TL;DR: At Gartner IAM Summit EMEA, analysts repeatedly framed authorization as the missing layer for AI agents, with 13% of banks and 16% of insurers already deploying agents and another 34% planning to within 12 months, according to Cerbos. The practical issue is no longer whether agentic AI exists, but whether identity teams can govern delegated runtime decisions without collapsing into brittle DIY logic.
NHIMG editorial — based on content published by Cerbos: Gartner IAM Summit EMEA and the case for agent authorization
By the numbers:
- 13% of banks and 16% of insurers have already deployed agents.
- More than 95% of identities use less than 3% of their granted cloud entitlements.
- Through 2028, over 50% of AI initiatives will halt due to unresolved agentic identity challenges.
Questions worth separating out
Q: How should teams govern AI agent tool calls in real time?
A: Teams should govern AI agent tool calls with a runtime authorization layer that evaluates the principal, action, resource, and context on every request.
Q: Why do AI agents expose gaps in existing IAM models?
A: AI agents expose gaps because they do not fit the assumption that access can be assigned once and then managed through periodic reviews.
Q: What do organisations get wrong about authorization for agents?
A: The most common mistake is treating agent authorization as a role design problem instead of a decision problem.
Practitioner guidance
- Map where runtime authorization happens today Inventory every place an access decision is made for human users, service accounts, APIs, and agent tool calls.
- Separate policy authoring from enforcement points Move toward a model where policy is written once and evaluated centrally, while enforcement can happen in gateways, application services, or MCP proxies.
- Use AI for policy analysis, not runtime decisions Apply AI to entitlement mining, policy suggestion, and access anomaly detection, but keep the final decision deterministic and auditable.
What's in the full article
Cerbos's full article covers the operational detail this post intentionally leaves for the source:
- How the AuthZEN request and response flow fits into a real PDP-to-PEP deployment.
- The MCP proxy pattern for agent tool calls and where enforcement sits in the chain.
- Practical examples of policy-as-code implementation across APIs, services, and agent integrations.
- The conference session context behind the interoperability discussion and author demo.
👉 Read Cerbos's analysis of authorization for AI agents and AuthZEN →
Agent authorization is the new IAM bottleneck for AI initiatives?
Explore further
Authorization has become the missing governance layer for AI agents, not a feature inside IAM. The summit’s repeated focus on externalized authorization shows that identity teams are being asked to govern runtime delegation, not just user entitlements. That shift matters because agents change the decision surface from static access to dynamic tool use, and the old IAM stack does not answer that question cleanly. Practitioner conclusion: treat authorization as its own control plane, not as an extension of roles and groups.
A few things that frame the scale:
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, which makes runtime authorization harder to govern cleanly across machine identities.
A question worth separating out:
Q: What should identity teams do before scaling agent deployments?
A: Identity teams should confirm that their authorization stack can support externalized policy decisions across APIs, applications, and proxies without custom rewrites. They also need a clear model for delegated authority, because agent governance fails quickly when nobody can trace who granted what scope. A deterministic enforcement path should be in place before rollout expands.
👉 Read our full editorial: Gartner’s IAM summit shows authorization is now the agentic bottleneck