A day in the life with AI-powered identity security: Securing your AI workforce

With all the headlines and noise about AI running rampant in the news and on our feeds, we want to anchor the AI discussion around the real and practical ways that AI can help your organization through its identity security challenges. The rapid proliferation of AI is creating historic levels of innovation, but it can also contribute towards growing security risks, especially in the realm of identity. In this interview series with identity security and AI experts, let’s discuss identity security issues many organizations experience on regular basis. We will also walk through the ways SailPoint’s offerings and the AI capabilities that power them can bring value and practical solutions to these common issues that many organizations of diverse sizes and industries experience today.

For our first installment of this series, we're focusing on securing the new AI workforce. Businesses are adopting AI at an exponential pace, usually without full awareness of business leaders. Employees are using new types of non-human identities like AI agents and machine accounts that do not have properly governed access, and they are working with unsanctioned AI tools that present high risks of data leakage. AI review boards are unable to review new tools at the pace needed to keep up with innovation. This new AI-forward environment introduces complex and growing risks, from ungoverned AI identities to the challenge of managing shadow AI.

I spoke with Bryan Kelley, AVP of Sales and Agentic Technology Specialists at SailPoint, about how organizations can build a security strategy that governs their entire set of AI identities and tools to bring the unsanctioned and ungoverned in line with safe and proper identity governance and policy.

HP: Let's start with the big picture. When we talk about "identity," we traditionally think of people, but today, non-human identities are growing exponentially. What exactly are these non-human identities, and why are they suddenly such a critical focus for security teams?

BK: Non-human identities are not new, but I think one of the things that makes these AI agents and non-human identities uniquely different is the fact that instead of hard coding exactly how to go do something, they have an LLM that helps them. It’s like a brain that understands what you are asking them to do. They choose how they will execute on tasks, so there's an element of uncertainty here that traditional software doesn’t have.

With the scale of agents and their awareness of the things that they have access to, it's a different ball game. An AI agent always knows all of its entitlements and knows exactly what they can do. So, their ability to know and discover their own capabilities is quite different than what a human would do. I might have access to hundreds of entitlements here at SailPoint, but there’s only a handful of them that I may regularly use. In contrast, think about agents that have access to hundreds of entitlements, with many of them being unnecessary or even dangerous for them to have access to. They will potentially use any or all of them to execute a task. AI agents are like security auditors with perfect memories. They will systematically probe and use every single permission it thinks it might need to access to achieve the goal, so over-provisioning becomes infinitely more dangerous with agents. To make the behavior of these agents more predictable, there must be strict controls on their access.

HP: How is the rise of AI changing the way identity security teams work across the business?

BK: When building AI agents, identity needs to be a proactive measure that is built into the software from the beginning. There is a big change where the identity folks have to be involved with development folks from the beginning. Historically, the model has been for builders to create an application, get it to a certain point, and then essentially 'toss it over the fence' to the security team to secure it. That old model is simply not going to work in this new world of non-deterministic, agentic AI, where the application's behavior can be unpredictable. I think the people who are building the AI agents need to know and understand more about identity than they may have ever needed to before. You must build identity and governance into the agent to begin with so that its behavior is originally designed in accordance with the company’s governance policy.

Figuring out this new approach is where running educational workshops for development teams becomes critical. Based on our experience, the greatest success comes from guiding security leaders and builders to rationalize architectures together. This partnership ensures they limit tech debt and remain interoperable, paving the way for agentic innovation.Oftentimes, the development folks don’t have the first idea how to build agents with this identity framework in mind, so we help lay out a framework to make sure these AI agents are built in a way that makes them able to be governed. The other evidence of changing team dynamics is AI councils themselves. They are cross-departmental teams that are coming together to help solve and figure this out. With these diverse councils coming together to figure out how to deploy AI safely, they generally do a good job making sure that new AI tools are safe, but often at the expense of speed. Our workshops also help empower these teams to move more quickly in the future once they know the right way to think about building and adopting AI.

