As predicted, securing Agentic AI was the talk of the town at last week’s RSAC conference. Everyone understood the why very clearly. It's literally a world-changing opportunity, with world-ending risks, but no one seemed to know quite what the how looked like.
Part of the problem is that we're looking at the wrong puzzle pieces. There was plenty of talk about Identity and Access Management (IAM) as the core of agentic security, but IAM has never been a single thing—and treating it like one is holding us back.
So what is IAM? It's a convenient shorthand for “all the infrastructure to put the right resources in the right hands at the right time,” but authentication (the “I”) and authorization (the “AM”) are fundamentally different disciplines with fundamentally different challenges. Conflating them may simplify slide decks, but it's holding us back, and Agentic AI might be the thing that finally decouples the two so we can move on.
Authentication is complicated
Identity—authentication—is very far from solved, and as long as bad actors want in, it never will be. Every year brings new challenges and standards, but the entire authorization lifecycle ends at the door when you verify that the requestor is who they claim to be.
Because authorization patterns are so diverse, organizations will almost certainly need to engage with several solutions. New patterns, partners, risks, and regulations might all mandate additional systems. The question isn't whether you can get by with one authentication system, but how you can manage multiple systems without disrupting your business or the applications that run it.
Authorization has its own problems
Authorization, on the other hand, doesn't care how you authenticated. It cares what you can do now that we know who you are, and that's a completely different set of challenges.
Latency at scale is one. A second-long login might be acceptable, but if you're performing dozens of authorization checks for every request that follows, milliseconds matter.
There's a human impact, too. Authorization is an “everybody” issue. HR, FinOps, Sharepoint admins—everyone who manages knowledge resources, employees, or systems has an interest in authorization. Stakeholders need to be able to work in their preferred systems and trust that updates take effect immediately. Since most authorization logic resides in application code, that group also includes stressed out developers struggling to keep internal customers happy while still trying to build new applications and value.
Agents are not an "NHI problem"
The industry keeps framing agentic computing as an identity problem. It's not. Scaling authentication is difficult, but straightforward—and not new. The real risk with agents isn't that they won't be able to log into our systems. It's that we won't be able to govern them once they do.
Agents also challenge the assumptions on which we've built existing authorization logic. Role-Based Access Control (RBAC) systems may have worked fine for established business processes, but enabling a non-deterministic agent that makes real-time decisions to solve problems (without controls around its tools) requires expressive and scalable access controls. It's a complicated problem requiring a sophisticated solution, and authorization is its core.