AI agent identity assurance: what it means for IAM teams

TL;DR: AI agents are already operating inside enterprise workflows, but identity mapping alone leaves over-permissioned, long-lived credentials and weak approval controls in place, according to 1Kosmos. The real shift is from attribution to runtime assurance, where authentication, delegated authorization, and human oversight determine whether agents can act at all.

NHIMG editorial — based on content published by 1Kosmos: AI agent identity assurance and runtime trust

By the numbers:

• 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%).
• 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.
• Only 5.7% of organisations have full visibility into their service accounts.

Questions worth separating out

Q: How should security teams govern AI agents that act on behalf of users?

A: Security teams should govern AI agents with three layers of control: identity registration, delegated authorization, and runtime assurance.

Q: Why do AI agents create more risk than ordinary service accounts?

A: AI agents create more risk because they can select actions dynamically, chain tools, and continue operating without a human deciding each step.

Q: What breaks when identity mapping is treated as enough for AI governance?

A: What breaks is the assumption that knowing an agent’s owner means the organisation can trust the agent’s behaviour.

Practitioner guidance

• Separate agent inventory from agent authorisation Register AI agents as first-class identities, but do not grant production permissions until each agent has explicit delegated authority, an owner, and a defined approval path for sensitive actions.
• Require runtime step-up for high-impact actions Use backchannel approval, biometrics, or device-based verification when an agent attempts privileged changes, transaction execution, or cross-domain data release.
• Replace static trust with revocable proofs Bind each agent to cryptographic credentials that can be revoked quickly when behaviour changes, ownership changes, or the agent exceeds its intended scope.

What's in the full article

1Kosmos's full analysis covers the operational detail this post intentionally leaves for the source:

• How the platform registers AI agents as first-class identities with cryptographic identifiers and lifecycle management
• How delegated credentials bind an agent to a human principal for auditability and accountability
• How backchannel approval flows work when an agent reaches a risk threshold and no browser session is active
• How agent-to-agent authentication and proof of possession are handled across organisational boundaries

👉 Read 1Kosmos's analysis of AI agent identity assurance and runtime control →

AI agent identity assurance: what it means for IAM teams?

Explore further

View Full Forum →  |  NHI Foundation Course →