Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

AI agent identity is becoming a control plane problem for IAM teams


(@lalit)
Member Admin
Joined: 1 year ago
Posts: 164
Topic starter  

TL;DR: AI agents, MCP servers, and short-lived delegated access are now central to enterprise identity design, according to Descope’s FY25 review, alongside 300% growth in monthly active users and 1655% growth in total identities under management. The governance problem is no longer theoretical: identity controls built for stable users do not fit actors that acquire, use, and revoke access on demand.

NHIMG editorial — based on content published by Descope: FY25 year in review covering identity, AI agents, and platform growth

By the numbers:

Questions worth separating out

Q: How should security teams govern AI agents that use delegated access?

A: They should define agent access as task-scoped, time-bounded, and policy-enforced at every boundary where the agent can reach data or tools.

Q: Why do AI agents complicate existing IAM and NHI models?

A: AI agents complicate IAM and NHI models because they sit between human intent and machine execution.

Q: What breaks when MCP connections are granted too much trust?

A: What breaks is the policy boundary between the agent and the services it can reach.

Practitioner guidance

  • Map AI agent access as a distinct identity class Document which agent flows use short-lived tokens, which systems they may call, and which approvals or policy checks must exist before delegated execution begins.
  • Audit MCP trust boundaries end to end Review the full chain from agent client to MCP server to downstream service, and identify where policy enforcement actually occurs.
  • Tie every SSO and SCIM flow to lifecycle ownership Assign an owner, a revocation path, and a recertification checkpoint for each tenant admin and federation path.

What's in the full article

Descope's full review covers the operational detail this post intentionally leaves for the source:

  • The complete FY25 product timeline, including which identity capabilities shipped in each phase of the year.
  • Customer examples showing how different teams used customer SSO, SCIM, and agentic identity in production.
  • The analyst recognition details behind the Frost Radar placement and the criteria used for the NHI category.
  • The specific 2026 product directions the vendor says it is prioritising next.

👉 Read Descope’s FY25 year in review for identity, SSO, and AI agent governance →

AI agent identity is becoming a control plane problem for IAM teams?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
Share: