IAM Was Built for Humans — The CSA Report Shows Why AI Agents Need Their Own Identity Model

Anh Nguyen

4 min read

Why IAM is failing, why Agent Registry is the missing layer, and why enterprises need a new identity model for autonomous AI agents

The Cloud Security Alliance (CSA) recently released its Securing Autonomous AI Agents report, and the findings are unambiguous: enterprises are deploying agents faster than they can govern them.

The numbers tell the story:

  • Only 18% of organizations are confident their IAM can support agent identity
  • Only 21% have real‑time agent inventories
  • Only 17% have runtime access policies
  • Only 16% believe they could pass an audit
  • 68% say HITL is required for sensitive actions

These aren’t minor gaps. They reveal a structural mismatch between how agents behave and how enterprises govern them.

And they point to one conclusion:

Agent Identity must become a first‑class governance primitive — not an extension of IAM, but a new layer entirely.

This article explains why.

⭐ 1. IAM Was Never Designed for Autonomous Agents

IAM is one of the most mature disciplines in enterprise security. But it was built for a world of:

  • human users
  • service accounts
  • static workloads
  • predictable lifecycles
  • centralized control

Autonomous agents break every assumption IAM relies on.

Agents are:

  • dynamic
  • ephemeral
  • cross‑platform
  • multi‑modal
  • self‑initiating
  • capable of chaining actions
  • capable of spawning sub‑agents

IAM cannot stretch to accommodate this. The CSA report’s 18% confidence number is not a surprise — it’s an inevitability.

IAM answers:

“Who is this human or workload?”

Agent Identity must answer:

“Who is this autonomous actor, what authority do they have, and how do we govern their behavior?”

These are fundamentally different questions.

⭐ 2. The Hardest Problem the CSA Report Identifies: Agent Registry

Jian Wang summarized the core issue perfectly:

“The hardest problem still unsolved: agent registry.”

This is the missing primitive.

Without an Agent Registry, enterprises cannot answer basic operational questions:

  • What agents exist right now?
  • Who created them?
  • What environment are they running in?
  • What tools can they call?
  • What data can they access?
  • What authority do they have?
  • What is their lifecycle?
  • Who is accountable for them?

IAM cannot answer these questions. Logging cannot answer these questions. SIEM cannot answer these questions.

Only Agent Identity can.

⭐ 3. Agent Identity Requires New Primitives

Agent Identity is not “IAM but for agents.” It is a new identity model with its own primitives.

✔ 1. First‑class Agent Identifiers

Agents need unique, traceable, non‑spoofable identities — not shared service accounts or static API keys.

✔ 2. Authority Scopes

Agents need scoped permissions that define:

  • what they can do
  • what they cannot do
  • what requires escalation
  • what requires HITL approval

This is the agent equivalent of least privilege.

✔ 3. Runtime‑Resolvable Identity

Identity must be evaluated at the moment of action — not at deployment time.

✔ 4. Lifecycle Governance

Agents must have:

  • creation events
  • modification events
  • deprecation events
  • retirement events

Today, most agents simply “exist” with no lifecycle.

✔ 5. Attribution & Provenance

Every action must be attributable to:

  • a specific agent
  • with a specific identity
  • acting under a specific authority
  • at a specific time

This is the foundation of auditability.

✔ 6. Cross‑Platform Registry

Agents will not live in one ecosystem. They will span:

  • cloud platforms
  • SaaS tools
  • internal systems
  • agent frameworks
  • orchestration layers

A unified registry is required.

These primitives do not exist in IAM. They must be created.

⭐ 4. Runtime Governance Is Nearly Nonexistent — and IAM Can’t Fix It

The CSA report shows that only 17% of organizations have runtime access policies for agents.

This means:

  • agents operate with static API keys
  • permissions do not change based on context
  • authority is not evaluated at runtime
  • sensitive actions are not gated
  • escalation paths are not enforced

IAM cannot solve this because IAM is not a runtime system. It is a provisioning system.

Agents require runtime identity, not just provisioned identity.

This is why Agent Identity must include:

  • runtime policy evaluation
  • environment‑aware permissions
  • sensitive‑action gating
  • dynamic authority resolution
  • HITL enforcement

This is the identity model agents require.

⭐ 5. Auditability Is Collapsing — Because Identity Is Missing

Only 16% of organizations believe they could pass an audit for agent access control.

This is not surprising.

Without Agent Identity:

  • actions are not attributable
  • logs are not tied to identity
  • authority is not scoped
  • provenance is unclear
  • accountability is missing

Auditors cannot evaluate:

  • who did what
  • under what authority
  • with what identity
  • in what context

Agent Identity makes agent actions:

  • traceable
  • attributable
  • explainable
  • governable

This is the foundation of enterprise trust.

⭐ 6. HITL Is Not a UX Pattern — It’s an Identity Pattern

The CSA report shows that 68% of organizations require human‑in‑the‑loop for sensitive actions.

This is not about user experience. It is about authority boundaries.

HITL is how enterprises enforce:

  • escalation
  • approval
  • oversight
  • accountability

Agent Identity must encode:

  • which actions require HITL
  • which identities can approve
  • how approvals are logged
  • how authority is delegated

This is identity, not interface.

⭐ 7. The Agent Identity Stack

Agent Identity is not a single feature. It is a governance stack.

1. Identity

Unique, traceable agent identifiers.

2. Authority

Scoped permissions and sensitive‑action boundaries.

3. Registry

A unified inventory of all agents across platforms.

4. Runtime Governance

Context‑aware evaluation of identity and authority.

5. Attribution

Every action tied to a specific agent identity.

6. Lifecycle

Creation → modification → deprecation → retirement.

This is the identity model autonomous agents require.

⭐ 8. The Bottom Line

The CSA report is not just a warning — it is a confirmation.

It confirms that:

  • IAM cannot stretch to cover agents
  • Agent Registry is missing
  • runtime governance is immature
  • auditability is collapsing
  • HITL is essential

And it confirms that enterprises need a new governance primitive:

Agent Identity — the identity, authority, and lifecycle model for autonomous AI agents.

This is the foundation for safe, accountable, enterprise‑grade agentic systems.

The organizations that adopt Agent Identity early will be the ones who:

  • maintain control
  • preserve auditability
  • enforce authority boundaries
  • prevent agent sprawl
  • build trustworthy agent ecosystems

The agentic era is here. Agent Identity is how we govern it.

Read more

Introducing AI GRC Engineering: Governing AI Systems in Operational Environments

Artificial intelligence is rapidly evolving from systems that generate information to systems that interact with real software environments. AI assistants are beginning to: * access enterprise applications * retrieve and process organizational data * automate workflows * interact with APIs and databases * assist in operational decision-making As these capabilities expand, AI systems are increasingly

By Anh Nguyen