Identiverse 2026 Recap: Identity Security For Agentic AI Dominates

2026-06-25 · Source: Featured Blogs - Forrester · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy, Robotics & Autonomous Systems · Depth: Advanced, short

Summary

Identiverse 2026 in Las Vegas highlighted the critical expansion of identity security to encompass nonhuman identities (NHIs) and AI agents, signaling a shift from static access control to real-time, action-based decisions. Ping Identity CEO Andre Durand emphasized this move towards "actions, not access." With 75-85% of organizations adopting AI agents, the conference addressed their autonomous, nondeterministic nature and the new security challenges they introduce. Key discussions focused on new discovery and governance methods, including context-aware and intent-aware approaches, and a preference for delegation over impersonation. New access policy decision frameworks are evolving beyond static ABAC/RBAC to dynamic, fine-grained authorization, even as AI agent authentication uses OAuth 2.1 OIDC tokens. Risk definition for AI agent actions, like fraudulent purchases, remains nascent, with organizations using in-house solutions. Integrating AI agent IAM into existing enterprise IAM meshes is crucial, with frameworks from Okta, Microsoft, and Ping Identity offering initial blueprints. Identity standards are still developing, awaiting broader commercial support.

Key takeaway

For AI Architects or Security Engineers tasked with securing AI agents, recognize that traditional IAM models are insufficient. You must prioritize implementing dynamic, context-aware authorization frameworks that support delegation, not impersonation, for AI agents. Integrate AI agent identity management into your existing enterprise IAM mesh using emerging blueprints from vendors like Okta, Microsoft, or Ping Identity to avoid technical debt and manage the financial and reputational risks posed by autonomous agent actions.

Key insights

Identity security must rapidly adapt to govern autonomous AI agents and nonhuman identities with real-time, context-aware decisions.

Principles

• Shift to "actions, not access."
• Use delegation, not impersonation.
• Prioritize dynamic, fine-grained authorization.

In practice

• Authenticate agents with OAuth 2.1 OIDC tokens.
• Explore Okta, Microsoft, Ping Identity frameworks.
• Develop in-house telemetry for AI agent risk.

Topics

• Identity Security
• AI Agents
• Nonhuman Identities
• IAM Mesh
• Dynamic Authorization
• Identity Standards

Best for: CTO, VP of Engineering/Data, AI Product Manager, AI Security Engineer, AI Architect, Director of AI/ML

Related on AIssential

• Enterprise identity was built for humans — not AI agents — Enterprise identity systems must evolve to explicitly manage AI agents, moving beyond human-centric security models.
• AI Agents Have an Identity Complex With Jeff Malnick — AI agents' reasoning capabilities necessitate dynamic, just-in-time identity and authorization beyond traditional static permission models.
• What is Agentic Security Runtime? Securing AI Agents — Agentic runtime security uses dynamic, session-bound credentials and user identity for secure AI agent interactions.
• The Identity Crisis of AI Agents: Why Autonomous Systems Need IAM Before They Need More… — AI agents require unique, verifiable identities and continuous trust evaluation to prevent an enterprise security crisis.
• Agentic Runtime Security Explained: Securing Non‑Human Identities — Agentic AI security demands dynamic, non-human identity management to prevent widespread vulnerabilities.
• Announcing The Forrester Wave™: Workforce Identity Security Platforms, Q2 2026 — Workforce identity security is evolving into a comprehensive control plane, integrating AI-driven intelligence and agentic AI support.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Featured Blogs - Forrester.