Here's a sentence I want you to sit with: the identity stack we built for humans is not going to survive what's coming next.
I've spent twenty-five years in security — from the military to MuleSoft to Flexport to where I am now. I've watched identity evolve from login boxes to MFA prompts to Tuesday access requests your manager approved while eating lunch. Every generation of the stack assumed one thing: there's a person in the loop, clicking something.
Agents don't click. They call. They chain. They spawn other agents. And the stack we have wasn't designed for any of that.
The numbers that changed my mind#
According to the Microsoft and LinkedIn 2024 Work Trend Index, 75% of knowledge workers now use AI at work. CyberArk's 2025 research shows machine identities already outnumber human identities by more than 80 to 1 — and some organizations report ratios exceeding 100 to 1. That gap is only widening as agentic AI moves from pilot to production.
This isn't hypothetical anymore. The IDSA's 2025 Trends in Securing Digital Identities report found that 90% of organizations experienced at least one identity-related incident in the past year. The breach surface is already identity-shaped. Now we're multiplying the number of identities by orders of magnitude — and most of the new ones aren't human.
Four ways the stack breaks#
I've been walking through this with security leaders for months now, and the failure modes are remarkably consistent. They come down to four gaps.
Lifecycle. A human identity lives for months or years. You provision it on day one, you deprovision it when someone leaves, and in between you run quarterly access reviews. An agent identity might live for seconds. Maybe hours. Maybe just long enough to complete a task chain and disappear. IGA was not built for ephemeral. Most platforms can't even model an identity that creates itself, acts, and self-destructs in under a minute.
Scope. Humans get role-based access. It's coarse, but it works because humans are slow and predictable. Agents need task-bounded, time-bounded, blast-radius-bounded access. RBAC is too coarse — way too coarse. An agent that needs read access to one production table for thirty seconds shouldn't inherit the same role as the engineer who manages that entire database.
Attribution. Here's the scenario I keep seeing in the wild. An engineer asks a coding agent to ship a fix. The coding agent spawns a deployment agent. The deployment agent spawns a migration agent that needs scoped, time-boxed access to a production secret. Three hops. Three identities. One human accountable. Zero clean answers today. When something goes wrong and you need to figure out who did what, in what order, and who's on the hook — "service account 47" is not an answer.
Revocation. Killing a human's access is a Tuesday ticket. Killing an in-flight agent mid-chain — while it's halfway through a deployment — is a fundamentally different problem. Most tools can't do it. They can rotate the password and restart the service, but they can't surgically revoke one agent's access without breaking the chain it's part of.
From identity to agency#
The old primitive was who is this? Your existing tools answer that well — they were designed to.
The new primitive is what is this allowed to do? On whose behalf? With what scope? For how long?
That's not identity. That's agency. Agency equals identity plus permission plus delegation plus lifecycle plus revocation — as one thing, not five disconnected things stitched together with service account passwords and hope.
The next twelve to eighteen months of identity is not about better login. It's about giving agents a legitimate, governed way to act — what I've started calling AI Access Management. The organizations that solve for agency — not just identity — will be the ones that ship AI with confidence. The ones that don't will be writing breach notifications and wondering how a migration agent got access to production secrets at 2 a.m. on a Saturday.
If you're a security leader reading this and wondering where to start: get visibility first. You can't govern what you can't see. Instrument what your agents are doing today — which tools they're calling, what credentials they're using, who originated the chain. That telemetry is the foundation everything else builds on. Policy comes second. Enforcement comes third. But the graph — the single, unified identity graph that treats humans and agents as first-class citizens — that's the destination.
I'd rather be wrong in public than vague in private. Hold me to that timeline.
