Notifications
Clear all
Topic starter
03/06/2026 7:24 pm
TL;DR: Large-scale agentic AI adoption is pushing identity infrastructure into a control-plane role for both human and non-human identities, according to Curity, which also named Monica Enand as Chair of the Board. The market signal is clear: identity programmes now need to govern autonomous systems and NHI scale at the same time, not as separate problems.
NHIMG editorial — based on content published by Curity: identity market change and the appointment of Monica Enand as Chair of the Board
Questions worth separating out
Q: How should security teams govern agentic AI through identity controls?
A: Security teams should govern agentic AI as a runtime identity problem, not only an authentication problem.
Q: Why do human and non-human identity programmes need to converge?
A: They converge because the same enterprise systems now host people, service accounts, API keys, certificates, and AI-driven executors in one access fabric.
Q: What breaks when identity is treated as a login layer only?
A: When identity is treated as a login layer only, teams miss the fact that many high-risk decisions happen after authentication, inside delegated workflows and tool chains.
Practitioner guidance
- Re-map identity governance around runtime control Identify where your IAM, PAM, and NHI controls are still designed only for authentication events.
- Unify lifecycle ownership across identity types Assign a clear owner for each human account, service account, credential, and AI-driven executor.
- Test certification processes against fast-moving access Review whether your access review and recertification cadence can produce meaningful evidence for identities that operate for minutes or sessions rather than weeks.
What's in the full analysis
Curity's full article covers the strategic positioning and leadership context this post intentionally leaves for the source:
- Monica Enand's board-level background and why it matters for scaling identity platforms in a growth phase.
- Curity's own framing of identity as the control plane for agentic AI and autonomous systems.
- The company's market positioning around human and non-human identity scale across global rollouts.
- The leadership transition context that is omitted from this analyst summary but relevant to business readers.
👉 Read Curity's analysis of identity as the control plane for agentic AI →
Identity control planes for agentic AI: what this board move signals?
Explore further
03/06/2026 7:27 pm
Identity is becoming the control plane for agentic systems, not just the login layer. Curity’s framing reflects a broader shift in the market: autonomous and semi-autonomous systems now depend on identity decisions throughout execution, not only at authentication time. That creates pressure on governance models built around static entitlements and human-paced approval. Practitioners should treat identity as a runtime enforcement layer, not a perimeter service.
A few things that frame the scale:
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to Ultimate Guide to NHIs.
- 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures.
A question worth separating out:
Q: How do organisations know if identity architecture is ready for AI-driven access?
A: They know it is ready when it can govern both static entitlements and dynamic execution without losing traceability. Look for clear ownership, policy enforcement at runtime, and evidence that certification, offboarding, and escalation paths still work when the actor is an autonomous system rather than a person.
👉 Read our full editorial: Curity board change signals growing pressure on identity control planes
