As artificial intelligence agents begin to take on more work inside companies, the foundations of digital security are undergoing dramatic shifts. For decades, authentication was largely a one-time event; enter a password, log in, and gain access to your work station. In the emerging agent-driven economy, that model is rapidly becoming obsolete.Security leaders say enterprises are moving toward what they call ‘context-aware trust’, where identity decisions must be evaluated continuously rather than at a single login moment. The change is being driven by a dramatic rise in non-human identities like AI agents, auto-mated scripts, APIs and cloud workloads; that now outnumber human users across modern technology systems.“The network used to be the perimeter,” said Eric Kelleher, President & Chief Operating Officer at Okta, during a webinar we held recently. “Employees were inside the office, using corporate devices on corporate networks. But with mobile, cloud and remote work, the network is no longer the boundary. Identity has become the new perimeter.”
In practical terms, that means every action inside a system , whether triggered by a person or an AI agent, must be verified continuously. Static security controls such as firewalls remain necessary, Kelleher said, but they are no longer sufficient in an environment where users connect from multiple devices and automated software performs tasks across systems.The urgency of the shift is reflected in the scale of cyber threats. According to estimates cited by Kelleher, more than 80% of successful cyberattacks begin with some form of compromised identity. Once attackers gain valid credentials, they can move through systems undetected.“Identity is the only thing attackers consistently target and the only thing enterprises can consistently control,” said Ravindra Usmanpurkar, Partner, Cyber Digital Trust & Privacy at Deloitte India. “If the identity layer is weak, it doesn’t matter how many firewalls you buy. It’s like leaving the keys under the doormat.”The agentic problemThe rise of AI agents is complicating this landscape. Modern enterprises increasingly rely on automated systems to handle tasks ranging from customer service interactions to data analysis and software deployment. Each of these agents interacts with applications, accesses data and performs actions on behalf of humans.In many organisations, machine identities, such as containers, serverless functions, scripts and automated services, already outnumber human accounts.“We are already seeing machine identities outnumber human identities,” said Vijay Rajagopal, country head, BFSI & Fintech Go-To-Market at Amazon Web Services (AWS). “Unlike humans, these identities operate continuously and at machine speed. That means security also has to be automated and dynamic.”
The problem is that governance frameworks were largely designed for human users. AI agents, which can create and access resources automatically, often fall outside those traditional controls.Okta’s research highlights the growing gap between adoption and security. A survey of enterprise technology leaders by Okta found that 91% of organisations already have AI agents operating in production systems. Yet only around 10% say they are confident those agents are properly secured.The disparity reflects the pace at which AI tools are spreading through organisations. Employees experimenting with productivity tools or automation platforms can deploy agents without central oversight, creating hidden identities inside corporate systems.“One of the biggest challenges security teams face is that they often don’t know which agents exist in their environment,” Kelleher said. “Employees are experimenting with these tools to get work done, and those agents can be deployed globally across the organisation.”To address this blind spot, companies are increasingly adopting technologies designed to discover and map all identities within their systems, including non-human ones. One emerging category is identity security posture management, which scans enterprise environments to identify active agents and automated service accounts.Usmanpurkar believes organisations must start thinking of AI agents not as technical tools but as a new category of digital workforce.
“AI agents are becoming the fastest employees in the organisation,” he said. “But they can also become the highest-risk insiders if they are not governed properly.” The age of agentic AI is already here and with it, the opportunity to build a faster, smarter, and more capable digital workforce. Organisations that pair adoption with strong governance will be best placed to lead the next era of enterprise innovation.Disclaimer – The above content is non-editorial, and TIL hereby disclaims any and all warranties, expressed or implied, relating to it, and does not guarantee, vouch for or necessarily endorse any of the content.