"With any new technology, there's always a turning point: we need something new to solve the old problems,” states Jeffrey Hickman, Head of Customer Engineering at ORY, setting the stage for this episode of The Security Strategist podcast.

The key challenge enterprises face today, pertaining to identity and security, particularly, is the quick rise of AI agents. Many organisations are trying to annex advanced AI features into old systems, only to realise, post-cost investment, that serious issues have come to the surface. The high number of automated interactions could easily overload the current infrastructure.

"The scale of agent workloads will be the weak spot for organisations that simply try to apply current identity solutions to the rapidly growing interaction volume,” cautions Hickman.

In this episode of The Security Strategist podcast, Alejandro Leal, Host, Cybersecurity Thought Leader, and Senior Analyst at KuppingerCole Analysts AG, speaks with Jeffrey Hickman, Head of Customer Engineering at ORY, about customer identity and access management in the age of AI agents.

They discuss the urgent need for new self-managed identity solutions to address the challenges posed by AI, the limitations of traditional Customer Identity and Access Management (CIAM), and the importance of adaptability and control in identity management. The conversation also explores the future of AI agents as coworkers and customers, emphasising the need for secure practices and the role of CISOs in pulling through these changes.

AI Agents – The Achilles Heel of Legacy Identity

Hickman explains that many companies face an immediate and serious issue at the moment. He said: "The scale of agentic workloads will be the Achilles heel for organisations that simply try to map existing identity solutions onto the drastically ballooning interaction volume."

This scale not only overwhelms current systems but also creates perilous complexity. AI agents, acting on their own or on behalf of humans, lead to a huge increase in authentication events. This is called an "authentication sprawl." Such strain on old technology often positions security as an afterthought.

The main unresolved technical issue is context: figuring out what an individual agent is allowed to do and what specific data it can access, Hickman tells Leal. "The problem is defining the context—what an agent is allowed to do and gather. Legacy IM solutions don't address this well; it's an unsolved area."

To gain the necessary control, organisations must move beyond complicated scope chains and rethink how granular permissions function. Meanwhile, the risk of AI-driven phishing targeting human users, fueled by manipulated prompts, will grow until we can ensure the authenticity of human-in-the-loop moments using technologies like Passkeys.

Also Read: OpenAI leverages Ory platform to support over 400M weekly active users

Takeaways

  • The rise of AI agents is reshaping customer identity management.
  • Traditional SIAM systems struggle with the scale of AI interactions.
  • Adaptability is crucial for organisations facing new identity challenges.
  • Control over identity solutions is essential for enterprises.
  • Security must not be sacrificed for user experience.
  • AI agents can amplify existing identity management challenges.
  • Organisations need to understand the permissions of AI agents.
  • The future of identity management is evolving rapidly.
  • CISOs must embrace modern standards for identity solutions.
  • Observability in identity management enhances security and adaptability.

Chapters

00:00 Introduction to Customer Identity and AI Agents

03:00 The Impact of AI on Identity Management

06:13 Challenges of Traditional SIAM Systems

08:58 The Need for Adaptability in Identity Solutions

11:49 Control and Flexibility in Identity Management

15:12 Future of AI Agents and Security Practices

17:49 Key Takeaways for CISOs

About ORY

With tens of thousands of active projects and trillions of identities managed across its open-source and managed environments, Ory is on a mission to redefine what it means to secure digital identities (customers, employees, partners, machines, and agents). Ory provides a modern and modular approach to c/IAM programs that provides unmatched scale, user experience, and deployment flexibility. From open-source to self-managed but supported enterprise licenses, to a fully managed and compliant global service, our composable architecture allows organisations to easily customise experiences for their users.