The New Identity Perimeter: Machines, Agents, and the Trust Problem
Identity security is entering a fundamentally new phase — one where protecting access is no longer just about people, but about the full ecosystem of entities, human and non-human, that touch enterprise data and systems. Delinea CPO Phil Calvin, in conversation with OWASP contributor Chris Hughes, frames this shift as the defining security challenge of the current era: the question is no longer simply “who is this person?” but “what entity is accessing my environment, and should it be trusted?”
For decades, identity and access management was human-centric — authenticate the right person, grant the right role, audit the right session. But machines, APIs, bots, and now AI agents have become digital actors in their own right: they authenticate, access sensitive data, execute workflows, and make decisions, often at speeds and scales that no human workforce can match. The identity model that worked for employee directories was never designed for this. The implicit assumption that identity equals person is now a dangerous architectural debt.
For every human identity in a modern enterprise, there may be dozens of machine identities — automatically created, rarely tracked, and frequently left behind when projects end or architectures change. Cloud-native environments, microservices, and CI/CD pipelines have turned this into an explosion of unmanaged credentials. Attackers have adapted accordingly: compromised machine credentials have become one of the most reliable initial access vectors in major breaches precisely because no one is watching them.
Agentic AI has accelerated this problem dramatically. Unlike prior-generation AI that produced text or recommendations, agentic systems give LLMs the ability to take real actions — logging into systems, calling APIs, executing workflows, and making decisions about data and security operations. Each agent carries credentials, tokens, and entitlements. Each is, in identity security terms, a non-human principal with real privileges. The velocity is what makes this dangerous: a single employee deploying an AI agent could unknowingly multiply their effective access tenfold, spawning a cluster of high-privilege entities operating semi-autonomously under their account.
Visibility remains the hardest unsolved problem. Most enterprises today cannot confidently answer how many non-human identities exist in their environment, what privileges those identities hold, which are tied to AI agents or automation frameworks, or where credentials are embedded in code or stored insecurely. Discovery — continuous, cross-environment inventory of every key, token, secret, and agent — is the mandatory first step before governance is even possible. You cannot right-size what you cannot see.
Governance of machine entitlements is uniquely difficult because, unlike humans, machines don’t push back against excessive access. Engineers over-provision credentials to ensure workflows don’t break, and those permissions persist indefinitely. As AI agents acquire greater autonomy, this over-privilege problem compounds. The corrective posture is least privilege enforced through automation: remove standing credentials, rotate secrets continuously, vault sensitive machine secrets, and integrate policy enforcement directly into deployment pipelines — not as a retrofit, but as a native control.
AI occupies a dual role in this threat landscape. On the offensive side, adversaries are already using AI to automate reconnaissance, craft convincing phishing campaigns, and exploit leaked credentials faster than human security teams can respond. On the defensive side, AI can enhance visibility into identity behavior, detect anomalous privilege patterns, and accelerate response. The practical implication is that defenders must use AI to govern AI — building intelligence into the identity security lifecycle itself, not just deploying it as a perimeter tool.
https://www.helpnetsecurity.com/2026/06/16/delinea-securing-machine-identities-and-agentic-ai/
My Perspective as an Agentic AI Expert
Calvin’s framing is directionally correct and overdue, but I’d argue it still understates the severity of what’s coming. The identity sprawl problem he describes with service accounts is a known, relatively static challenge. Agentic AI identity sprawl is qualitatively different — it’s dynamic. Agents spin up sub-agents, delegate tasks across tool chains, and accumulate context and credentials across sessions in ways that no PAM (Privileged Access Management) tool designed for human workflows was architected to handle.
The piece’s five-step framework (discover, classify, least privilege, automate, monitor) is sound hygiene, but it treats agentic identity as an extension of the existing machine identity problem. I’d push back on that. An agentic AI system operating inside an enterprise isn’t just another service account — it’s a decision-making principal that may legitimately need broad access to do its job, and the challenge is ensuring that breadth of access is contextually constrained and auditable in real time, not just provisioned conservatively at deployment.
From an AI governance standpoint — which is where ISO 42001 and the NIST AI RMF come in — what’s missing from this conversation is the accountability layer. Least privilege and credential rotation are necessary but not sufficient. Organizations also need to be able to answer: What decision did this agent make? On whose authority? With what information? And can that be audited after the fact? That’s not a PAM problem. That’s an AI governance problem. The two disciplines need to converge, and most enterprises are running them in completely separate silos with no shared control framework.
AI Vulnerability Scorecard: Discover Your AI Attack Surface Before Attackers Do
Your Shadow AI Problem Has a Name-And Now It Has a Score
Most AI Security Tools Won’t Pass an Audit. Here’s a 15-Minute Way to Find Out.
InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory | ISO 27k Chat bot | Comprehensive vCISO Services | ISMS Services | AIMS Services | Security Risk Assessment Services | Mergers and Acquisition Security
- The New Identity Perimeter: Machines, Agents, and the Trust Problem
- Securing the Agentic Enterprise: Where AI Autonomy Meets ISO 42001 and the EU AI Act
- Regulatory Relief Is Not Risk Relief: The EU AI Act Delay Trap
- Your AI Strategy Has a Debt Problem. Here Are the 13 Places It’s Hiding.
- GRC at Machine Speed: Four Anchors Reshaping Governance in the Cloud and AI Era
