Notifications
Clear all
Topic starter
25/06/2026 10:43 pm
TL;DR: Agentic AI systems are being wired into enterprise workflows, but most still lack the encryption, authentication, auditability, and revocation controls needed to trust them as workload identities, according to Keyfactor. The governance assumption that AI can act safely without durable identity and controlled access collapses once agents can connect to tools, data, and other systems at runtime.
NHIMG editorial — based on content published by Keyfactor: The Next Security Frontier: Securing the Future of Agentic AI with Digital Trust
By the numbers:
- 96% of technology professionals identify AI agents as a growing security threat, and 66% believe this risk is immediate.
Questions worth separating out
Q: How should security teams govern agentic AI that can call enterprise tools?
A: Treat each agent as a workload identity with explicit authentication, scoped authorisation, and auditable sessions.
Q: Why do agentic AI systems complicate existing IAM and PAM controls?
A: They complicate IAM and PAM because they do not fit stable, human-paced review cycles.
Q: What breaks when AI agents are connected without strong digital trust?
A: What breaks is the ability to prove who the actor is, what it may do, and when that access should end.
Practitioner guidance
- Bind every agent to a durable workload identity Use certificate-based identity or equivalent machine identity controls so each agent is uniquely authenticated before it reaches tools, data, or external services.
- Scope MCP access to explicit task boundaries Define which enterprise applications, data sets, and downstream agents each agent may reach, and make those scopes part of the authorisation model rather than a post-review artifact.
- Instrument audit trails for tool-by-tool attribution Ensure SIEM and detection tooling can reconstruct which identity called which tool, at what point in the session, and with what resulting action.
What's in the full article
Keyfactor's full blog covers the operational detail this post intentionally leaves for the source:
- How the vendor frames certificate-based identity for AI agents across cloud services and enterprise apps
- The specific four-part security model the article names for securing AI agents in practice
- The role of MCP in connecting agentic systems to enterprise tools and what that means for trust
- The interview and education resources the vendor points readers to for implementation context
👉 Read Keyfactor's analysis of securing agentic AI with digital trust →
Agentic AI identity and machine trust: are your controls ready?
Explore further
25/06/2026 11:23 pm
Machine identity is the right governance lens for agentic AI, but only if teams stop treating agents like enhanced automation. Keyfactor’s framing is directionally correct because agents are not just scripts with better interfaces. Once they can decide, call tools, and act across systems, the enterprise must govern them as identities with durable proof, scope, and revocation. The practitioner conclusion is straightforward: AI governance and identity governance are converging on the same control problem.
A few things that frame the scale:
- 92% agree governing AI agents is critical to enterprise security, yet only 44% have implemented any policies to do so, according to AI Agents: The New Attack Surface report.
- Only 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, inappropriately sharing sensitive data, and revealing access credentials.
A question worth separating out:
Q: Who should own governance when autonomous agents sit inside business workflows?
A: Identity, security, and platform teams should share ownership, but the governance model must sit with the team that can enforce identity, scope, logging, and revocation across the workflow. If ownership is split without a clear control owner, agent behaviour will outrun accountability and no one will have a complete view of risk.
👉 Read our full editorial: Securing agentic AI with digital trust and machine identity
