AI Agents Have an Identity Complex With Jeff Malnick
Summary
Jeff Malnick, VP of Engineering at 1Password, highlights the urgent need for robust AI agent identity solutions, as traditional OAuth flows and static permissions fail to address agents' dynamic reasoning capabilities. He explains that current systems often lead to 90-95% over-privileging, a risk amplified by agents' ability to request new permissions dynamically. 1Password proposes a framework of three agent identity models—delegated, bounded, and fully autonomous—each with local and remote variants. Securing local environments like laptops is particularly challenging, as file system access can expose clear-text secrets and recovery codes, enabling agents to bypass security. Malnick advocates against using bearer tokens and passwords for agents, instead recommending short-lived access tokens and dynamic, just-in-time authorization that pulls human intent through policy decision and enforcement points. He also emphasizes that credentials must never enter LLM context.
Key takeaway
For AI Security Engineers designing agentic systems, you must implement dynamic, just-in-time access controls, ensuring credentials never enter LLM context and utilizing short-lived access tokens. Prioritize building applications with granular scoping from the outset and consider proxy-based token injection to mitigate risks like prompt injection and over-privileging, especially for agents operating in less controlled local environments.
Key insights
AI agents' reasoning capabilities necessitate dynamic, just-in-time identity and authorization beyond traditional static permission models.
Principles
- Delegate permissions dynamically.
- Never put credentials in LLM context.
- Prioritize short-lived access tokens.
Method
1Password uses OS-level attestation via kernel audits and code signing to establish a chain of trust for local agent processes, enabling secure identification and policy application.
In practice
- Implement proxies for token injection.
- Build applications with domain-level scoping.
- Utilize Workload Identity Federation.
Topics
- AI Agent Security
- Agent Identity Management
- Dynamic Authorization
- Secrets Management
- Prompt Injection
- Workload Identity Federation
Best for: CTO, VP of Engineering/Data, Director of AI/ML, AI Security Engineer, AI Engineer, MLOps Engineer
Related on AIssential
Editorial summary, takeaway, and curation by AIssential. Original article published by AI Explained.