HP: With the proliferation of AI, what are the most significant new problems or security risks that keep CISOs or Chief AI Officers up at night?

BK: There's an explosion of things that need to be governed and there's a huge, huge pressure to innovate – it’s a board-level issue. There's a massive AI budget. You can't get ROI from that until you get to production, but you’re also trying not to end up on the front page of the Wall Street Journal. There's a real tension there. For the board and security teams, there's the AI you know about and then there's the AI you don't know about. And so our approach, which is through our SailPoint Discovery Tool, helps with the unknown AI that employees might be using. Unknown becomes known and known AI can become governed. Then you have ungoverned agents that developers create internally, and finally, the classic challenge of data exposure, which is amplified by AI. CISOs, Chief AI officers, boards, and security teams really have no idea how much unknown AI there is until they use tools like ours to discover it. Once they shed light on what’s actually out there, it becomes possible to govern it.

HP: For the “shadow AI” problem you mentioned, how do you provide visibility and control over employees using unapproved AI tools without stifling innovation?

BK: The consumer world of AI will continue to be ahead with cool, interesting, exciting capabilities that are not appropriate for enterprise use yet. So, if you block people at the network level, you're sending them to personal devices. Our SailPoint Discovery Tool gives you the ability to see what you can't otherwise see but also organizationally influence behavior change. For example, when an employee tries to use an unsanctioned AI tool, the SailPoint Discovery Tool can guide the employee to an approved tool. Or maybe you want to allow them to use ChatGPT, but you want to block them from uploading files. It’s about really trying to give customers a level of control so that they can operate in the way that they deem fit.

HP: Let's dig into the “rogue agents” part of the equation. How can an organization bring proper governance and accountability to the AI agents it builds and manages internally?

BK: What makes agents truly unique and much harder to govern is the concept of inbound access. This idea refers to the humans and other machines or agents that can use internal resources. Many agents are there for people or machines to use, which is why agents cannot be governed in isolation, as you must also account for the inbound access. That is, the humans and other machines that can interact with and leverage the agent's permissions could inadvertently access resources that they should not have access to. This issue is precisely why agents cannot be governed in isolation. Any solution that only looks at one type of identity — only humans or non-humans — will completely miss this critical part of the equation. You need a unified control plane where all identities, human and non-human, are governed because their permissions are interrelated. People should not get access to things they couldn’t access before just because the agent they are using has higher permissions. Conversely, an agent might need to be restricted in what it can access and not have its access based on the human or non-human that is using it at a particular moment.

For builders, one of the things that's happened in the industry is people have moved from single agent architectures to multi-agent architectures. Instead of building a super-agent that has access to a bunch of stuff but is unreliable and unpredictable, builders took the tasks, broke them down, and constrained the access. Instead of one agent that can accomplish a lot of tasks but comes with more risk due to all it has access to, there's a bunch of smaller scoped agents working together, but each agent, because it's scoped down, is more reliable and more predictable in its behavior. Having many properly scoped and properly governed agents will help companies enable proper governance while also decreasing the blast radius of an agent taking unintended action.

HP: An AI agent can only function if it has access to data. Many people are worried about how a potentially autonomous agent might have free reign over a company’s data. How does securing the data itself fit into this identity-centric approach?

BK: If I'm certifying access for agents and making sure everything is the way that it should be, but I don't have the data context, what am I actually certifying? That feels like a pretty big gap. Our platform allows you to close that gap by bringing data context to your identity program. In the agent context, it's even more important. Agents have awareness of what they can access. A human might have access to something that's sensitive but not even realize it, so they won’t use that access. Even if I was aware of sensitive access, I still may choose not to use it because as a human, I have morals and values. Agents are fully aware of everything they have access to and will use that full access if they reason that they should in order to complete a task. They're working at 24/7 AI speed and can see everything they have access to, so if you are not including data context in your identity program across humans, agents, and machines, you are at risk.

