A new frontier: Identity stack evolves for agentic systems | Computer Weekly

A new frontier: Identity stack evolves for agentic systems | Computer Weekly

Briefly

"In the existing state, identity is human-centric. Today's identity and access management (IAM) systems were designed for a world dominated by human users and static applications. Identities are provisioned, authenticated, and authorised using models such as role-based access control (RBAC) and multifactor authentication (MFA), with decisions made at login time. Even with the evolution toward zero-trust, the core assumption remains largely unchanged: identities are known, bounded, and relatively stable."

"However, agentic AI systems break these assumptions. The transition to agentic systems has fundamentally altered the security landscape. We are no longer just securing "users"; we are securing a massive, autonomous web of non-human identities (NHIs) that move at machine speed. Autonomous agents dynamically invoke tools, access APIs, generate sub-agents, and operate across multiple domains without direct human intervention. These agents often use shared credentials, ephemeral tokens, or implicit trust boundaries, leading to identity ambiguity, weak attribution, and expanded attack surfaces."

"The rise of agentic AI systems introduces a new class of identities, autonomous, non-human actors such as AI agents, bots, and services, that operate independently, dynamically, and at scale. Unlike human identities, these entities can be created on demand, delegate tasks to other agents, and interact across multiple systems without direct oversight, posing challenges for attribution, control, and trust. For example, agents move faster than human oversight, and the 'kill switch' has moved from a button to an autonomous circuit breaker."

"Traditional identity models, built around static users and roles, are insufficient to govern this fluid ecosystem. As a result, there is a critical need for an evolved identity frame"