Welcome to the second installment in “A Walk in the Park,” a new short video series that explores the forces reshaping the future of digital trust. Over the next five weeks, we’ll take conversations out of the conference room and into the open air as our experts unpack some of the biggest challenges facing security leaders today.
We’ve spent years getting good at identity for people. Badges. Logins. MFA. The whole nine yards. But now there’s a new population of identities showing up across the enterprise. AI agents. And they’re arriving fast.
Here’s the part people get wrong. It’s not that we don’t have the technology to secure them. It’s that ownership just isn’t clear. The business is racing to adopt agents, and identity and security are playing catch-up. So when an agent goes live, who’s actually accountable for how it proves who it is? IAM? Security? Some brand-new AI team? At most companies right now, the honest answer is a shrug.
That’s the AI identity problem. Let me be direct about it.
▶️ Watch the episode: Ryan and I get into the Identity Problem Nobody Owns in this episode of A Walk in the Park. The video is a hot take. Keep reading below to dive deeper into what I think every security and AI leader needs to know.
What identity means for an agent
We almost always talk about identity in terms of humans (and even machines), but there’s a new player in the mix, and they don’t play by the rules.
We’ve quickly excelled beyond generative AI into the world of agentic AI. Software that we hand the keys to. Businesses are beginning to give it access to multiple systems, then let it think and make decisions on its own.
Sit with that for a second. We are giving software the ability to take action across our environment, on our behalf. The only responsible way to allow that is to give it a trusted identity.
Where most teams go wrong
Here’s what I see almost everywhere.
Teams take the identity models we’ve used for humans and machines, and they try to bolt them onto AI agents. So they reach for what worked before. Delegated credentials. API keys. Tokens.
That’s where it breaks.
A static credential is possession-based. Whoever holds the secret gets in. Full stop. That’s fine right up until an agent, or an attacker who lifted that key out of a config file, uses it to reach data it was never meant to touch.
Now picture that at machine speed, across dozens of systems. “Whoever holds the secret” is a risky way to decide trust.
This is a new kind of identity crisis. Static secrets don’t give you accountability. They don’t give you security. They get copied, shared, and stolen, and afterward, you often can’t even prove who did what without deep forensics.
What we need instead is identity that’s dynamic, verifiable, and cryptographically derived. Identity you can issue, renew, and revoke the second something looks off.
The part I find validating
When the people writing the guidance on AI agents land on a proven, trusted technology, it’s a good sign for security teams.
Anthropic’s recent Zero Trust framework for AI agents is blunt about it. Give every agent a unique, cryptographically rooted identity. Not a label. A real one. Treat static API keys as already compromised, because they’re among the first things an AI-assisted attacker goes looking for. Issue short-lived tokens. At scale, authenticate agents with X.509 certificates and mutual TLS. Sign your components so nobody can tamper with them between source and runtime.
Read that list again. That’s PKI. That’s certificate-based identity.
It’s the same cryptographic trust model we’ve run at machine scale for years. It’s just pointed at a new and very hungry consumer now. The frameworks have caught up to what the cryptography world already knew. You don’t secure autonomous software with a password in a text file. You secure it with a verifiable identity. The same strong, auditable identity we already give people and devices.
So who owns it?
Here’s the uncomfortable part. And the reason this episode has the name it does.
The barrier to shipping an agent has dropped to almost nothing. A developer can spin one up, wire it into systems with their own credentials, and have it running by lunch. Great for moving fast. Rough for governance.
And these agents don’t fit our old boxes. They’re not human identities attached to a manager. They’re not infrastructure attached to a system owner. They land in a gap that most identity programs don’t have a workflow for yet.
So ownership gets fragmented. Recent industry research bears this out. In one 2026 survey of security leaders, responsibility for agent identity was split across security teams, IT, and brand-new AI functions, with no clear accountability, and only about a quarter of organizations had a formal strategy for it at all. Adoption is sprinting. Governance is speed-walking at best.
You don’t fix that with a tool. You fix it by deciding who owns it. Get the AI builders in the same room as the identity and security teams. Create ownership and structure. Then put a strong foundation of trust beneath it. That’s what lets you actually get the value out of AI agents, instead of quietly stacking up risk every time one ships.
Where to start
Before your next agent goes live, ask one question. How does this thing prove who it is, and who can revoke it?
If the answer is “an API key” or “not sure,” you’ve found your work.
Give your agents real, cryptographically verifiable identities. Then give the problem an owner.
Agentic AI is going to be enormous. But it only works if there’s a Trust Infrastructure underneath it strong enough to hold the weight.
Next up in our A Walk in the Park series: Join Ted Shorter, Chief Technology Officer at Keyfactor, to understand the shift in TLS lifespans and why your uptime depends on it. Meet you on the next walk.