"AI agents are fundamentally different from both people and software, as they are delegated actors that rely on existing enterprise identities for their authority. This distinction highlights the need for a new approach to governance."
"The real question becomes: what authority is being delegated, by whom, under what conditions, for what purpose, and across what scope? This shift in focus is crucial for effective governance of AI agents."
"If the identity dark matter remains unobserved, then the agent inherits an already broken authority model, leading to amplified risks associated with hidden access and permissions."
AI agents represent a delegation gap in enterprise security, as they rely on existing identities for authority. Traditional identity and access management (IAM) focuses on access rather than the delegation of authority. Enterprises must first govern the identities that delegate authority to AI agents to ensure safe adoption. Fragmented human and machine identities contribute to an identity dark matter that increases risk. Addressing this gap is essential for managing the authority and risks associated with AI agents effectively.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]