Identity 7 identity security best practice for the Agentic AI era May 22, 2026 Share By Neal Goldman (Adobe Stock) COMMENTARY: AI and AI agents are everywhere, promising a new frontier of productivity. As a security practitioner, how much do our security processes need to change to protect our systems as AI agents come online? Not as much as we’d think. No matter how sophisticated the AI agent, from a security viewpoint, it’s executing the same actions as any human or other application attempting to access our systems. The agent needs to present credentials and have the correct permissions to perform its functions. Today, agents don't have their own unique identities. They proxy those of the applications and humans for whom they are working. [ SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here . ] With agent security, it’s important to realize that if an agent can do something to attack our systems, so can its human counterpart. Basic security principles don’t change; secure identities and manage least privilege. So, what’s different? AI agent deployments have three attributes that team need to adjust for their security planning: These features apply whether we use AI “coworkers” like Claude Code on a desktop or running AI workloads in autonomous agents in tools such as AWS Bedrock or Salesforce Agentforce: Agent unpredictability: While applications are coded with defined execution paths, AI agents, like humans, are unpredictable. Unlike traditional applications, with agents, we’re not just authorizing execution, we’re authorizing decision making. So, give a probabilistic AI tool the same prompt twice and it will likely return two different results. Agents’ execution paths are non-deterministic and are based on the probabilities in the models and training they have under the hood. We can think of deploying an AI agent today as akin to sending a 4-year-old with our credit card to the grocery store to pick up sugar. What’s the likelihood that that task gets executed 100% correctly with no unintended consequences? Default excessively privileged agent platforms: Agentic AI platforms, whether Anthropic Claude, Microsoft Copilot, or others, were designed to quickly bring functionality, leaving security as an afterthought. Agent platforms like Copilot have been bolted onto existing systems that were never designed to handle agents. By default, these platforms generally require admin rights or privileged access to other systems to function. None have granular permission controls to restrict what actions an agent can take, and many elevate privileges behind the scenes so the agent has greater privileges than the person creating the agent. As an example, in the AWS Bedrock agent platform, when we create a long-term API key, it also creates a separate AWS IAM user, assigns it a very privileged Bedrock IAM policy, and then creates an API key for that user. All of this happens behind the scenes when we click a button in the Bedrock UI. The shadow IT tools that we can install locally on end users’ machines, such as OpenClaw, Claude Code, or a locally installed MCP server, are even more dangerous in terms of accumulating unintended privileges. Here’s where it’s essential to have endpoint privilege management in place to restrict access to specific files and enforce a zero-standing privilege (ZSP) posture so that agents can’t accidentally execute unintended actions. Unlike humans, agents don't have the ability to respond to multi-factor authentication (MFA), a primary mechanism to protect against outside attacks. Nor can they make just-in-time requests for elevated privileges through privilege management tools. Moving forward, the platforms will need to improve their ability to offer separate privileges for agents from their human counterparts. This includes areas such as giving agents unique identities and adding auditing/forensic trails to log who authorized the agent and its context. We’ll also need to add support for OAuth and workload identity for short-lived tokens to improve security postures over time. Until that occurs, it’s essential that we focus on shoring up our least-privilege controls. Scale: Industry analysts have estimated that machine/non-human identities (NHIs) in the form of service accounts, and API credentials outnumber human accounts by 80:1. Looking at the speed of agent adoption, we expect the ratio to continue its brisk increase. So how can we protect our company from thousands of chaotic 4-year-olds running around our systems? Double down on efforts to manage the human and machine identities in the environment and ensure that we’ve implemented least privilege controls everywhere across our systems. Also, teams need to apply robust identity security and least privilege management best practices within the organization to reduce the risk that AI agents, in addition to human and other machine identities, expose systems to malicious or accidental attacks. Here are seven Agentic AI security best practices: Execute regular identity security risk assessments: Leverage tools that can clearly show what AI agents operate in our environment, including those that are operating as shadow IT. This analysis should put risks in clear context, including agent security posture, and potential escalation paths. Encrypt credentials: Put them in a secure vault, with automatic key rotation to make it harder to steal or reuse valid credentials. Restrict remote access to systems: Use leverage tooling that can perform automated credential injection from the company’s vaults to prevent adversary-in-the-middle attacks. Use workload identity to avoid long-lived tokens: Also use scoped permissions, whether OAuth-based or otherwise, to reduce the “blast radius” of stolen credentials. Limit permissions on endpoints with endpoint privilege management tools: Default permissions to “standard user” and set up policies that limit what local agents can do on those systems. Remove standing policies and replace them with JIT or time-limited policies and permissions. Implement IP allowlisting: This will reject AI agent requests coming from non-authorized locations. Log and audit all privileged behavior: Do this in all systems, whether that’s through tools such as session logs, shipping event logs to a SIEM, or using anomalous behavior analysis tools in the SOC. By adopting these multiple layers of defense across the infrastructure, we can effectively harden our identity security posture and reduce the blast radius of attacks by any identity: human, machine, or AI agent. Neal Goldman, principal product manager, BeyondTrust SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial. Neal Goldman Related Identity How identity became the new security battleground Craig Birch May 21, 2026 Exploits happen in minutes in the AI era – so 43 days to fully remediate just doesn’t cut it today. Identity 1Password and OpenAI collaborate on secure credential access for AI coding agents SC Staff May 20, 2026 The new 1Password Environments MCP Server for Codex establishes a secure runtime environment where secrets are mounted, utilized, and then discarded after use, requiring user authentication for each access. Identity New Mini Shai-Hulud attack targets npm ecosystem Steve Zurier May 20, 2026 Mini Shai-Hulud campaign hits 323 npm packages, GitHub Actions and VS Code tools. Related Events Cybercast IAM for MSSPs: Real-World Deployments On-Demand Event Cybercast Privilege risk is in the lifecycle: A CISO discussion on modernizing identity control On-Demand Event Cybercast The industrialization of identity compromise On-Demand Event Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Basic Authentication Biometrics Certificate-Based Authentication Challenge-Handshake Authentication Protocol (CHAP) Digest Authentication Digital Certificate Discretionary Access Control (DAC) You can skip this ad in 5 seconds