International 
Politics 
Local 
Finance 
Sports 
Entertainment 
Lifestyle 
Technology 
Literature 
Science 
Health 
1 hour ago
2
Huzefa Olia is co-founder and COO of 1Kosmos, focused on digital identity and trust frameworks for AI systems.
getty
AI agents are starting to inherit the same trusted access paths once reserved for employees, administrators and enterprise applications. They can approve transactions, provision infrastructure, access sensitive records, interact with SaaS platforms and trigger operational workflows at machine speed. In many organizations, they are already doing so with limited oversight and weak identity controls.
This is creating a dangerous disconnect between how enterprises govern human identity and how autonomous systems actually operate. That’s why identity security is evolving from know your customer (KYC) and know your employee (KYE) toward a new category of risk: know your agent (KYA).
Long-lived API keys, overprivileged service accounts, weak runtime validation and fragmented ownership models are creating new forms of transaction risk that traditional authentication controls are not designed to address. The issue is no longer just verifying humans during onboarding or log-in. Organizations must now determine whether an autonomous system should be trusted to execute a specific transaction at a specific moment under a defined set of conditions.
KYC and KYE solve different problems.
While KYC focuses on establishing trust before granting external users access to accounts, services or transactions, KYE addresses a different challenge: continuously validating employees and contractors who already have access to enterprise systems.
This distinction matters because many modern attacks no longer target external account creation alone. Threat actors increasingly exploit internal trust relationships through social engineering, service desk impersonation, MFA reset requests and credential recovery workflows. In these situations, attackers are attempting to hijack legitimate accounts.
AI-assisted impersonation is accelerating the problem. Voice cloning, synthetic video, deepfake-assisted social engineering and AI-generated communications are making traditional identity verification methods less reliable, particularly in remote workflows where trust decisions rely heavily on human judgment. As a result, organizations are moving away from knowledge-based verification toward stronger identity assurance, device trust, cryptographic verification and continuous validation during sensitive actions.
AI agents change the nature of transaction risk.
Traditional automation followed relatively predictable rules, but AI agents can operate with varying degrees of autonomy, contextual decision-making and delegated authority. An AI-driven operations agent may provision cloud resources automatically. A procurement assistant may initiate purchasing workflows. A customer service agent may access sensitive records and execute transactions across integrated systems. Development agents may modify infrastructure or interact with CI/CD pipelines.
In many cases, these systems operate using the same identity infrastructure originally designed for applications and service accounts. That creates several security gaps:
1. Organizations often lack clear accountability for agent-driven actions. An action may appear to originate from a valid API credential or service account, but determining which agent initiated the request, who authorized it or whether the action aligned with policy can be difficult.
2. AI agents dramatically increase transaction velocity. A compromised account or overprivileged agent may execute actions at machine speed across multiple systems before human operators recognize abnormal behavior.
3. Many organizations are extending broad standing privileges to autonomous systems without implementing sufficient runtime validation or operational constraints. Long-lived credentials, excessive permissions and weak segmentation can give AI agents excessive operational authority.
This creates a new category of transaction security risk where the issue is not simply whether credentials are valid but whether the requested action itself should be allowed under current conditions.
Identity verification alone is no longer enough.
Many identity programs still focus heavily on MFA, passwordless access, biometrics and phishing-resistant authentication. But authentication alone does not adequately address autonomous transaction risk. An authenticated AI agent may be able to execute unauthorized actions, access unintended systems or operate outside the approved business scope. A compromised or socially engineered human account may do the same.
The security question is increasingly shifting from “Was the identity verified?” to “Should this transaction be allowed right now?” That distinction is becoming critical in environments where AI systems can operate independently to take action. It’s also forcing the need for stronger controls around transaction-level verification, authorization scope and runtime policy enforcement.
Practical security principles can help govern AI agents.
No single framework fully addresses AI agent governance today, but several practical security principles are emerging:
• Move away from long-lived API keys, static credentials and persistent standing privileges. AI agents should operate with time-bound, scoped credentials tied to specific tasks and operational boundaries.
• Tie every autonomous agent to a verified human owner or accountable business function. Organizations should always be able to determine who authorized an agent, what it is allowed to do and whether that authority is still valid.
• Implement runtime authorization for high-risk actions. Identity, permissions and policy should be validated continuously during execution, not just when credentials are initially issued.
• Require additional verification or human approval for sensitive transactions involving privileged access, financial operations, infrastructure changes or sensitive data movement.
• Apply governance controls across prompts, data access and operational scope to reduce excessive permissions and limit unintended agent behavior.
• Treat AI agents and nonhuman identities with the same rigor applied to privileged human accounts, including continuous monitoring, credential expiration and immediate revocation when owners or workflows change.
As AI agents become more deeply integrated into operational workflows, identity systems must be capable of addressing not only who or what is requesting access but also whether a specific action should be trusted at the exact moment it occurs. This shift toward runtime transaction validation will define the next phase of enterprise security.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
English (US)