HP: From a day-to-day perspective, how does a good AI governance solution practically make an admin's life and an enterprise better?

BK: For practitioners, think through discovery, visibility, governance, audit, and response. What are we doing to address each of these things? Can we do these things on a unified control plane? Because the more you can do on the same platform, the better. Our platform helps with all steps. The lowest common denominator is the identity. And so that's where it's kind of emerged as this really critical component of the process. It’s about changing the daily reality for security teams from being reactive and overwhelmed to being proactive and in control. For the enterprise, the practical business outcome is immense.You enable the business to adopt new AI technologies faster and safely, because security is now a partner in innovation, not a barrier to it.

HP: For an organization just starting this journey, what is a practical first step?

BK: As I mentioned, we have this process we’ve been guiding customers through: discovery, visibility, governance, audit, and response. First, you have to be able to discover your identities and your agents to get a foundation to work with. We recently released our free SailPoint Discovery Tool to help any organization discover all the agents in their environment for the first time. Once you know what agents are running around unchecked, you can then make progress on the rest. The next step is to be able to visualize the agents so you can see how they interact with the world around them. What do they have access to? Who has access to them? You need to be able to govern them and then ultimately when something does go wrong, determine how you respond. A lot of times, the first step is to quarantine the agent. You need enough control to disable or pause the agent right away if necessary. But it's not just about turning off the agent, it's also about taking away the things that it has access to so that you can then do the investigation and find out what happened. You can deprovision the access that it has to other things through a workflow as well.

Ultimately, you need that foundation of knowing what AI is in your environment so that you can govern it accordingly and respond quickly if something goes wrong. If a breach happens and you don’t know how it started, then you’re in a mad scramble, and you might end up in the news as a cautionary tale. The SailPoint Agentic Fabric helps customers every step of the way through AI agent discovery, visibility, governance, and response to decrease the chances your organization ends up as front-page news.

HP: If an organization takes this approach, will it move slower with AI innovation because of all these new safety measures?

BK: No, I would argue that if you think about the millions or tens of millions or even hundreds of millions of dollars that companies have put into their AI budgets, if they cannot govern the AI, they cannot take them to production safely. If you can't get things to production, you can't get the ROI. So, I would argue that the ROI of SailPoint Agentic Fabric is the ability to get your agents to production safely. The pressure the business is under to get to production safely is at the point where CISOs don't feel like they can say ‘no’ anymore. 'No' is not an acceptable answer. Our platform with the Agentic Fabric helps CISOs get to a safe ‘yes’ faster.

HP: Finally, what's the key takeaway for a business leader who wants to innovate with AI while staying secure?

BK: The biggest mistake is trying to secure your human and non-human workforces in separate silos. Point solutions create inefficiencies and security gaps. The more organizations can consolidate on a unified control plane, the better for them. And they also need every platform that they use to be interoperable for a manageable and comprehensive experience. With SailPoint Identity Security Cloud and Agentic Fabric, you can govern your humans, your AI agents, and your machines, with data context on a unified control plane. We believe that we can provide that complete governance of all identities for our customers.

Set up identity governance for your AI workforce

Securing the modern enterprise requires acknowledging that AI agents are a fundamentally new type of identity, complete with unique risks stemming from their autonomy and awareness. The biggest mistake an organization can make is to manage AI and machine identities in a separate silo from their human counterparts. Instead, a unified control plane is essential for governing all identities together, a journey that begins with complete visibility into every agent and tool, including shadow AI. This holistic approach is not a barrier to progress. By providing the guardrails to deploy AI safely, strong identity governance becomes an accelerator, unlocking the full ROI of a business's AI investments.

Ready to secure your AI workforce? Try the SailPoint Discovery Tool for free to start finding all the agents that might already be operating within your organization. See how SailPoint Identity Security Cloud and SailPoint Agentic Fabric can help you govern your entire fleet of human and non-human identities from a single, unified platform