Delinea and StrongDM: what continuous authorisation changes for IAM

TL;DR: Standing privilege for AI agents and other non-human identities in hybrid environments is being targeted by a shift that ties privileged access management to just-in-time runtime authorisation, aiming to eliminate static credential models that cannot govern machine-speed access decisions reliably, especially where autonomous systems act across cloud and DevOps workflows, according to Delinea.

NHIMG editorial — based on content published by Delinea: Delinea completes StrongDM acquisition to secure AI agents with continuous identity authorization

By the numbers:

• 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, inappropriately sharing sensitive data, and revealing access credentials.

Questions worth separating out

Q: How should security teams implement just-in-time access for AI agents and machine identities?

A: Start by classifying the privileged actions, not just the identities, then require a runtime policy decision before each sensitive operation.

Q: When does standing privilege become unacceptable in modern IAM programmes?

A: Standing privilege becomes unacceptable when the identity can act faster than your review cycle, especially for workloads and AI agents that move across systems autonomously.

Q: What do teams get wrong about zero standing privilege?

A: Teams often treat zero standing privilege as a vaulting or credential-rotation problem, when the real issue is whether access can exist without being continuously reauthorised.

Practitioner guidance

• Map every standing privileged pathway Identify where human administrators, service accounts, and AI-driven workflows still retain persistent elevation.
• Separate access approval from action approval Define which tasks may be authorised at login and which must be rechecked at runtime.
• Extend governance to non-human identity action chains Review workflows where service accounts, tokens, or AI agents can call multiple tools in sequence.

What's in the full analysis

Delinea's full post covers the operational detail this analysis intentionally leaves for the source:

• How the combined platform is positioned across discovery, PAM, and runtime authorization in enterprise environments
• Vendor statements on how JIT authorization is intended to support AI-driven and hybrid infrastructure workflows
• Customer commentary and implementation context for moving toward zero standing privilege
• Product and platform framing around how the acquisition affects existing identity security operations

👉 Read Delinea's account of the StrongDM acquisition and runtime authorisation strategy →

Delinea and StrongDM: what continuous authorisation changes for IAM?

Explore further

View Full Forum →  |  NHI Foundation Course →