AI agent identity and PAM controls: what teams need now

TL;DR: AI agents now access enterprise systems, retrieve data, write code, and execute workflows autonomously, which makes identity, privilege, and auditability the core controls, according to Keyfactor. The critical issue is not whether agents can act, but whether their access can be cryptographically verified, narrowly scoped, and governed before execution starts.

NHIMG editorial — based on content published by Keyfactor: Keyfactor + Delinea: Shortening the Leash on Your AI Agent

By the numbers:

• By 2030, CIOs expect that 0% of IT work will be done by humans without AI, 75% will be done by humans augmented with AI, and 25% will be done by AI alone, according to a July 2025 survey of over 700 CIOs by Gartner®.
• 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%).

Questions worth separating out

Q: How should security teams govern AI agents that need access to enterprise systems?

A: Treat AI agents as non-human identities and require a verifiable workload identity before any privileged action occurs.

Q: Why do AI agents complicate zero trust architecture?

A: Because zero trust assumes each access decision can be verified at the point of use, but agentic systems can make those decisions dynamically and repeatedly inside a session.

Q: What breaks when AI agents use static secrets or broad credentials?

A: Static secrets create a large blast radius because one compromised or overused credential can expose multiple systems, repositories, or data sets.

Practitioner guidance

• Bind agent runtime to cryptographic workload identity Issue a verifiable certificate to each agent instance before it can access internal services, SaaS platforms, or cloud APIs.
• Broker all external access through PAM Require agents to authenticate to a privileged access workflow before retrieving repository, infrastructure, or database credentials.
• Separate identity proof from privilege scope Do not let a valid certificate become a blank cheque for access.

What's in the full article

Keyfactor's full blog post covers the operational detail this post intentionally leaves for the source:

• How the certificate issuance and Istio integration are intended to work for containerised workloads.
• How the PAM-backed retrieval path is described for external systems such as repositories, cloud platforms, and SaaS applications.
• How policy-based credential scoping and audit logging are positioned in the example architecture.
• How the source article maps the control model to autonomous AI use cases in practice.

👉 Read Keyfactor's analysis of AI agent identity, certificates, and PAM →

AI agent identity and PAM controls: what teams need now?

Explore further

View Full Forum →  |  NHI Foundation Course →