of operational reality. In the rush to deploy these new digital workers and gain a competitive edge, fundamental security principles are being bypassed.
Recent data shows that 80% of organisations report their AI agents have already performed unauthorised or unintended actions.
If you want to truly win in the agent economy, your organisation must adopt a counterintuitive strategy: you must slow down to speed up. Rushing to deploy autonomous agents on top of legacy security architectures creates an unmanageable risk surface. To scale securely and beat the competition, we must transition from a reactive approach to building a strategic, identity-first foundation.
The industry is currently underestimating the risk of Agentic AI because we are applying old mental models to a fundamentally new problem. Traditionally, Identity and Access Management (IAM) secured two things: human employees bound by HR policies and biological speed limits, and basic automated scripts bound by predictable, linear decision trees. Agentic AI breaks this model entirely.
AI agents are non-deterministic; they adapt their behaviour in real-time to achieve a goal, meaning we cannot be certain exactly what path they will take. Furthermore, they operate at incredible velocity, capable of executing over 1,000,000 decisions per hour.
Traditional IAM protocols like OAuth 2.1 and SAML were built for human-speed interactions and rely on broad, static scopes that persist for a session's duration. When we try to force AI agents into these legacy frameworks, we create critical vulnerabilities:
To secure this new workforce, we must stop treating AI agents like simple service accounts. We need a paradigm shift where AI agents are treated as first-class identities that are managed and governed with the same rigor as human employees operating in high-risk environments.
At ProofID, we guide our customers through this transition using a foundational five-pillar architecture:
Discover: You cannot secure what you cannot see. Organizations must implement automated discovery tools to continuously scan cloud environments and find "Shadow AI" agents that have been spun up by developers without central oversight.
Govern: We must establish a "Digital HR" process for software. Every agent must be assigned a unique, verifiable identity and a clear human owner who is accountable for its actions. This includes strict Joiner/Mover/Leaver (JML) lifecycle management to immediately decommission agents when they are no longer needed, preventing dormant "zombie agents".
Enforce: Agents need to interact with external tools and other agents securely. Relying on a patchwork of bespoke API connections creates an unmanageable web of risk. Organizations must adopt standardized protocols like the Model Context Protocol (MCP) and route traffic through centralized gateways to enforce policy on every interaction.
Trust: We must move away from static Role-Based Access Control (RBAC) to dynamic Policy-Based Access Control (PBAC). Agents must be granted Just-in-Time (JIT) access with tightly scoped permissions evaluated in real-time, based on the specific context of the task.
Observe: To balance autonomy with safety, we must establish behavioral baselines to spot anomalous actions instantly. For high-risk, high-impact transactions, the system must enforce Human-in-the-Loop (HITL) approvals, pausing the agent until explicit consent is granted.
As a long-term identity security partner, ProofID knows that theoretical frameworks must be backed by robust, enterprise-grade technology. Using examples from our partner Ping Identity, we explore how organisations can begin implementing the identity foundations needed to support Agentic AI securely at scale.
Pillar 1 (Discover): You cannot govern what you cannot identify. To uncover "Shadow AI" and bring agents into the light, PingProtect goes beyond basic "good bot versus bad bot" logic. It continuously evaluates identity, intent, and behavior to detect, discover, and classify AI agents interacting with your systems in real-time.
Pillar 2 (Govern): To establish our "Digital HR" department, we utilise PingDirectory and Advanced Identity Cloud (AIC) to provide a centralized repository for your digital workforce. These tools manage the full JML lifecycle for AI agents—onboarding them with unique credentials, assigning clear roles, organizing them centrally, and securely offboarding them when their tasks are complete.
Pillar 3 (Enforce): To protect how agents speak to your enterprise tools, PingGateway acts as a centralized Model Context Protocol (MCP) Gateway. It introduces a vital security layer that intercepts agent requests, enforces token validation, and proxy connections securely before any call reaches downstream enterprise APIs or data repositories
Pillar 4 (Trust): This is where the paradigm truly shifts. Ping Identity is pioneering the concept of Runtime Identity. Traditional IAM assumes the login is the security boundary. Ping’s Agent IAM Core and PingAuthorize shift that boundary to the moment of action. As your Runtime Identity provider, Ping authorizes transactions as they happen. It evaluates context dynamically and issues narrowly scoped, delegated authority in real-time, ensuring agents only ever have the exact privileges needed for the immediate task.
Pillar 5 (Observe): To balance autonomy with safety, Ping provides continuous behavioral monitoring to instantly detect and block rogue activity. For high-impact actions, it leverages Client-Initiated Backchannel Authentication (CIBA) to trigger a real-time push notification to a human owner’s device. This effortlessly enforces a Human-in-the-Loop (HITL) approval checkpoint before a sensitive action can execute.
Currently, 75% of technology leaders cite governance and security as their top barrier to deploying Agentic AI. The urge to quickly deploy autonomous agents is understandable, but trying to stretch legacy IAM solutions to fit non-deterministic AI will only lead to operational chaos, data breaches, and severe regulatory penalties.
The organizations that ultimately win the AI race won't be the ones that deploy agents the fastest; they will be the ones that retool their identity architecture to deploy digital workers safely and at scale.
By slowing down today to implement a robust, Runtime Identity control plane, you empower your business to confidently scale agentic operations tomorrow.
At ProofID, we are ready to be your partner in building that secure foundation. Let’s map your identity roadmap together and turn Agentic AI from an unmanaged risk into your greatest competitive advantage. Find out more about our vendor-agnostic Agentic AI advisory service: