AI agents are running hospital records and factory inspections. Enterprise IAM was never built for them.

2026-05-11 · Source: VentureBeat · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy, Robotics & Autonomous Systems · Depth: Advanced, medium

Summary

Enterprises are struggling to move agentic AI from pilot to production due to a fundamental trust gap, primarily concerning identity governance. While 85% of enterprises are piloting AI agents, only 5% have reached production, according to Cisco President Jeetu Patel. This gap stems from existing identity and access management (IAM) systems being designed for humans, making it difficult to inventory, scope, and revoke non-human agent identities at machine speed. Michael Dickman, SVP and GM of Cisco's Campus Networking business, emphasizes that trust must be a prerequisite, not an afterthought, for agent deployment. He highlights the network's unique ability to observe actual system-to-system communications, providing crucial behavioral data for enforcing agent policies and containing blast radii through microsegmentation. The challenge is architectural, requiring cross-functional alignment, production-ready IAM/PAM for agents, a platform approach to networking, hybrid architectures, and bulletproof trust in initial use cases.

Key takeaway

For CTOs and VPs of Engineering weighing agentic AI deployments, prioritize establishing robust identity governance and network-level enforcement mechanisms before scaling. Your existing IAM/PAM systems are likely insufficient for managing non-human identities at machine speed, creating significant security risks. Focus on building a trust architecture from day one, including microsegmentation and cross-domain visibility, to ensure defensible production deployments and accelerate future agent adoption.

Key insights

Identity governance, not model capability, is the primary barrier preventing agentic AI from moving from pilot to production.

Principles

• Trust is a prerequisite for agentic AI, not an afterthought.
• Network telemetry provides critical behavioral data for agent policy enforcement.
• Hybrid architectures balance AI intelligence with deterministic execution.

Method

Establish a formal pipeline from business intent to automated network policy enforcement, leveraging network-layer visibility and microsegmentation for agent identity governance and blast radius containment.

In practice

• Audit every agent identity in production, assigning human owners.
• Implement microsegmentation for agent-accessible systems.
• Unify network, security, and application telemetry into a shared data fabric.

Topics

• AI Agents
• Identity and Access Management
• Agent Identity Governance
• Microsegmentation
• Network Telemetry

Best for: CTO, VP of Engineering/Data, Executive, AI Architect, AI Security Engineer, Director of AI/ML

Related on AIssential

• Enterprise identity was built for humans — not AI agents — Enterprise identity systems must evolve to explicitly manage AI agents, moving beyond human-centric security models.
• Securing the Swarm: Governance, Attack Surfaces, and Zero-Trust Architectures in Multi-Agent AI Environments — Securing multi-agent AI demands a shift from internal model alignment to external cryptographic controls and zero-trust governance.
• 85% of enterprises are running AI agents. Only 5% trust them enough to ship. — Establishing a robust trust architecture is critical for scaling AI agent adoption from pilot to production in enterprises.
• Identity Is the New Perimeter: Managing AI Agents As Digital Actors — Identity-first security is crucial for managing autonomous AI agents in distributed digital infrastructures.
• The Identity Crisis of AI Agents: Why Autonomous Systems Need IAM Before They Need More… — AI agents require unique, verifiable identities and continuous trust evaluation to prevent an enterprise security crisis.
• Identity-first AI governance: Securing the agentic workforce — Autonomous AI agents require distinct, governed identities within enterprise IDPs to mitigate significant security and compliance risks.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by VentureBeat.