Axios Live: In a world of AI agents, safeguards for access and identity are key
Add Axios as your preferred source to
see more of our stories on Google.
Attendees gathered around the table for dinner. Photo: Denny Henry for Axios
WASHINGTON – Establishing control over what AI agents can access and what they can do is crucial as the bots become more commonplace, cybersecurity leaders said at an Axios Live Expert Voices roundtable this week.
Why it matters: AI agents' growing presence raises complex questions around identity, access and security, both for the organizations deploying them and the customers using them.
Axios' Sam Sabin moderated the April 21 roundtable discussion, which was sponsored by Okta.
Here are five takeaways from the conversation.
1. LLMs are driving the agentic journey in the payments industry, and customers view them "both as a force multiplier as well as a risk," Mastercard executive vice president of insights and intelligence Kaushik Gopal said.
- Establishing intent, consent and identity of agents are top of mind for its customers as agentic commerce takes over, he said.
2. "The role of any manager now is not just managing people, you're going to manage agents, and they are woefully unprepared on what that means to manage a bot which functions as an employee," said Rook9 CSO Anne Marie Zettlemoyer.
- "The majority of calls that I get are there's been a mandate for most of the boards and companies to adopt AI, so they have this rush to market. … But you have this clawback, this pause, of how do I make sure that what I am granting isn't just secure, but it's intended?"
3. "When it comes to identity, we believe that these AI agents are another workload," said Ellen Boehm, Keyfactor senior vice president of IoT and AI identity innovation. "They're a workload that's given permissions to do things … but you need to be in control of that and allow it to authenticate only into certain systems or into certain data."
- "You have to control that access. We don't have to reinvent those policies because we've done this in the enterprise for a while. It's just now we have an order of magnitude more in terms of volume, because these agents are maybe spun up and then they're discarded for some amount of time."
4. "That's the biggest challenge, I think, that there's so many people that think they understand AI, but they don't really understand under the covers what it's really doing," Illumio public sector chief technology officer Gary Barlet said.
- People are starting to appreciate the need for guardrails to ensure that AI accesses the right things, he said.
5. "We build harnesses around the agentics, so we're applying the governance structure, the framework for telling the agent what it can and cannot do," IBM senior partner and vice president Alice Fakir said.
- These harnesses also prevent agents' "alter egos," or an agent lurking within an agent, from coming out, because these frameworks limit what that agent can do, she said.
Content from the sponsor's remarks:
In his introductory remarks, Harish Peri, Okta senior vice president and general manager of AI security, said that the rise of AI agents has caused a "moment of rebirth" for the industry.
- "Essentially everything that we thought to be true about software … is all out the window," Peri said.
- "The issue is this: the thing on the other side of the interaction is no longer a program that was built by a human. It's a program that has a mind of its own. … It can make decisions about what tools to access, and in such a world, the role of identity and authorization has never been more important."
