As artificial intelligence continues to develop, Ping Identity, a digital identity security provider, has highlighted concerns around the deployment and governance of AI agents. Research commissioned by KuppingerCole Analysts examines potential vulnerabilities in enterprise identity systems as AI agents become more widely used.
The report, From AI Agents to Trusted Digital Workers, outlines limitations in identity frameworks that were originally designed for human users. As organisations integrate AI agents into production environments, attention extends from identity management to how these identities operate across systems and workflows. This increases the need for continuous operation within identity systems and highlights governance considerations.
The research notes that traditional identity models may not fully account for scenarios where AI agents combine legitimate permissions in ways that were not anticipated. These actions may interact with existing controls in complex environments. Factors such as delegation opacity and sub-agent creation add complexity, affecting auditability and accountability.
The risks are also reflected in external findings. Reports from IBM highlight challenges linked to access controls in AI systems, including issues such as data breaches and prompt injection attacks observed in some environments.
Despite these considerations, many organisations continue to focus identity and access management (IAM) approaches primarily on human users, which may affect readiness for AI-driven processes.
To address these challenges, KuppingerCole Analysts propose a governance framework for autonomous AI based on identity, policy-based authorisation, and extended zero trust principles. This approach is intended to support continuous authorisation and oversight at runtime, with the aim of maintaining control, accountability, and trust in dynamic environments.
Ping Identity has aligned its Identity for AI capabilities with these principles, offering runtime identity functions, policy-based authorisation, and governance controls intended to support the management of AI agents.
As organisations move from experimental to operational AI use, identity and access mechanisms are presented as relevant components for enabling secure and scalable AI execution. Ping Identity is positioned within broader industry developments in approaches to AI identity governance in enterprise environments.
