{"id":5854,"date":"2025-11-18T07:00:00","date_gmt":"2025-11-18T07:00:00","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=5854"},"modified":"2025-11-18T07:00:00","modified_gmt":"2025-11-18T07:00:00","slug":"rethinking-identity-for-the-ai-era-cisos-must-build-trust-at-machine-speed","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=5854","title":{"rendered":"Rethinking identity for the AI era: CISOs must build trust at machine speed"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

CISOs have a burgeoning identity crisis on their hands.<\/p>\n

According to Verizon\u2019s 2025 Data Breach Investigation Report<\/a>, cyber attackers have switched up their initial access vectors of choice<\/a>, with stolen credentials a leading cause of data breaches, triggering 22% of all intrusions and 88% of basic web application attacks. These findings followed Varonis researchers\u2019 conclusion that 57% of cyberattacks in 2024 started with compromised identities<\/a>.<\/p>\n

No matter the source of research, it is undeniable that many, if not most, significant cyber intrusions increasingly begin with an identity failure.<\/p>\n

These failures will likely get worse and more frequent \u2014 and at machine speed \u2014 as use of agentic AI<\/a> rises. This radical technology shift, in which AI agents increasingly act autonomously, impersonate humans, and make decisions faster than existing governance processes and practices can accommodate, will force cybersecurity leaders to overhaul how they monitor and manage identity systems in their organizations.<\/p>\n

Or as Jim Alkove<\/a>, CEO of Oleria and head of the SINET Identity Working Group<\/a>, recently wrote<\/a>: \u201cOur current frameworks, protocols, and operational processes for identity and access were never intended to handle the speed, scale, and complexity of AI.\u201d<\/p>\n

Experts say that CISOs must quickly revamp their approach to managing identity by going beyond login or access authorization, instead placing identity management at the core of their enterprises.<\/p>\n

The collapse of traditional identity models<\/h2>\n

Current identity and access models were built to grant access and authorization levels to human beings and not autonomous software, such as the proliferating number of AI agents. Experts say the human-centric identity models that hand out usernames, roles, and access levels will likely collapse when faced with thousands of autonomous agents making requests every second.<\/p>\n

\u201cWe are inviting something that simulates human behavior into our environment, and no one is thinking about how to authenticate and authorize this new individual,\u201d Ric Smith<\/a>, president of products and technology at Okta, tells CSO. \u201cThe analogous thing would be you just take a random person off the street, walk them into your building, and let them loose, because technically that\u2019s what people are doing as a result of developing LLMs or developing on LLMs.\u201d<\/p>\n

Worse, incorporating AI agents into existing identity models only adds a layer of complexity to identity environments that have already proved problematic, says Steve Stone<\/a>, SVP of threat discovery and response at SentinelOne.<\/p>\n

\u201cThe direction AI is taking is going to accelerate the already existing identity challenge,\u201d Stone tells CSO. \u201cSo we\u2019re going to take a problem that\u2019s currently fairly difficult and widespread and we\u2019re just going to really throw gas on that fire when it comes to AI.\u201d<\/p>\n

Compounding the problem are the typical interaction layers involved with AI, according to Stone. \u201cThere\u2019s a real machine identity problem because you\u2019re interacting with AI and those technologies often through APIs and other mechanisms,\u201d he says. \u201cThat identity piece is not just how you log into the machine; it is also how your machines are communicating with the machines.\u201d<\/p>\n

Not only that, but few organizations are equipped to deal with how quickly identity challenges will emerge. \u201cWe talk about intrusions now, and it used to be months into weeks and then it was weeks into days, and now we\u2019re really into hours<\/a>,\u201d Stone says. \u201cWhen we talk about AI agents, we\u2019re going to have to make decisions that impact companies in seconds. There is not going to be time to go through the incident response playbook.\u201d<\/p>\n

\u201cSuddenly, we have these tools now that can aggregate tens and hundreds of thousands of components of information,\u201d Pete Clay<\/a>, CISO of aerospace company Aireon and former CISO of Deloitte, tells CSO. \u201cIdentity was really designed just to make sure that you could see the Word document that I sent you. It was never designed to work at the speed and with the velocity that we\u2019re asking identity to work with in the AI era.\u201d<\/p>\n

Identity as a trust fabric<\/h2>\n

Most organizations currently rely on a welter of identity and access management systems for a variety of reasons. Some systems might be tied to a specific vendor\u2019s technology; some might be legacy systems from mergers or acquisitions; some might be in place due to legal or regulatory requirements.<\/p>\n

\u201cWhat happens even before we get to the agentic AI era is that identity today is actually in silos,\u201d Vijay Gajjala<\/a>, VP of product at identity security platform Oleria, tells CSO. \u201cYou have people who are still using on-prem identity, Active Directory, whatever. You also have people using cloud identity like Entra, Google Identity, and Okta. There isn\u2019t a single way to answer the question of who has access to what. This is itself a fundamental problem.\u201d<\/p>\n

That\u2019s why the SINET Identity Working Group \u2014 which includes a host of internet infrastructure and security pioneers, including Heather Adkins, VP of security engineering at Google; Jason Lee, former CISO of Zoom and Splunk; Michael Montoya, CTO at F5; and many others \u2014 lays out a vision for what it calls an AI Trust Fabric, an \u201cautonomous, self-healing system [that] depends entirely on trust.\u201d<\/p>\n

