For decades, cybersecurity has been anchored to the simple premise of authenticating the human and we’ve built multi-factor authentication, zero trust frameworks and firewalls to deliver advanced protection to authorise access to users, employees and citizens.
AI agents have made it necessary to treat AI agents as identities that require governance and permissions, according to Entrust CEO Tony Ball who spoke on the ID Talk Podcast.
Traditional boundaries between software and actors are becoming blurred as the AI agent can autonomously navigate an enterprise network, accesses sensitive data, collaborate with another company’s agent.
Security architectures must evolve to authenticate the agent itself, tracking its lineage, its constraints, and its operational boundaries in real time according to “The Rise of Agentic AI – Infrastructure, Autonomy, and America’s Cyber Future” Report by Yam Atir.
Without clear identity governance, attackers can deploy fake agents or hijack legitimate agent identities to exploit inter-agent communication channels.
Just as a human employee isn’t given root access to every corporate server on day one, an AI agent must operate under strict least-privilege access controls. Emerging frameworks like Anthropic’s Model Context Protocol (MCP) and Google’s Agent2Agent (A2A) are starting to address how agents share context and capabilities. However, the industry must develop standard permission hierarchies that define exactly what data an agent can view, which APIs it can trigger, and when a hard “human-in-the-loop” override is legally and operationally required.
The report argues that we cannot govern what we cannot see. Policymakers are already calling on agencies like the White House Office of Science and Technology Policy, CISA, and NIST to mandate a National Registry of Agentic Systems deployed in critical sectors like finance, healthcare, and public infrastructure. Knowing which agents are active, what their levels of autonomy are, and who owns them is the foundational first step toward establishing institutional accountability.
Legacy security frameworks are breaking under the weight of machine-speed automation. Identity Week America 2026 is the premier forum addressing this exact paradigm shift. Join world-class CISOs, IAM experts, and security architects to discover the next-generation machine identity architectures, API-driven governance, and Zero Trust frameworks required to secure your enterprise in the headless, AI-first era.












