07-05-2025
AI Agents In The Enterprise & Their Implications For Identity Security
Tarun Thakur is Cofounder and CEO of Veza.
getty
The rapid advancement of large language models (LLMs) and GenAI has ushered in a new era of technology. We see them embedded in every product, software product road map and industry analyst presentation. Now, the AI revolution is impacting automation, becoming an active participant in enterprise workflows. Agentic AI —AI systems that can function autonomously, make decisions, retrieve real-time data and execute complex actions across the enterprise environment—is driving this shift.
While these AI agents promise tremendous productivity gains, they also introduce significant identity security challenges that organizations must address proactively.
Understanding AI Agents: Key Characteristics
AI agents differ from traditional LLM-based chatbots like ChatGPT in several key ways. AI agents have:
• Goal-Driven Autonomy: AI agents pursue objectives independently, continuously adapting based on inputs and results at each stage.
• Real-World Connectivity: These agents will integrate with multiple enterprise systems—retrieving, processing and writing real-time data.
• Decision Making Capabilities: AI agents analyze data, apply logic and execute tasks without constant human oversight.
• Cross-Application Orchestration: Leveraging LLMs, they operate across multiple enterprise applications, blurring traditional application and system-specific security boundaries.
The Rise Of AI Agents In The Enterprise
Organizations are embedding agents into both customer-facing products and internal workforce-facing operations. We expect initial use cases to include:
• Software Development: Agents will generate, debug, optimize and potentially deploy code automatically.
• Marketing And Content Creation: They can draft content, run A/B testing, optimize campaigns and analyze audience engagement.
• Customer Support: Agentic AI will extend current chatbot capabilities with workflows to make customer account changes, order replacement parts, process refunds and upsell subscriptions.
• Supply Chain Management: Besides optimizing logistics and forecasting demand, agents will place orders with suppliers, check inventory and leverage voice interfaces to enable automated connections to vendors without deep technical infrastructures.
Nevertheless, initial missteps in early deployments of LLMs in the enterprise tend to remain embedded in memory. For example, Air Canada deployed a chatbot that mistakenly provided incorrect information about bereavement fares, leading to a customer dispute. The company tried to dispute the claim and avoid responsibility for the incorrect information that the chatbot provided, but it lost the case in court.
While this incident highlights the potential risks of such use, perhaps more damaging would be anyone who assumes the technology isn't ready for prime time. A common truism is that AI is currently the worst it will ever be. The AI future is coming, and AI agents will be a significant part of the enterprise landscape.
The Two Primary Flavors Of Enterprise AI Agents
In thinking more deeply about how agents will work, we should distinguish between two "flavors."
1. Enterprise-Managed AI Agents
These are typically top-down, organization-approved AI implementations that connect via APIs and service accounts to integrate seamlessly with enterprise workflows. Examples include Google Agents, which automate enterprise decision making across multiple applications, and Goldman Sachs' GS AI Assistant.
2. Employee-Managed AI Agents
Employees individually adopt these agents, often without explicit organizational approval. They typically operate within a user's browser session and leverage employee credentials for access. These agents can automate with systems that require interactive MFA, typically a barrier to most API-based authentication. Examples include OpenAI Operator and Anthropic's "Computer Use" mode, which employees can download and deploy on their company or personal computer.
Identity Security Challenges
Agentic AI brings into focus challenges for identity security—in different ways, depending on the flavor.
Challenges With Enterprise-Managed AI Agents
1. Complex Least Privilege Enforcement: Organizations will aspire and push to make agents as "general purpose" as possible rather than building up a set of fragmented tools. General-purpose AI agents will require broad permissions across systems, which makes defining "least privilege" difficult.
2. Separation Of Duties (SoD) Concerns: Similarly, when general-purpose agents have access to different roles for different purposes across applications, it can lead to potential compliance and security loopholes in SoD.
3. Dynamic Nature: The landscape and use cases for agents are changing quickly and are only expected to accelerate. As LLMs evolve and expand, defining static security policies becomes impractical and difficult to enforce.
Challenges With Employee-Managed AI Agents
1. Overpermissioning Risks: Employees may grant AI assistants excessive access for convenience. It's easier to grant access to essentially everything that I have as a member of the workforce. In the world of federated authentication, granting access to only an app or two is actually harder to do than giving access to everything.
2. Goal-Driven Behavior's Unintended Consequences: Simply setting a reasonable goal for an agent could take actions outside the intended parameters. How do you specify and validate the proper set of goals for an agent? For example, if an employee asked an agent to "maximize the chance of getting me promoted," might it decide to pursue strategies around highlighting the most significant failures of other likely candidates for the higher role?
3. Persistent Data Access: To effectively execute against longer-term goals, agents tend to retain and recall information over a longer term than simple queries of a chatbot. Enterprise data would likely persist and potentially be recalled in unexpected ways, raising legitimate data security concerns.
4. Audit And Compliance Complexity: Even today, organizations struggle to differentiate between humans and non-humans accessing different systems (the "NHI security" problem). With the adoption of agents, the issue of differentiation becomes much more difficult. When an auditor asks an organization to attest to the accuracy of an audit report showing "every AI agent that has touched customer data," what will the response be?
The good news is that the core issues in identity security in the world of agentic AI come back to the ones we've struggled with for years: Least privilege is the foundation. You need to understand what you have today to know where you want to go. Start small, learn quickly and iterate.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
