Identity teams are buried in compliance on legacy IGA platforms and can't keep pace with growing infrastructure - the introduction of AI agents adds another order of complexity. If you've been in identity management for any length of time, you know exactly what I'm talking about.

Last week, I participated in the RSAC Innovation Showcase "Who Watches the Agents? Securing Identity for AI Systems," hosted by Jenny Brock, Senior Manager, RSAC Programs, which brought together Kirk Manoogian from YL Ventures, Frank Kim from SANS Institute, and Matan Lamdan from Striker Venture Partners, to discuss a problem that's getting harder to ignore.

AI agents are moving at machine speed while governance is still stuck in manual-approval-land. But here's what struck me most about the conversation: everyone kept circling back to the same point: visibility isn't the problem. CISOs already know agents exist.

The real pain is operational. Identity teams are drowning in access requests that take days to process, access reviews that devolve into rubber-stamping marathons, and audit prep that ties up 10 people for 2 weeks just to produce an Excel file.

Now multiply that workload by thousands of AI agents spinning up and down dynamically.

How AI agents break traditional access request workflows

Identity teams are already overwhelmed, and we haven't even reached full agent deployment yet.

Matan Lamdan put it plainly, "Executives are so eager to capitalize on AI and agentic workflows that adoption is fast and widespread, often before security teams can put in infrastructure to guardrail these agents."

That's the tension. The business wants agents deployed yesterday. Meanwhile, identity teams are still manually processing last week's access requests. The typical workflow: submit a ticket, route through multiple approvers, wait for provisioning, hope someone remembers to deprovision later. Days or weeks for something that should take minutes.

JML processes compound this. When employees change roles, organizations accumulate permission bloat because revoking access is risky and time-consuming. Now throw AI agents into this mess.

A marketing employee's four agents need access to CRM data, social media APIs, content platforms, analytics tools. When that employee moves roles, what happens to the agents? Legacy IGA platforms handle this with rigid workflows and manual tickets - fine for 50 people a quarter, broken for thousands of agent identities that exist for minutes or hours.

Why access reviews turn into rubber-stamping exercises

If operations are painful, compliance is where identity teams go to die.

Access reviews: every quarter or year, managers get spreadsheets with hundreds or thousands of entitlements to review. Research from the Ponemon Institute shows 55% of insider incidents stem from employee negligence - often because access reviews failed to catch inappropriate permissions. The theory sounds good. The reality? Rubber stamping.

Based on my experience, customers don't care about the visibility problem. It takes 10 people 2 weeks to create the Excel file for the audit. They care about efficiency and compliance.

That Excel file. Export data from multiple systems. Manually reconcile inconsistencies. Create spreadsheets. Present to auditors. Field follow-up questions requiring another week. None of this makes you more secure. It just proves you have a process—even if that process is broken.

Why rubber stamp? Because managers lack context. You're reviewing "Should Bob have admin access to the financial system?" You don't know what Bob does with it, when he last used it, or if his peers have it. Without context, you hit "approve" because breaking something is worse than maintaining overprivileged access.

Frank Kim made an important point, "Understanding how the model's thinking, how the model's reasoning, that interpretability is gonna be extremely important, especially as these agentic workloads get more distributed."

Generic AI can't fix this. You need models trained on identity patterns that surface high-risk access, provide usage context, and recommend specific fixes. Now add thousands of AI agents to your review backlog. The current manual approach stops working entirely.

Why discovery and visibility are only 20% of the solution

Kirk Manoogian framed the foundational challenge well, "The real issue is: how do you know what's actually in your environment? These agents are being built by humans, on-prem, in SaaS, in the cloud. How do you get a sense of what these agents are and what are they intended to do?"

This is shadow AI. Marketing spins up research agents. Finance deploys analysis agents. Engineering builds automation agents. Nobody's checking in with the central security team. Each agent gets provisioned access - often with the same broad permissions you'd give a human employee.

Panelists pointed to recent incidents, including one involving OpenClaw, where agents accessed shared credentials and static tokens as warning signs. The starting point, they noted, is visibility: understanding where AI agents exist and what access they have. But visibility alone doesn't solve the operational bottleneck.

Fair enough. But here's where the discussion got interesting.

Visibility without action is just reporting. Discovery tools can catalog your agents and map their permissions. Great. That still doesn't solve the actual problem: how do you provision access in minutes instead of days? How do you conduct meaningful access reviews instead of rubber-stamping thousands of entitlements?

The panelists all seemed to agree: you can't just throw more people at this. "How do I govern them at scale without adding 100 people to my identity team?" That's the real question.

Why RBAC doesn't work for AI agents

Role-based access control made sense when you had predictable job functions and stable permission needs. It's still predictable and auditable. It's also completely inadequate for AI agents.

Ultimately, humans are still the ones creating these agents. What's changed is massive scale. All these new agents are identities often treated more like human identities.

But agents don't fit into the boxes RBAC was designed for. They need temporary access during specific tasks. Elevated permissions for brief periods. Access that crosses traditional role boundaries. Traditional RBAC asks: "What is your job title?" Context-based access asks: "Why are you requesting this access right now?"

The difference matters. You need to understand identity relationships, peer behavior, application-specific permissions, historical usage patterns. You're reasoning about intent, not just checking if someone's in the right Active Directory group. Legacy IAM systems weren't built for this. They operate on human timescales - quarterly reviews, ticket-based workflows, manual approvals that take days.

Agents don't wait. When you've got thousands of agents requesting access dynamically, you need automated governance that operates at the same speed while still making intelligent, risk-aware decisions.

What "AI-native" actually means (it's not what most vendors claim)

Every vendor pitches "AI-powered" features now. However, there's a difference between AI-powered and very specialized AI models purpose-built to secure these problems and train on identity issues.

