For the better part of two decades, identity has been the third rail of cybersecurity. Addressing identity is the project that every CISO knows is necessary, but few want to touch. It is messy, political and fraught with the turf wars of legacy infrastructure. HR leaders claim they are the source of truth because they hire the talent, but finance leaders claim they are the source of truth because they cut the checks. The security leader, who’s caught in the middle, often decides that fixing the firewalls or the SIEM is a safer bet than untangling the Gordian knot of user access.
The luxury of avoidance is gone. We are approaching a new era where artificial intelligence has evolved beyond a mere tool into an agent that acts on our behalf. With agentic AI, the fractured state of our identity infrastructure will become an existential vulnerability.
The Great Pivot from Malware to Impersonation
To understand why identity is the new perimeter, we must look at how the adversary has evolved. Years ago, the primary threat was malicious software — viruses and worms trying to breach our defenses. Today, the landscape has shifted entirely.
The modern adversary is a pragmatic business person. They have realized that reverse-engineering technology and hunting for zero-day vulnerabilities is expensive and time-consuming. It is far cheaper and infinitely more effective to simply steal a credential.
Current data suggests that over 80% of breaches now involve compromised identities.1 Attackers are living off the land, logging in with legitimate credentials and moving laterally through networks undetected. Simply put, they don’t need to break down the door if they already have a key.
This reality was already a crisis before the arrival of generative AI. Now, as we build a new foundation of AI agents on top of this shaky ground, we are compounding the risk.
If we do not solve for identity first, the AI revolution will crumble.
The Agentic Dilemma: The Source of Truth
The core challenge of agentic AI is agency itself. We are moving from chatbots that answer questions to autonomous agents that perform tasks such as buying software, updating code or transferring funds.
This challenge creates a profound problem of attribution. When an action happens within your network, who or what is responsible?
- Scenario: Imagine an AI agent, called Agent One, is assigned to an employee to manage their inbox. If Agent One deletes a critical, legal hold or authorizes a wire transfer, the audit trail becomes murky. Was it the human employee, the agent acting on a hallucination, or a threat actor who hijacked the agent?
- Identity gap: Most organizations today simply do not have the infrastructure to answer these questions. They lack a cryptographic root of trust for these nonhuman entities. If an agent is ephemeral, spun up for a task and then vanished, how do we maintain a history of its actions?
Without a robust identity framework, we cannot implement a true zero trust model for AI. We need agents to prove who they are, just as we require of our employees.
The Solution: AI-Native Identity Fabric
We cannot rip and replace the legacy identity systems of the past 30 years. The investment in Active Directory, HRIS systems and mainframes is too deep. Instead, we must abstract above them. We need to move from a fragmented, east-west view of identity silos to a unified, north-south control plane.
This concept is what an AI-Native Identity Fabric represents.
- Data plane: We ingest identity data from every source — HR Workday systems, contractor databases, IT directories and cloud IDPs — into a single, normalized layer.
- Intelligence layer: On top of this data, we apply AI to act as the observer. The scale of machine-to-machine interaction is too fast for humans, so we need AI to monitor AI.
- Automated governance: This fabric enables us to spot anomalies at machine speed. If an employee leaves the company, the system shouldn’t wait for a weekly batch process to revoke access. The AI, seeing the signal from HR, should instantaneously cut off the agentic access associated with that identity.
Defining Good in an Era of Chaos
For leaders staring down this transition, the path forward can feel paralyzing. The technology is moving faster than the standards bodies can keep up. However, paralysis is not a strategy.
We recently collaborated with a network of CISOs to develop a maturity model for this exact problem. The findings were stark, indicating 95% of organizations have not yet seriously considered how to map identity to AI agents.2
To avoid being part of that statistic, security leaders must take three immediate precautions:
- Inventory the invisible: You cannot protect what you cannot see. Do you know how many AI agents are currently operating in your environment?
- Establish delegated authority: You need to design fine-grained permissions for agents. Just because an agent manages your calendar does not mean it should have the authority to email the CEO. You need human-in-the-loop thresholds. For example, an agent might pay an $89 invoice automatically, but a $250 or $500 invoice requires human approval.
- Assess maturity: Use available guidance to baseline your current identity hygiene. If you are struggling to manage human access today, you are not ready to manage machine access tomorrow.
The Optimism of Necessity
There is a silver lining to this urgency. Because the risk is so high, the third rail is finally being touched. Boardrooms and investors now understand that identity is one of the foundational elements of trust in the AI economy.
We have a brief window to lay the groundwork. We won’t perfect it immediately, but we can avoid the worst-case scenarios. By treating identity as a data problem and leveraging AI to solve it, we can build an architecture that both withstands the future and empowers it.
To hear more from Carey Frey, tune into “The Kill Switch for AI Agents” episode of the Threat Vector podcast.
1“Stop Identity-Based Threats Today,” CrowdStrike, April 8, 2024.
2Evan Schuman, “Agentic AI already hinting at cybersecurity’s pending identity crisis,” CSO, December 23, 2025.
