Why Are AI Agents Forcing CISOs to Rethink Identity Security Architecture? Podcast Por arte de portada

Why Are AI Agents Forcing CISOs to Rethink Identity Security Architecture?

Why Are AI Agents Forcing CISOs to Rethink Identity Security Architecture?

Escúchala gratis

Ver detalles del espectáculo
For decades, identity security relied on the assumption that identities are static, predictable, and mostly human. However, the growing scale and complexity of identities in the modern enterprise, as well as the increasing adoption of artificial intelligence has changed that perspective recently. With AI agents multiplying in enterprises, acting independently, appearing and disappearing, and using credentials, the foundations of identity and access management are being tested in ways many organisations are not ready for.In the recent episode of The Security Strategist podcast, Raz Rotenberg, CEO and Co-Founder of Fabrix Security, sat down with host Richard Stiennon, Chief Research Analyst at IT Harvest.“Everything we knew about identity is about to change,” Rotenberg cautioned Stiennon. “We’ve viewed identities as mostly static. But AI agents are dynamic. They can do various tasks, change their behaviour, vanish, and reappear. Static identity models won’t survive.”The Unplanned Identity ExplosionIdentity has always been complex, but the scale and variety of identities that security teams face today are unprecedented. Besides employees and contractors, organisations now deal with service accounts, cloud workloads, APIs, and increasingly, AI-driven agents that function on their own.According to Rotenberg, the challenge isn't just the number of identities; it's their variability. “The number of ways identities can behave is infinite,” he explained. “Every organisation is unique, every system is distinct, and identities are now changing in real time.”CISOs already see this explosion. Stiennon also noted during the podcast that AI is quickly becoming a major source of new identities, with agents being deployed widely and given credentials to operate at machine speed.However, most identity programs still depend on static role-based models and periodic reviews, approaches that struggle to keep up with dynamic, non-human agents.Multiple Identity Tools Can Lead to Hidden RisksDespite a crowded identity security market with hundreds of vendors in IAM, PAM, IGA, and cloud identity, Rotenberg argues that the main issue is not a lack of tools.“We’ve had identity tools for decades,” he said. “They do a good job of facilitating operations aimed at reducing risk. But they all miss the same point – they rely too much on the human factor.”Each tool, he explained, only sees a part of the identity landscape. Identity providers handle authentication, PAM tools manage privileged access, and governance platforms oversee reviews. None provides a unified, real-time view of identity behaviours across systems.The Fabrix CEO calls it “partial truth.” Security teams dealing with identity issues have to manually gather data from various platforms, piece it together, and make decisions with incomplete information.“This leads to long review cycles, manual investigations, and over-provisioning by default,” he said. “Permissions get copied and duplicated because people don’t fully grasp who has access to what or why.”This can often lead to unclear decisions, with the organisation handing out more permissions than fewer. Eventually, it creates sprawling identity landscapes filled with excessive privileges and risky combinations. In some cases, an individual might have limited rights in one system but full control in another without anyone noticing.“Misconfigurations can occur between systems,” Rotenberg noted. “Things don’t align. And without a unified view, these risks remain hidden.”The Need for Identity Intelligence LayerFabrix’s solution to this fragmentation is what Rotenberg calls an identity intelligence layer. This layer brings together existing identity tools without replacing them. They aim to continuously gather signals from IAM, PAM, IGA, cloud platforms, and other sources, then process them in real time.“It’s not about tearing everything out,” Rotenberg said. “Each tool serves a purpose. But when you connect them through an intelligence layer, you can finally understand your entire identity framework.”This intelligence layer aims to lessen reliance on manual decision-making. By providing contextual insights and recommendations at the moment decisions need to be made—and eventually automating those decisions—it addresses what Rotenberg sees as identity security's weakest link – human judgment at scale.“Even if you set good policies, enforcing them continuously and at scale is impossible without automation,” Rotenberg said. “There’s simply too much data.”Over time, he envisions identity systems that not only provide insights but also manage access automatically. They would revoke permissions, flag anomalies, and adjust as identity behaviours change.“Rather than enforcing more rules,” Rotenberg added, “we need intelligence layers that constantly understand who has access, why that access exists, and whether it still makes sense.”Watch ...
Todavía no hay opiniones