That's the distinction. Generic LLMs are great at language. They can explain what "least privilege" means conceptually. But they have no idea how permissions actually cascade through Active Directory groups, how Salesforce permission sets interact with profiles, or what normal access patterns look like in your specific organization.

Opti takes an AI-native approach, it's not a generic copilot on generic infrastructure, but specialized models trained across hundreds of applications. Our data science team takes LLMs that are very good at many things and makes them experts at a very few things.

That specialization matters for three reasons:

1. Understanding identity relationships across complex environments

2. Reasoning about appropriate access based on your organizational context

3. Automating governance decisions with explainable confidence scores.

You can't bolt that onto legacy systems designed for manual processing. The entire architecture needs to be built around automated decision-making from the ground up.

Natural language policies vs. rigid rules

Legacy IAM runs on rigid rule engines. Some admin codes: `IF user.department = 'Finance' AND user.title = 'Analyst' THEN grant role 'Financial_Data_Reader'`. Brittle. Constant maintenance. No nuance.

Opti is governed by natural language policies instead of legacy code, no-code workflows driven by best practices, compliance standards, internal documentation. If you can describe it in English, Opti can understand and enforce it.

Instead of asking "what rule did an admin hard-code two years ago," you ask "what does our policy say, and how should it apply right now?" Write policies in business terms: "Finance analysts should have read access to current quarter data but not historical payroll unless specifically justified and approved by the CFO."

The specialized AI interprets and enforces it consistently everywhere - with flexibility to handle edge cases rigid rules miss. Critical for agents because they don't fit predefined categories. A rule-based system breaks when an agent needs access crossing role boundaries. A policy-based system evaluates whether the access aligns with intent, even in unanticipated scenarios.

Zero standing privilege: Everyone talks about it, almost nobody implements it

Traditional IAM grants standing access. You get permissions and keep them until someone manually revokes them. With dynamic agents, that's unacceptable blast radius.

The industry is moving towards just-in-time (JIT) access for every access of every application. Standing access should be basically zero.

JIT means provisioning exact permissions for specific tasks, then automatically deprovisioning when complete. An agent needs database access for monthly reporting? Grant it for the report duration, then yank it back.

The problem: implementing this manually is impossible. To accomplish these goals, we must have AI in the background. Otherwise it's too much of a logistical challenge.

AI-native IAM makes JIT practical. Requests get evaluated on policy and context. Approved automatically when aligned. Provisioned instantly. Deprovisioned when access windows expire. For agents, this isn't optional—agent lifecycles are measured in minutes.

How Opti automates operations and compliance

During the webcast, I had the opportunity to explain how Opti tackles the 80% that matters—operations and compliance. Three capabilities: risk visibility and remediation (20%), intelligent access administration for lifecycle and operations (40%), and AI-enhanced access reviews for compliance efficiency (40%).

On access administration, Opti automates requests that traditionally take days. The platform evaluates policy, peer access patterns, and business justification using specialized identity models. It approves automatically when aligned with policy, denies with specific reasoning, escalates when needed, or suggests narrower-scope alternatives.

Analyzing based on context and dynamic role analysis for joiners, movers, leavers, access requests, essentially helping to avoid rubber stamping.

For compliance, Opti attacks rubber-stamping by giving reviewers context. The system risk-scores entitlements based on usage patterns, peer comparisons, and policy alignment. High-risk items surface first. Reviewers drill into reasoning. It generates audit-ready evidence automatically - eliminating the "10 people for 2 weeks to create an Excel file" problem.

Most organizations have billions invested in existing IAM. Better to integrate, handle the high-friction processes legacy platforms can't manage, and deliver value in hours.

What to look for when evaluating IAM solutions

The panel identified key differentiators for solving this problem.

Deployment speed matters. Opti deploys in hours: "One of the biggest IGA pains is deployment and maintenance. We take pride in developing new integrations within a few weeks. Once we support the deployment, it's a matter of hours."

Does it solve operations and compliance, or just visibility? Discovery tools show you the problem but don't fix the provisioning bottleneck or stop rubber-stamping. Look for platforms that automate governance decisions and plug into operational workflows.

Specialized AI matters. Very specialized AI models purpose-built to secure these problems and train on identity issues versus more general models If the vendor is wrapping GPT-4, they're not solving identity-specific problems.

Integration is non-negotiable. Solutions need to work with existing IGA platforms, identity providers, ITSM tools - handling broken processes while leveraging existing investments.

Measure success by operational metrics. How much does this reduce your access request backlog? Does it eliminate rubber stamping? Can it cut audit prep from 10 people for 2 weeks to one person in hours? If a demo focuses on pretty graphs showing agent inventory, they're solving the wrong problem.

Build AI-native governance now or retrofit later

Frank Kim summed up the challenge well: "We started with securing LLMs, then AI browsers. Every few weeks the threat landscape changes, but adoption isn't slowing down."

That's the reality. You can't slow AI adoption - competitors who move faster will eat your lunch. So blocking agents isn't an option. You need governance infrastructure that operates at the same speed agents do.

What stood out most from the webcast was this: visibility matters, but it's just the starting point. The goal isn't knowing what agents exist. It's governing them automatically based on policy, context, and actual risk - not manually reviewing spreadsheets every quarter.

Organizations that build AI-native IAM now will be ready when agent proliferation really takes off. Those that wait will be scrambling to retrofit solutions after something breaks.

The question isn't whether AI agents will transform how enterprises operate. They already are. The question is whether your identity governance can keep pace, or whether it becomes the bottleneck that prevents you from actually using AI at scale while maintaining any semblance of security.