Podcast: The Security Strategist

Guest: Jasson Casey, CEO & Co-FounderBeyond Identity

Analyst: Richard Stiennon, Chief Research Analyst at IT-Harvest

In an enterprise technology market that’s saturated with AI copilots and coding agents, most enterprise security strategies are already outdated. 

On the recent episode of  The Security Strategist podcast, analyst Richard Stiennon, Chief Research Analyst at IT-Harvests, presses Jasson Casey, CEO and Co -Founder, Ceros by Beyond Identityon a question few vendors are answering clearly. 

“How do you actually control autonomous agents once they’re inside your environment?” posed Stiennon. 

Casey’s answer is architectural, focusing on Ceros – a new control plane from Beyond Identity built specifically for agentic workflows.

What is Ceros built for? 

The problem Ceros addresses is practically faced by enterprises. For instance, enterprises deploying tools like Claude, Codex, or Copilot for coding and workflow automation are effectively granting agents the same privileges as human operators, but without equivalent oversight. These agents write code, call APIs, and interact with sensitive systems, often across long-lived sessions where risk can evolve in real time.

Casey points out that most enterprises fall into one of two active camps: those moving fast and accepting the risk, and those slowed by governance concerns. What both groups lack is visibility. Not logs after the fact, but live, session-level awareness of what agents are doing, what tools they’re invoking, and how their behaviour changes over time.

Ceros is designed to sit directly in that gap. Rather than acting as a perimeter control or identity gateway, it operates in tandem with agent sessions, exposing granular telemetry on tool calls, device posture, and execution context. The emphasis is not on blocking upfront, but on establishing a real-time inventory of agent activity—a prerequisite for any meaningful governance model.

Moving Beyond Passwordless to Agent-Bound Trust

Beyond Identity built its reputation on eliminating passwords, but Casey makes it clear that passwordless authentication was only the first step. The deeper issue is the portability of credentials themselves. Whether it’s a password, API key, or session token, anything that can be copied can be abused—and in agentic systems, that risk multiplies.

Ceros extends the company’s device-bound identity model into AI workflows. Instead of relying on bearer tokens, which Casey likens to “ Wonka golden tickets,” Ceros enforces cryptographic, device-bound sessions where every API request is uniquely signed. This approach draws on emerging standards like DPoP but applies them in a way that doesn’t require upstream API providers to change their architecture.

The result is a subtle but important shift. Security is no longer tied to possession of a token, but to the integrity of the device and session generating each request. For agents, this means their actions are continuously attributable, and any attempt to export or replay credentials simply fails. In practical terms, it collapses the blast radius of an incident to a single device and makes lateral movement significantly harder.

Why Casey Says the Time to Deploy Is “Immediately”

Perhaps the most striking moment in the discussion comes when Stiennon asks when organisations should introduce controls like Ceros into their agent pipelines. Casey’s answer is blunt: immediately. Not after pilots, not post-deployment hardening, but at the same time, agents are introduced.

That urgency reflects a broader shift in how enterprise risk is accumulating. AI agents are active participants in systems, capable of chaining actions, interacting with multiple tools, and amplifying both productivity and exposure. Retrofitting security after these patterns are established is, in Casey’s view, a losing strategy.

Ceros has been intentionally designed to avoid the friction that typically delays security adoption. Developers running AI-based workflows see no change in their experience, while security teams gain visibility and policy controls through the same interface. The initial deployment phase focuses on observation rather than enforcement, allowing enterprises to understand their agent footprint before introducing restrictions.

Are you enjoying the content so far?

Ultimately, identity security must evolve from authenticating users to governing actions—human or otherwise—in real time. With Ceros, Beyond Identity believes that the future of enterprise security will be defined not by who logs in, but by what autonomous systems are allowed to do once they’re already inside. Teams can get their AI governance started on ceros.sh

Key Takeaways

  • AI agents are introducing major identity and visibility gaps across enterprise systems.
  • Traditional “authenticate then trust” models fail in dynamic, long-running agent sessions.
  • AI agents have no real identity. Ceros binds every agent action cryptographically to hardware, making credential theft pointless and every action attributable to a specific user and device.
  • Ceros gives security teams identity, visibility, and control over AI agents — enforcing policies at the proxy layer before agents can act, not after. Get started at ceros.sh

Chapters

  • 00:00 Emerging Security Gaps in AI Coding Agents
  • 03:03 The Role of Governance in AI Deployment
  • 05:58 Beyond Identity: The Passwordless Revolution
  • 09:00 Device-Bound Credentials and API Security
  • 11:59 Integrating Security Solutions for AI Agents

To learn more about Ceros and how agentic workflows in cybersecurity enterprises are changing, follow:

Beyond Identity LinkedIn: @Beyond Identity 

Beyond Identity X: @beyondidentity

Beyond Identity YouTube: @BeyondIdentity

EM360Tech YouTube: @enterprisemanagement360

EM360Tech LinkedIn: @EM360Tech

EM360Tech X: @EM360Tech

Follow: @EM360Tech on YouTube, LinkedIn and X

Stay connected for more expert insights, podcast episodes, and enterprise data strategy discussions