Agentic security: what identity teams need to fix first

TL;DR: As organisations deploy AI agents that act on behalf of users, the core security problem shifts to authenticated identity, delegated authority, and revocation, according to WorkOS. Data governance still matters, but agentic systems fail fastest when identity controls cannot define who the agent represents, what it may do, and when that authority ends.

NHIMG editorial — based on content published by WorkOS: Concentric AI vs WorkOS, comparing data governance with identity for agentic security

By the numbers:

• WorkOS supports transparent pricing starting at $125/month for up to 1M Monthly Active Users.

Questions worth separating out

Q: How should security teams govern AI agents that act on behalf of users?

A: Security teams should treat every agent as an identity relationship, not just a tool.

Q: Why do data protection controls not solve agentic security on their own?

A: Data controls reduce exposure after access exists, but they do not decide whether access should exist in the first place.

Q: What should organisations measure to know if agent access is actually controlled?

A: Measure whether delegated access is explicit, reviewable, and revocable across all connected systems.

Practitioner guidance

• Map every agent to an explicit identity relationship Record whether the agent acts as a user, under a service account, or through delegated impersonation.
• Scope agent sessions to the task, not the account Limit permissions by context, trigger, or time window so an agent cannot reuse a broad entitlement after the original purpose ends.
• Separate content controls from identity controls Use DSPM and data classification to reduce exposure, but do not treat them as substitutes for authentication and authorization.

What's in the full article

WorkOS's full article covers the operational detail this post intentionally leaves for the source:

• Implementation details for enterprise SSO, directory sync, and MFA across agent workflows
• Examples of fine-grained authorization rules for context-based agent access decisions
• Product-specific guidance for service account authentication and delegation controls
• Pricing and deployment details for teams evaluating the WorkOS platform at scale

👉 Read WorkOS's comparison of Concentric AI and agentic identity controls →

Agentic security: what identity teams need to fix first?

Explore further

View Full Forum →  |  NHI Foundation Course →