<p>AI agents are proliferating across the enterprise, with use cases ranging from IT and security operations to legal and compliance tasks.</p>
<p>Omdia, a division of Informa TechTarget, <a target=”_blank” href=”https://research.esg-global.com/reportaction/515202205/Marketing” rel=”noopener”>published</a> the results of a survey of 400 security leaders that showed the state of identity security for AI agents. There has been a lot of noise about AI agent security in the marketplace, and the data provided clarity around the importance of building a strong foundation of identity security to enable AI adoption.</p>
<section class=”section main-article-chapter” data-menu-title=”Identity security and AI agents”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>Identity security and AI agents</h2>
<p>AI agents represent a dramatic expansion of the enterprise attack surface. There are multiple layers to any technology stack for AI agent security. For example, teams need AI security posture management to counter <a href=”https://www.techtarget.com/searchsecurity/tip/How-data-poisoning-attacks-work”>model poisoning</a> and <a href=”https://www.techtarget.com/searchsecurity/tip/Types-of-prompt-injection-attacks-and-how-they-work”>prompt injection attacks</a>, data security posture management to ensure the right data reaches the AI infrastructure, and data loss prevention and insider risk protection.</p>
<p>Any AI agent security strategy needs to be built on a solid identity security foundation for AI agents to deliver management, security and governance.</p>
<p>Identity teams have a unique perspective on AI agents. They already manage identity and access management (IAM) for human identities and <a href=”https://www.techtarget.com/searchsecurity/tip/CISOs-guide-to-nonhuman-identity-security”>nonhuman identities</a> (NHIs), and are now responsible for managing and securing AI agent identities. So, how can they build an effective program to manage those identities, too?</p>
</section>
<section class=”section main-article-chapter” data-menu-title=”AI agents: NHIs or something else?”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>AI agents: NHIs or something else?</h2>
<p>At first blush, an AI agent is another type of NHI, alongside service accounts, API keys and OAuth tokens. But dig deeper and they have significant differences.</p>
<p>NHIs are mostly deterministic — use input X, and consistently get output Y. And NHIs typically cannot make decisions and act. AI agents, on the other hand, are nondeterministic. Use input A, and you might get different outputs — B1, B2 or B3 — depending on the circumstances. AI agents work 24/7 and take whatever steps necessary — within some guardrails — to achieve their goals.</p>
<p>Omdia research found that a slight majority of identity leaders consider AI agents a distinct category of identity rather than another type of NHI, and I expect that perception will grow over time.</p>
</section>
<section class=”section main-article-chapter” data-menu-title=”AI agent proliferation”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>AI agent proliferation</h2>
<p>The research found that AI agents are being deployed in nearly every function across the enterprise with a <a href=”https://www.techtarget.com/searchenterpriseai/feature/Real-world-agentic-AI-examples-and-use-cases”>variety of use cases</a>, from supporting IT ops to streamlining sales and marketing. AI agents are being prioritized for deployment in the cloud, in SaaS environments and on endpoints.</p>
<p>Omdia asked identity security leaders how many distinct AI agent projects, workflows or deployments — each involving a multitude of agents — they were involved in. The answer was surprising: 22. The number of projects for midmarket companies (<1000 employees) was slightly lower (16). But that is still a hefty number of projects, and identity teams will need consistent management, governance and identity security policies and processes to support them.</p>
</section>
<section class=”section main-article-chapter” data-menu-title=”The AI agent identity imperative: Enabling AI agent adoption”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>The AI agent identity imperative: Enabling AI agent adoption</h2>
<p>Identity teams have frequently had the undeserved reputation of being “Team No” within their organizations. The perception is that IAM teams slow down projects due to compliance, governance and identity security concerns.</p>
<p>Identity teams now have an opportunity to be “Team Yes” and help accelerate AI agent p
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: