Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Black Hat dinner on agentic AI identity risk and what comes next


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 9924
Topic starter  

TL;DR: A private Black Hat USA dinner on August 4 will bring CISOs together to discuss how agentic AI is expanding the identity attack surface and what that means for security teams, according to AuthMind. The real issue is not AI adoption itself, but whether identity governance can cope with runtime decision-making and tool use.

NHIMG editorial — here’s why we think this discussion matters

By the numbers:

Questions worth separating out

Q: How should security teams govern AI agents that can choose tools at runtime?

A: Security teams should treat runtime tool choice as a governance boundary, not just an engineering detail.

Q: Why do AI agents complicate least privilege and access reviews?

A: AI agents complicate least privilege because their intent is not fixed at provisioning time.

Practitioner guidance

  • Map agent identities separately from human and workload identities Create a distinct inventory for AI agents, their tool connections, and the privileges they inherit.
  • Review every connector for delegated blast radius Document which data sources, APIs, and admin endpoints each agent can reach.
  • Add runtime approval boundaries for sensitive agent actions Require step-up controls when an agent attempts actions that change permissions, expose sensitive data, or trigger downstream automation.

What to expect at the briefing

AuthMind's full post covers the event details this analysis intentionally leaves for the source:

  • Dinner format, venue, and timing for the Black Hat USA private discussion.
  • The host and moderator details for the leadership conversation.
  • The reservation flow and seating constraints for the private room experience.
  • The stated focus of the evening on agentic AI, identity, and what comes next.

👉 Read AuthMind’s private dinner details on agentic AI identity at Black Hat USA →

Black Hat dinner on agentic AI identity risk and what comes next?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 9408
 

Agentic AI creates an identity category that existing IAM models do not fully describe. The problem is not simply that AI is accessing more systems, but that it can decide which systems to touch at runtime. That breaks the assumption that access can be fully understood at provisioning time, which is how most entitlement governance still works. Security leaders should treat agent identity as a separate governance object, not a special kind of service account.

A few things that frame the scale:

A question worth separating out:

Q: Who should be accountable when an AI agent overreaches its intended scope?

A: Accountability should sit with the team that owns the agent, the connectors it uses, and the policy that allowed the delegation. Shared responsibility is not enough if no one can explain the decision boundary, the review process, or the revocation path when the agent acts outside scope.

👉 Read our full editorial: Agentic AI identity dinner at Black Hat USA on August 4



   
ReplyQuote
Share: