Customer identity is under pressure, and AI agents add to it

TL;DR: A survey of 416 CIAM decision makers found 82% reporting negative business impact from customer identity issues, while 87% still use password-based authentication and 88% are using or planning to use AI agents, according to Descope. The pattern shows CIAM shifting from a login problem to a governance problem that now spans customers, developers and agentic access.

NHIMG editorial — based on content published by Descope: Log In User Circle Descope Survey Shows 82% of Organizations Experience Negative Business Impact Due to Customer Identity Issues

By the numbers:

• 82% of survey respondents citing at least some negative business impact
• 87% of organizations use password-based authentication for their customer-facing applications
• 51% of organizations task developers with minimal to no authentication experience to build and manage CIAM

Questions worth separating out

Q: How should organisations govern customer identity when they also use AI agents?

A: They should govern AI agents as non-human identities with explicit data, action, and authorization boundaries.

Q: Why do workforce IAM tools often fail for customer identity?

A: Workforce IAM tools are usually built for employees, managed devices, and internal policy boundaries, not for high-scale customer journeys.

Q: What do security teams get wrong about password-based authentication?

A: They often treat passwords as a default identity strategy rather than a control with known friction, reuse, and recovery weaknesses.

Practitioner guidance

• Separate customer identity from workforce IAM Inventory every customer-facing application that still relies on workforce-auth patterns, then define a distinct CIAM control model for enrolment, recovery, step-up authentication, and authorization.
• Reduce password dependence on high-value journeys Map the login, recovery, and account change flows that create the most support friction or fraud exposure, then prioritise stronger methods where the business impact is highest.
• Assign explicit ownership for agentic identity Decide which teams own AI agent access, which data paths the agents may use, and how approval is recorded when an agent acts on behalf of a user or process.

What's in the full report

Descope's full survey report covers the operational detail this post intentionally leaves for the source:

• Breakdowns of the survey methodology and respondent profile so you can judge how much weight to place on the findings.
• The full split between password use, workforce IAM reuse, and open-source CIAM adoption across the sample.
• Additional detail on how AI agents and MCP servers are changing customer identity planning.
• The complete set of business impact measures, including support costs, launch delays, and onboarding friction.

👉 Read Descope's survey on customer identity, CIAM friction, and AI agents →

Customer identity is under pressure, and AI agents add to it?

Explore further

View Full Forum →  |  NHI Foundation Course →