Latest news with #ProcyonInc
Forbes
3 days ago
- Business
- Forbes
The Role Of Human And Non-Human Identity In AI Agents
Suman Sharma is the cofounder and CTO of Procyon Inc. AI agents have become essential across industries—powering virtual assistants, automating workflows and enhancing decision making in fields such as healthcare and finance. Central to their functionality is the concept of "identity," which encompasses both non-human identity (NHI) for the agent itself and human identity for user-specific tasks. This dual framework ensures secure operations, personalized experiences and accountable interactions. NHI broadly applies to entities such as AI agents, bots and IoT devices, distinct from human credentials. I'll explore the critical role of identity in AI agents, the interplay between human and non-human identities, their relation to the broader NHI framework and their implications for technology, ethics and society. Why Identity Matters For AI Agents Identity in AI agents comprises a unique set of attributes—such as names, roles, behaviors, credentials or digital signatures—that distinguish one agent from another. It rests on two pillars: NHI for the agent's operations and human identity for user-specific tasks. AI agents often interact with sensitive systems such as cloud infrastructure, banking platforms or enterprise databases. A robust NHI, typically managed through API keys or cryptographic tokens, is essential to prevent unauthorized access and ensure secure operations. For example, an AI agent optimizing cloud costs might dynamically generate NHIs to provision resources. Without proper governance, this comes with risks of security breaches, privilege escalation or identity sprawl. A 2025 Accenture survey found that 78% of responding executives believed digital ecosystems needed to evolve to accommodate AI agents, underscoring the need for robust NHI management. Identity enables AI agents to deliver tailored, consistent user experiences. An agent's NHI defines its role, such as a customer service bot with a friendly tone or a technical tutor with precise responses, ensuring uniformity across interactions. When paired with human identity, such as user profiles, preferences or historical data, the agent personalizes tasks. For instance, a virtual assistant might recall a user's preferred travel destinations, dietary restrictions (e.g., vegan meals) or calendar habits, adapting responses to their unique needs. A well-defined NHI allows precise tracking of an AI agent's actions, forming the backbone of auditing and transparency. For example, an AI replacing an executive assistant uses its NHI to log decisions—such as scheduling meetings or sending emails—separately from the user, ensuring clarity in responsibility. This fosters trust, as users can verify that the agent's actions align with ethical norms and organizational policies. Human identity complements this by tying user-specific actions, including purchases or data queries, to an individual's account for accountability. This dual traceability is critical in regulated sectors such as finance or healthcare, where compliance with privacy laws requires clear attribution. Role Of Human And Non-Human Identity The identity framework for AI agents splits into two core components, each serving distinct yet complementary purposes: • NHI: Every AI agent requires an NHI—comprising credentials, unique IDs, digital certificates or defined roles—to function, be recognized and operate securely. For instance, an AI's NHI enables internal tasks such as analyzing data in a closed system, authenticating within a network or interacting with other agents. • Human Identity: Depending on the application, AI agents leverage human identity—such as OAuth tokens, usernames, passwords or account details—for external interactions. For example, an AI booking a flight uses a user's credentials to access a travel API, pulling payment information or frequent flyer miles for a tailored transaction. In contrast, internal tasks such as diagnostic analysis of a server may rely solely on NHI. This dual-identity model introduces complexities. Mishandled tokens or credentials can lead to security risks, potentially exposing sensitive data. Privacy concerns, such as compliance with GDPR or CCPA, necessitate careful handling of human identity. Managing both NHI and human identity requires robust systems, including secure storage, encryption and protocols such as OAuth 2.0, to prevent breaches, ensure trust and streamline operations. AI Agent Identity Vs. Non-Human Identity NHI is a broader framework that defines identities for non-human entities, including AI agents, bots, IoT devices and robotic systems, distinct from human credentials. The identity of AI agents relates to this concept in the following ways: • Role And Interaction: Both AI agent identity and NHI enable secure, effective operations. An AI assistant relies on its NHI for tasks such as querying databases or coordinating with other agents, while the NHI framework ensures all non-human entities interact safely within digital ecosystems. • Uniqueness: AI agents have engineered NHIs—such as credentials or API keys—mirroring how NHI assigns unique identifiers to all non-human entities, ensuring distinction, recognition and traceability across systems. • Scope: AI agent identity is a specific application of NHI, tailored for AI's roles in automation or decision support. In contrast, NHI spans a broader range, covering entities such as robots in manufacturing, sensors in smart homes or software processes in networks. • Design And Purpose: AI agent identity is human-designed and often paired with human identity for application-specific tasks, such as API access to cloud services or payment platforms. NHI applies to diverse entities, some of which may not require human identity. • Practicality: AI agent identity, combining NHI and human identity, addresses immediate needs in security, usability and personalization, making it practical and active in today's systems. Conclusion The integration of NHI and human identity in AI agents is pivotal for advancing functionality, security and ethical considerations in a rapidly evolving technological landscape. Robust NHI management mitigates risks like privilege escalation and identity sprawl, while embedding ethical guidelines ensures fairness, privacy and bias prevention. Simultaneously, secure handling of human identity through protocols like OAuth 2.0 fosters trusted, seamless user experiences. As NHI frameworks evolve toward standardized identity management, they will enhance interoperability across AI, IoT and robotics, shaping the future of connected systems. Looking ahead, the deepening interplay between human and non-human identities raises critical questions about autonomy, governance and societal roles, particularly as AI advances toward artificial general intelligence. These trends demand continuous innovation in security, ethics and policy to balance functionality with responsible integration—ensuring AI agents operate distinctly within human-designed roles while driving progress in a connected world. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Forbes