This fabric consists of robust identity and protocols, where every entity has a unique and proofed identity. The protocols that are part of this fabric \u201cmust cryptographically prove both the ownership of a token and the origin of the identity in a sound, verifiable manner.\u201d<\/p>\n

The group\u2019s vision involves dynamic access and authorization that does away with static bearer tokens that often prove to be a liability. At the same time, the group suggests that authorizations should be finely grained and configurable via APIs for least-privileged agent access to tools, systems, and data.<\/p>\n

Moreover, access should be configurable on the fly and should not be a simple yes or no, but instead should reflect a dynamic composition based on all relevant entities in the chain. Finally, the fabric should make delegations of access explicit when an AI agent acts on behalf of a human or another AI agent and be built on specific revocation and just-in-time access policies.<\/p>\n

In essence, \u201cWe don\u2019t want to give agents agency\u201d when it comes to identity, Carey Frey<\/a>, VP and CSO of TELUS and a SINET working group member, tells CSO.<\/p>\n

\u201cWe think of a human having access to something maybe for days, months, or years,\u201d he adds. \u201cBut these agents could literally come and go in seconds or hours, and then they might spawn sub-agents and be in a whole network of other agents all around the world, and they could go off and start doing things which humans may never be able to catch up with.\u201d<\/p>\n

Better identity management to address AI\u2019s known risks<\/h2>\n

An identity trust fabric could go a long way to preventing AI\u2019s known risks. According to the SINET group, better identity management could be a proactive risk mitigation against several emerging AI threats, including:<\/p>\n

CI\/CD pipeline vulnerabilities,<\/strong> which consist of malicious code injected in LLMs that could poison an AI from inception<\/p>\n

Prompt injection,<\/strong> where attackers craft subtle, malicious inputs to manipulate an AI agent\u2019s behavior<\/p>\n

AI takeover\/manipulation, <\/strong>which gives a threat actor control over an AI model\u2019s output or decision-making<\/p>\n

Data poisoning,<\/strong> where attackers deliberately inject corrupted or misleading data into an AI model\u2019s training dataset<\/p>\n

Model and training data disclosure, <\/strong>which is when attackers use carefully crafted prompts to trick AI agents into revealing sensitive information such as proprietary code, confidential business data, or personal information that the model was never meant to share<\/p>\n

Model extraction or IP theft, <\/strong>where attackers continuously query APIs to reconstruct model behavior, stealing IP or disclosing proprietary, sensitive training data<\/p>\n

Of all these threats, experts point to prompt injection as the most likely risk. \u201cWe do have the prompt injection problem,\u201d Ely Kahn<\/a>, chief product officer at SentinelOne, tells CSO. \u201cIt\u2019s extremely easy for an adversary to find some exposed web asset or resource, put a malicious prompt in it, and then wait for an AI system to read that malicious prompt.\u201d<\/p>\n

\u201cThen that AI system is tricked into starting to expose sensitive data,\u201d he adds. \u201cAnd I think we\u2019re on the precipice of where we\u2019re going to start seeing AI security-related attacks like prompt injections every week in the news headlines.\u201d<\/p>\n

How CISOs should prepare for the new identity era<\/h2>\n

The need for CISOs to implement improved identity systems or build something akin to an identity fabric will arrive quickly, although experts say it\u2019s critical to have fundamental cybersecurity hygiene measures in place before even thinking about tackling a more comprehensive identity program.<\/p>\n

\u201cThe analogy I use is if you don\u2019t have good hygiene, then anything new that you do would be bad,\u201d Oleria\u2019s Gajjala says. \u201cIf you don\u2019t have good body hygiene and all of a sudden you bought a thousand-dollar suit, that doesn\u2019t change the fact that you have bad hygiene.\u201d<\/p>\n

Once the security basics are in place, preparing for the coming AI identity challenges should be a deliberate process that is not to be rushed. \u201cYou literally have to start from ground zero and think about how I am granting access to the data that I care about and how I measure that, and then how do I automate that in a way that I stay on top of this problem all the time,\u201d Aireon\u2019s Clay says.<\/p>\n

As is always the case when introducing new security programs into the organization, CISOs should work with decision-makers to pave the way for changes. \u201cWhat we want CISOs to do is to work with their enterprises to say, we really need to have these solutions and put in place those security standards and models for identity and authentication before adopting new solutions,\u201d says Frey, of TELUS.<\/p>\n

Like any other major security effort, \u201cit always starts in the most boring and horrible place ever, which is governance,\u201d Clay says. \u201cYou have to really start to understand what I am trying to protect and how I am trying to protect it before you start building tools and processes and everything else. Then that governance process is: A user can do this, this administrator can do that, this person can do this.\u201d<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

CISOs have a burgeoning identity crisis on their hands. According to Verizon\u2019s 2025 Data Breach Investigation Report, cyber attackers have switched up their initial access vectors of choice, with stolen credentials a leading cause of data breaches, triggering 22% of all intrusions and 88% of basic web application attacks. These findings followed Varonis researchers\u2019 conclusion […]<\/p>\n","protected":false},"author":0,"featured_media":5845,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-5854","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/5854"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5854"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/5854\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/5845"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5854"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5854"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5854"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}