AI Agents Reshape Cybersecurity: The Rise of Continuous Identity Verification
AI Agents Reshape Cybersecurity: Continuous Identity Verification

AI Agents Reshape Cybersecurity: The Rise of Continuous Identity Verification

As artificial intelligence agents begin to take on more work inside companies, the foundations of digital security are undergoing dramatic and profound shifts. For decades, authentication was largely a one-time event; enter a password, log in, and gain access to your work station. In the emerging agent-driven economy, that model is rapidly becoming obsolete and inadequate for modern threats.

From Network Perimeter to Identity as the New Boundary

Security leaders say enterprises are moving toward what they call context-aware trust, where identity decisions must be evaluated continuously rather than at a single login moment. The change is being driven by a dramatic rise in non-human identities like AI agents, automated scripts, APIs, and cloud workloads that now outnumber human users across modern technology systems.

Eric Kelleher, President & Chief Operating Officer at Okta, emphasized this shift during a recent webinar. "The network used to be the perimeter," he said. "Employees were inside the office, using corporate devices on corporate networks. But with mobile, cloud, and remote work, the network is no longer the boundary. Identity has become the new perimeter."

Wide Pickt banner — collaborative shopping lists app for Telegram, phone mockup with grocery list

In practical terms, that means every action inside a system, whether triggered by a person or an AI agent, must be verified continuously. Static security controls such as firewalls remain necessary, Kelleher noted, but they are no longer sufficient in an environment where users connect from multiple devices and automated software performs tasks across systems.

The Urgency of Identity Security in the Face of Cyber Threats

The urgency of this shift is reflected in the scale of cyber threats. According to estimates cited by Kelleher, more than 80% of successful cyberattacks begin with some form of compromised identity. Once attackers gain valid credentials, they can move through systems undetected, posing severe risks.

Ravindra Usmanpurkar, Partner, Cyber Digital Trust & Privacy at Deloitte India, highlighted the critical role of identity. "Identity is the only thing attackers consistently target and the only thing enterprises can consistently control," he said. "If the identity layer is weak, it doesn't matter how many firewalls you buy. It's like leaving the keys under the doormat."

The Agentic Problem: AI Agents Complicate Security Landscapes

The rise of AI agents is complicating this landscape significantly. Modern enterprises increasingly rely on automated systems to handle tasks ranging from customer service interactions to data analysis and software deployment. Each of these agents interacts with applications, accesses data, and performs actions on behalf of humans.

In many organisations, machine identities, such as containers, serverless functions, scripts, and automated services, already outnumber human accounts. Vijay Rajagopal, country head, BFSI & Fintech Go-To-Market at Amazon Web Services (AWS), observed, "We are already seeing machine identities outnumber human identities. Unlike humans, these identities operate continuously and at machine speed. That means security also has to be automated and dynamic."

The problem is that governance frameworks were largely designed for human users. AI agents, which can create and access resources automatically, often fall outside those traditional controls, creating vulnerabilities.

Adoption Outpaces Security: A Growing Gap

Okta's research highlights the growing gap between adoption and security. A survey of enterprise technology leaders by Okta found that 91% of organisations already have AI agents operating in production systems. Yet only around 10% say they are confident those agents are properly secured.

Pickt after-article banner — collaborative shopping lists app with family illustration

This disparity reflects the pace at which AI tools are spreading through organisations. Employees experimenting with productivity tools or automation platforms can deploy agents without central oversight, creating hidden identities inside corporate systems. Kelleher explained, "One of the biggest challenges security teams face is that they often don't know which agents exist in their environment. Employees are experimenting with these tools to get work done, and those agents can be deployed globally across the organisation."

Solutions and Future Directions

To address this blind spot, companies are increasingly adopting technologies designed to discover and map all identities within their systems, including non-human ones. One emerging category is identity security posture management, which scans enterprise environments to identify active agents and automated service accounts.

Usmanpurkar believes organisations must start thinking of AI agents not as technical tools but as a new category of digital workforce. "AI agents are becoming the fastest employees in the organisation," he said. "But they can also become the highest-risk insiders if they are not governed properly."

The age of agentic AI is already here, and with it, the opportunity to build a faster, smarter, and more capable digital workforce. Organisations that pair adoption with strong governance will be best placed to lead the next era of enterprise innovation, ensuring security keeps pace with technological advancement.