07-07-2025
- Business
- Forbes
The Biggest Access Control Challenge In AI: Multisource Data
Suman Sharma is the cofounder and CTO of Procyon Inc. Imagine a retail firm's AI spitting out a sales forecast for a regional manager, merging public market trends, open to all, with sensitive customer purchase histories, restricted to top execs. The result—a sleek projection—hides a messy problem: How does access control ensure users see only what they're allowed to when AI blends data from multiple sources? As AI fuels enterprise decisions in retail, finance and tech, this issue towers over security efforts. Access control, the practice of restricting data and systems to authorized users, buckles under AI's dynamic, data-hungry nature. I'll unpack the challenge, its stakes and solutions, urging action to secure enterprises without curbing innovation. The Challenge: Multisource Data And Access Control Access control shines in traditional setups: Managers view reports, developers tweak code and each is gated by defined permissions. AI disrupts this. Machine learning, generative models and real-time analytics pull from diverse enterprise sources: internal databases (sales logs, staff records), external feeds (market APIs, vendor stats) and live streams (web clicks, Internet of Things (IoT) sensors). An AI's output, like a forecast or risk score, fuses these, blurring their origins. Here's the snag: Enterprise users—analysts, managers, contractors—hold varied rights. A retail analyst can see market trends but not customer data. When AI mixes both into a prediction, how does access control block unauthorized bits? This multisource data clash, critical today, tests the limits of securing AI in enterprises. Why It's A Big Deal • Security Risk: AI outputs leaking restricted data—customer profiles, trade secrets—can spark breaches. A 2025 report found that 68% of firms faced AI-related data leaks, often due to weak access controls allowing unauthorized exposure of sensitive data blended with public sources. • Compliance Pressure: Rules like GDPR and CCPA demand data isolation. An AI blending open and restricted sources for an unprivileged user risks violations and hefty fines. • Trust Erosion: If staff or partners fear AI exposes sensitive info, confidence in systems—and the enterprise—tanks. Root Causes Several drivers make this tough: • Data Entanglement: AI, especially complex models, melds inputs inseparably. A risk score's roots—public stats or private logs—defy easy tracing. • Static Limits: Traditional access control often uses fixed rules, yet AI data shifts, such as new APIs or fresh streams, can outrun updates. • Coarse Scope: Permissions like 'view all forecasts' lack precision, missing fine control over specific data or AI outputs. • User Diversity: Thousands of users across roles query one AI, each with unique rights, defying tidy enforcement. Implications The fallout is real. A retail manager, seeing a forecast tied to restricted customer data, gains improper insight, even indirectly. Auditing this is brutal: how do you pinpoint an AI output's sources? In finance, a risk score mixing public trends and private accounts, shown to a junior analyst without full rights, could breach GDPR, costing millions. Worse, if employees or clients doubt access control's grip, trust fades, slowing AI adoption and enterprise growth. Consider a tech firm: An AI predicts server downtime using public usage stats (open to engineers) and proprietary code metrics (viewable by executives only). If access control slips, an engineer gets a tainted result, risking a leak. Across vast users and fluid data, this spirals. Solutions To Bridge The Gap Tackling this demands evolving access control for AI. Here are enterprise-ready fixes: Tag sources (e.g., "market: open," "customer: restricted") and track them through the AI pipeline. Systems flag or block outputs if restricted data is involved. • Pros: It catches unauthorized leaks and aids audits. • Cons: It needs metadata tools and could add processing load. • Example: In retail, an AI skips customer-based forecasts for an analyst without rights. Use flexible models like attribute-based access control (ABAC), adjusting permissions by context, such as user role, data sensitivity, query type and time. A manager gets predictions from approved sources only. • Pros: It adapts to AI's fluidity. • Cons: The setup can be complex, and a policy shift is needed. • Example: A finance AI gives a clerk market-based risk scores while blocking account-derived ones. Build AI to filter responses live, suppressing insights from unauthorized sources. Algorithms can mask restricted elements. • Pros: This is a direct, user-specific shield. • Cons: It can be hard to isolate in complex models. • Example: A tech firm's downtime prediction for an engineer omits proprietary metrics. Train separate AI models per user group, each fed only accessible data (e.g., an analyst's model uses public stats, not customer records). • Pros: This ensures a clean split with no leak risk. • Cons: It can be costly and high maintenance. • Example: A retail firm runs a 'manager' model and an 'analyst' model, siloed by rights. Log AI inputs and user outputs for compliance checks. Anomaly detection, perhaps AI-driven, flags odd access. • Pros: It builds trust. • Cons: The storage and analysis burden grows. • Example: Anomaly detection could catch a finance AI leaking private data to a clerk. Future Outlook Multisource AI data will surge with generative models, real-time feeds and cloud systems. The challenge swells—think merging web clicks and private profiles or fusing market data and client accounts. Enterprises need AI-savvy solutions, blending traditional methods, dynamic approaches and new tech. The clock's ticking. AI's reach grows, and so does this access control challenge. Enterprises, don't wait for a breach. Security teams, audit AI pipelines now: map data sources, test permissions, spot leaks. Developers, build lineage tracking and filters into models; start with pilot projects in retail or finance. Leaders, invest in dynamic access control like attribute-based access control (ABAC) and rethink policies to match AI's pace. Regulators and industry groups, unite to craft AI-specific standards by launching forums or task forces this year. Together, secure AI's potential: act boldly, and act now. Conclusion The biggest access control challenge in AI—managing outputs that blend multiple sources, some allowed, some not—dogs enterprises daily. Through data lineage, dynamic controls, output filters, tailored models and audits, we can adapt. Take action to close the gap. Can access control keep up with AI's surge? Your move ensures it will. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
