After backing the amazing team at Apono, who keep disrupting the PAM market (see Francis Odum’s recent market report), at 33N we keep thinking deeply about the future of identity of agents.

As most industry experts know, the rise of autonomous AI agents marks a real shift in enterprise security. Non-human identities already outnumber humans by up to 80:1.

With that scale come new attack surfaces — agent compromise, flow manipulation, memory poisoning — layered on top of existing problems like identity sprawl, shadow AI and gaps in auditability.

The result: it’s getting harder for enterprises to bring these systems to production while still trusting their security posture.

The Expanding Risk Surface

AI agents are powerful, but risky. Enterprises are already flagging their ability to:

• Access privileged data

• Take unintended actions

• Share sensitive information

• Make decisions on unreliable data

And it’s not just theory. Deployed agents across enterprises have been caught accessing unauthorized systems, sharing sensitive data, downloading restricted content and even exposing credentials. This exposes enterprises to a dilemma, agent adoption is seen as a must to keep businesses on top of their game but as of now, this leads to exposure to many unintended risks.

This is one example of the many possible attack paths. The recent release of Agentic Browser also showed the frailty of many of these systems. A recent article on agentic risks by Unit 42 / Palo Alto Networks goes into more breadth and depth on the topic.

Where traditional IAM breaks

Most identity systems were designed for predictable humans, not dynamic, self-directed software. Role- Based Access Control (RBAC) and similar models are too static for agents that spin up, adapt, and disappear on demand. The result is predictable: agents end up over-permissioned (a security time bomb) or under- permissioned (blocking automation).

As teams rush to ship, they often cut corners—issuing broad credentials just to make things work. Add the diversity of agent types, delegation modes and environments, and the governance challenge becomes exponential. Credential sprawl, over-privilege and blurred audit trails follow quickly.

Redefining Identity for agents

Agent identities can’t just be API keys or service accounts anymore. They need to be first-class citizens in IAM: verifiable, auditable, and flexible. Two main models are emerging:

• User-Delegated Agents: Linked to a user’s context (OAuth-style) but with dynamic, time-bound permissions.

• Standalone Agents: Issued their own short-lived certificates and verified through zero-knowledge proofs. Frameworks like SPIFFE/SPIRE are a strong foundation for this.

Zero Trust as the New Baseline

Implicit trust won’t survive the agent era. Continuous verification has to be the default. A modern architecture should center on:

• Just-in-Time Access: Ephemeral, task-scoped permissions that vanish when work is done.

• Dynamic Access Control: Runtime, context-aware enforcement (PBAC over RBAC).

• Traceability: Agents cryptographically signing actions to ensure provenance.

• Intent-Based Authorization: Humans define goals, not every click — enforced via policy-as-code.

• Fast Revocation: Credentials must be pulled instantly when anomalies appear.

What’s Still Unsolved

Big questions remain. How do we govern intent instead of individual actions? Can identity scale to millions of agents without latency? Will standards emerge or will major vendors build their own silos? And what happens when agents operate through GUIs, bypassing traditional API-based security altogether?

The Takeaway

Agentic AI breaks the legacy IAM model. Securing this next wave means moving beyond static controls to identity systems that are cryptographically strong, zero-trust by design and capable of governing at machine speed and scale.

If you’re building in Agentic Identity and open to exchanging on what the future brings or exchange contacts in the identity industry, don’t hesitate to reach out. Let the winds keep blowing!

Upcoming Events for 33N 🤝

• Cyber IA, Paris, 3 Feb — Pedro

• Cloud Native Days, Paris, 3 Feb — Pedro

• Munich Cyber Security Conference, Munich, 12-13 Feb — Gonçalo B., Gonçalo S.

• Swiss Cybersecurity Days, Bern, 17-18 Feb — Christophe

• Mobile World Congress and 4YFN, Barcelona, 2-5 Mar — Margarida, Pedro

Reach out to meet us there!