Maksim Kabakou - Fotolia

Opinion

A new frontier: Identity stack evolves for agentic systems

The Computer Weekly Security Think Tank considers the intersection of AI and IAM. In this article, explore the changing nature of the identity stack and learn what will change as identity evolves into a real-time control plane for agentic systems.

Aditya K Sood
By
Published: 08 May 2026

In the existing state, identity is human-centric. Today’s identity and access management (IAM) systems were designed for a world dominated by human users and static applications. Identities are provisioned, authenticated, and authorised using models such as role-based access control (RBAC) and multifactor authentication (MFA), with decisions made at login time. Even with the evolution toward zero-trust, the core assumption remains largely unchanged: identities are known, bounded, and relatively stable.

However, agentic AI systems break these assumptions. The transition to agentic systems has fundamentally altered the security landscape. We are no longer just securing "users"; we are securing a massive, autonomous web of non-human identities (NHIs) that move at machine speed. Autonomous agents dynamically invoke tools, access APIs, generate sub-agents, and operate across multiple domains without direct human intervention. These agents often use shared credentials, ephemeral tokens, or implicit trust boundaries, leading to identity ambiguity, weak attribution, and expanded attack surfaces. In short, the current IAM stack is misaligned with the fluid, autonomous nature of AI agents.

The need for a new identity stack

The rise of agentic AI systems introduces a new class of identities, autonomous, non-human actors such as AI agents, bots, and services, that operate independently, dynamically, and at scale. Unlike human identities, these entities can be created on demand, delegate tasks to other agents, and interact across multiple systems without direct oversight, posing challenges for attribution, control, and trust. For example, agents move faster than human oversight, and the ‘kill switch’ has moved from a button to an autonomous circuit breaker. Traditional identity models, built around static users and roles, are insufficient to govern this fluid ecosystem. As a result, there is a critical need for an evolved identity framework that can uniquely identify these actors, track their provenance, enforce fine-grained and contextual access, and continuously validate their behavior to ensure secure and accountable operations.

A look into the modern identity stack for agentic systems

  • Agent identity and provenance: Every AI agent must have a unique, verifiable identity tied to its origin, whether created by a human, system, or another agent. Provenance ensures traceability, enabling organizations to understand who initiated an action and under what authority. This establishes accountability and prevents anonymous or rogue agent behavior.

  • Ephemeral credentialing: Instead of long-lived credentials, agents should use short-lived, task-specific tokens that are automatically issued and revoked. This minimizes exposure in case of compromise and aligns access strictly with the duration and scope of a task. It enforces the zero-standing privilege (ZSP) principle.

  • Contextual Authorisation: Access decisions should be dynamic and based on real-time context, such as behavior, environment, and risk signals. Rather than static roles, permissions adapt continuously to the agent's actions and location, ensuring tighter, more relevant control.

  • Delegation and chain of trust: Agentic systems often involve multiple layers of delegation covering user communication to agent and agent communication with tools. A clear and enforceable chain of trust is required to track authority and limit how far and wide permissions can propagate, thereby preventing privilege escalation.

  • Identity threat detection and response (ITDR): Systems must continuously monitor agent actions, reassess risk, and adjust permissions in real time. For example, continuous verification now monitors semantic drift, in which an agent’s actions gradually deviate from its original intent or authorised purpose. It helps detect subtle misuse, compromised workflows, or manipulated prompts that may not trigger traditional security alerts. 

  • Observability and attribution: A robust audit trail is essential for capturing who performed which action, through which agent, and with which tools. This level of visibility ensures accountability, supports incident response, and builds trust in autonomous systems by making their actions transparent and explainable.

Identity as a real-time control plane in agentic systems

Identity will evolve into a real-time control plane for agentic systems, not just an access gateway. Key shifts will include:

  • Identity becomes behavioural as trust is continuously scored rather than statically assigned.
  • Agents become first-class principals, managed, governed, and audited like human users.
  • Policies must be adaptive as AI-driven policies evolve alongside threats and usage patterns.
  • Zero-trust becomes zero-standing privilege, in which access exists only for the duration of a verified task.
  • Identity integrates with execution frameworks as every tool call is authenticated, authorised, and logged.

Inference

The rise of agentic AI systems demands a fundamental rethink of identity. Static credentials and perimeter-based trust models are no longer sufficient. Agent identity management needs a shift from RBAC to ABAC. The new identity stack must be dynamic, contextual, and deeply integrated into the execution fabric of AI systems, ensuring that every action, whether initiated by a human or an autonomous agent, is verifiable, accountable, and secure by design.

The Computer Weekly Security Think Tank on AI identity

Read more on IT security