Logo
FrontierNews.ai

The Great AI Agent Identity Crisis: Why Security Just Became the Hottest Tech Battleground

AI agents are spreading rapidly through enterprises, but securing them is creating an entirely new category of urgent business problems. A November 2025 report by MIT Sloan School of Management and Boston Consulting Group found that 35 percent of surveyed businesses had already deployed AI agents, while another 44 percent planned to implement agentic AI soon. But as these autonomous systems gain access to sensitive data and critical systems, companies face a mounting challenge: how do you control who, and what, gets access to what information when AI agents are making decisions alongside humans ?

What Exactly Is Agentic AI, and Why Does It Need Special Security?

Agentic AI differs fundamentally from the generative AI systems most people know, like ChatGPT or Claude. "Agentic AI is AI that takes actions in the world," explained Phillip Isola, an associate professor in the Department of Electrical Engineering and Computer Science at MIT and a member of the Computer Science and Artificial Intelligence Laboratory. "These actions could be a physical action, like robotic manipulation, or a digital action, like booking a flight".

Most agentic systems today start with a foundation language model at their core, then wrap it with specific tools and access permissions tailored to the job. One agent might have access to a calculator and financial databases; another might control warehouse robots or manage customer service interactions. The problem is that as these agents proliferate, tracking who has access to what becomes exponentially more complex.

"Agentic AI is AI that takes actions in the world. These actions could be a physical action, like robotic manipulation, or a digital action, like booking a flight," said Phillip Isola.

Phillip Isola, Associate Professor, Department of Electrical Engineering and Computer Science, MIT

Why Is Identity Management Suddenly So Valuable?

The answer lies in a simple but urgent reality: whether people are using tools themselves or making AI assistants do things for them, companies still need to ensure only the right people and the right AI agents can access sensitive information. According to Okta, more than 91 percent of organizations are already using AI in their workflows, and many investors believe identity and access management services will become even more critical as AI agents become a standard part of the workforce.

This shift has created a windfall for companies positioned at the intersection of AI adoption and security. Okta, which provides identity verification and access control tools, reported revenues of 765 million dollars in its first quarter of 2026, up 11.2 percent year-over-year, driven significantly by demand from organizations deploying AI agents. The company's stock surged approximately 50 percent through early July 2026, making CEO Todd McKinnon a billionaire again after his fortune had declined during the 2022 tech selloff.

What Are the Real-World Security Challenges with AI Agents?

The security risks fall into several overlapping categories. First, there is the problem of verification and oversight. Because it is often very easy to get agents to do certain types of work, people may not put enough effort into verifying that the agents are actually doing the right thing. "With coding agents, you can 'vibe code' and just ask the agent to make code for you, so you don't have to do the hard work yourself," Isola noted. "There is a big risk that, because it is so easy, people will not put enough effort into verifying that it is doing the right thing. Bugs will be introduced, private data will get leaked, and this is already happening".

Second, there is the challenge of human error amplification. Even highly competent agents can make mistakes if humans give them vague instructions or fail to think through all the consequences. When humans are less involved in the decision-making process, they become more prone to making errors themselves.

Third, there is the risk of de-skilling. As organizations rely on agents to handle coding, math, and other technical work, employees may lose the ability to perform these tasks themselves, potentially before the technology is mature enough to fully automate them.

How Are Companies Managing AI Agent Access and Control?

Identity and access management platforms are becoming the critical infrastructure layer for agentic AI deployments. These systems help organizations:

  • Verify Identities: Confirm that both human users and AI agents are who they claim to be before granting access to systems or data.
  • Control Access Permissions: Define granular rules about which agents can access which systems, databases, or tools, and under what conditions.
  • Monitor and Audit Activity: Track what actions agents take, who authorized them, and whether those actions align with organizational policies.
  • Enforce Multi-Factor Authentication: Require additional verification steps to prevent unauthorized access, even if credentials are compromised.

"Okta is one of the leaders within the identity and access management market," said Shaul Eyal, managing director of equity research at TD Cowen. "This is probably one of the most mission critical categories of the broader cybersecurity arena".

"Okta is one of the leaders within the identity and access management market. This is probably one of the most mission critical categories of the broader cybersecurity arena," said Shaul Eyal.

Shaul Eyal, Managing Director of Equity Research, TD Cowen

Why Aren't Coding Agents and Other AI Tools Replacing Cybersecurity?

When Anthropic released its Mythos model in April 2026, some investors feared that advanced AI systems could eventually automate or obsolete entire categories of software, including cybersecurity tools. That concern has largely subsided, and analysts now see identity and access management as defensible against AI displacement.

The reasoning is straightforward: as more AI agents enter the workforce, the problem of controlling access becomes more complex, not less. "We definitely see cybersecurity as defensible against agentic AI displacement," noted Ellie Kearney, a cybersecurity analyst at Arete Research. "When we had the move from on-premises servers to cloud, first came cloud investment and then there was a lag before cyber investment. This time around, because of things like Mythos and Project Glass Wing, we think that the lag for cybersecurity investment will be much shorter and more coincidental".

"We definitely see cybersecurity as defensible against agentic AI displacement. When we had the move from on-premises servers to cloud, first came cloud investment and then there was a lag before cyber investment. This time around, we think that the lag for cybersecurity investment will be much shorter and more coincidental," said Ellie Kearney.

Ellie Kearney, Cybersecurity Analyst, Arete Research

What's the Bigger Picture for Agentic AI Development?

While identity and access management is solving immediate security challenges, researchers are grappling with deeper architectural questions about the future of agentic systems. Current AI agents are built on the foundation of large language models, which are trained primarily on text data. To create more powerful agents, researchers may need to incorporate video, physical forces, time series data, radar scans, and other data types that require fundamentally different model architectures.

"One obvious limitation is that, under the hood, these have the architecture of a language model and are trained on text data," Isola explained. "To make even more powerful AI agents, we might need to model videos, physical forces, time series, radar scans, and other modalities. We might need to have models with fundamentally different architectures that can handle continuous data, high-dimensional data, stochastic data, and so on".

Alternatively, extremely sophisticated language models might act as universal controllers, interfacing with sensors, actuators, and web APIs to understand and navigate the physical world. "Is the next wave of AI just going to be Claude with sensors, actuators, and tools, or is it going to be something built in a new way from the ground up? That's the big question a lot of people in AI are grappling with right now," Isola noted.

Regardless of which architectural path wins out, one thing is clear: as AI agents become more capable and more widely deployed, the infrastructure to control and secure them will only become more valuable. The current surge in identity and access management demand may be just the beginning of a much larger shift in how enterprises think about AI governance and control.