AI Agents: New "First-Class Identities" Challenge IAM

AI agents are rapidly being deployed in businesses, often with unchecked access to sensitive systems and data. This is creating significant security gaps in modern enterprises. Neil van Wyngaard of iOCO Automation & Cybersecurity says these AI agents are approving transactions and making autonomous decisions. He explains that traditional security models, built for humans, aren't designed to govern AI agents. These agents operate continuously, scale instantly, and can even spawn more agents. Currently, many AI agents have no controls, unlike the strict rules for human staff and vendors. There are also no industry regulations or standards for building or deploying them. This means agents can be given elevated permissions and access data they shouldn't. iOCO emphasizes that AI agents are now "first-class identities" and must be treated as non-human identities with clear ownership and controls. They need constant monitoring and auditing. Okta, an identity and access management service, is addressing these risks with its AI IAM and governance platform. Okta reports that 91% of organizations use AI agents, but 44% have no governance in place. This matters because without proper governance, organizations cannot confidently scale AI or mitigate risks.