Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Agentic AI and the A2A economy: what IAM teams should watch


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 9079
Topic starter  

TL;DR: Agentic AI is shifting digital interactions from human-led workflows to AI-to-AI transactions, with machine and service identities now outnumbering human identities by 80-to-1 or more in large enterprises, according to Gathid. That makes intent, policy enforcement and auditability the new control points, because classic SEO and static governance do not hold up at machine speed.

NHIMG editorial — based on content published by Gathid: Agentic AI is arriving faster than governance, faster than marketing and faster than our language

By the numbers:

Questions worth separating out

Q: How should security teams govern AI agents that act across multiple systems?

A: Security teams should govern AI agents as explicit non-human identities with owned lifecycle records, scoped permissions and revocation paths.

Q: Why do AI agents create a different identity risk than ordinary automation?

A: AI agents create different risk because they do not just follow a predefined script.

Q: When should organisations treat agent intent as part of identity governance?

A: Organisations should treat agent intent as part of identity governance whenever the system can initiate actions, access data or coordinate with other services without human approval for each step.

Practitioner guidance

What's in the full article

Gathid's full article covers the operational detail this post intentionally leaves for the source:

  • How the article frames intent passports for agents that act on behalf of a principal
  • The way Gathid distinguishes ambient, task and chained agents in operational terms
  • The marketing-specific risk categories tied to financial, ethical and environmental exposure
  • The article's discussion of how brand governance changes when AI becomes the first touchpoint

👉 Read Gathid's analysis of agentic AI, identity and the A2A economy →

Agentic AI and the A2A economy: what IAM teams should watch?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 8508
 

Agentic AI is not just another automation layer, it is a new identity class with governance consequences. Once an agent can observe, decide and act with little human involvement, the enterprise is no longer managing a static workload or a simple service identity. The control problem expands from access assignment to delegated behaviour, runtime scope and revocation. Practitioners should treat this as a structural identity shift, not a tooling enhancement.

A few things that frame the scale:

  • Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation, according to AI Agents: The New Attack Surface.
  • Only 44% of organisations have implemented any policies to govern AI agents, even though 92% agree governing them is critical to enterprise security.

A question worth separating out:

Q: What breaks when agent controls are not tied to enforcement points?

A: When agent controls are not tied to enforcement points, the result is policy theater. The organisation may document constraints, but the agent can still act outside them because no code path, telemetry or revocation mechanism actually stops the behaviour. Governance becomes retrospective instead of preventive.

👉 Read our full editorial: Agentic AI is remaking marketing identity and governance



   
ReplyQuote
Share: