Agent authorization is the new IAM bottleneck for AI initiatives

TL;DR: At Gartner IAM Summit EMEA, analysts repeatedly framed authorization as the missing layer for AI agents, with 13% of banks and 16% of insurers already deploying agents and another 34% planning to within 12 months, according to Cerbos. The practical issue is no longer whether agentic AI exists, but whether identity teams can govern delegated runtime decisions without collapsing into brittle DIY logic.

NHIMG editorial — based on content published by Cerbos: Gartner IAM Summit EMEA and the case for agent authorization

By the numbers:

• 13% of banks and 16% of insurers have already deployed agents.
• More than 95% of identities use less than 3% of their granted cloud entitlements.
• Through 2028, over 50% of AI initiatives will halt due to unresolved agentic identity challenges.

Questions worth separating out

Q: How should teams govern AI agent tool calls in real time?

A: Teams should govern AI agent tool calls with a runtime authorization layer that evaluates the principal, action, resource, and context on every request.

Q: Why do AI agents expose gaps in existing IAM models?

A: AI agents expose gaps because they do not fit the assumption that access can be assigned once and then managed through periodic reviews.

Q: What do organisations get wrong about authorization for agents?

A: The most common mistake is treating agent authorization as a role design problem instead of a decision problem.

Practitioner guidance

• Map where runtime authorization happens today Inventory every place an access decision is made for human users, service accounts, APIs, and agent tool calls.
• Separate policy authoring from enforcement points Move toward a model where policy is written once and evaluated centrally, while enforcement can happen in gateways, application services, or MCP proxies.
• Use AI for policy analysis, not runtime decisions Apply AI to entitlement mining, policy suggestion, and access anomaly detection, but keep the final decision deterministic and auditable.

What's in the full article

Cerbos's full article covers the operational detail this post intentionally leaves for the source:

• How the AuthZEN request and response flow fits into a real PDP-to-PEP deployment.
• The MCP proxy pattern for agent tool calls and where enforcement sits in the chain.
• Practical examples of policy-as-code implementation across APIs, services, and agent integrations.
• The conference session context behind the interoperability discussion and author demo.

👉 Read Cerbos's analysis of authorization for AI agents and AuthZEN →

Agent authorization is the new IAM bottleneck for AI initiatives?

Explore further

View Full Forum →  |  NHI Foundation Course →