For decades, identity security relied on the assumption that identities are static, predictable, and mostly human. However, the growing scale and complexity of identities in the modern enterprise, as well as the increasing adoption of artificial intelligence has changed that perspective recently. With AI agents multiplying in enterprises, acting independently, appearing and disappearing, and using credentials, the foundations of identity and access management are being tested in ways many organisations are not ready for.

In the recent episode of The Security Strategist podcast, Raz Rotenberg, CEO and Co-Founder of Fabrix Security, sat down with host Richard Stiennon, Chief Research Analyst at IT Harvest.

“Everything we knew about identity is about to change,” Rotenberg cautioned Stiennon. “We’ve viewed identities as mostly static. But AI agents are dynamic. They can do various tasks, change their behaviour, vanish, and reappear. Static identity models won’t survive.”

The Unplanned Identity Explosion

Identity has always been complex, but the scale and variety of identities that security teams face today are unprecedented. Besides employees and contractors, organisations now deal with service accounts, cloud workloads, APIs, and increasingly, AI-driven agents that function on their own.

According to Rotenberg, the challenge isn't just the number of identities; it's their variability. “The number of ways identities can behave is infinite,” he explained. “Every organisation is unique, every system is distinct, and identities are now changing in real time.”

CISOs already see this explosion. Stiennon also noted during the podcast that AI is quickly becoming a major source of new identities, with agents being deployed widely and given credentials to operate at machine speed.

However, most identity programs still depend on static role-based models and periodic reviews, approaches that struggle to keep up with dynamic, non-human agents.

Multiple Identity Tools Can Lead to Hidden Risks

Despite a crowded identity security market with hundreds of vendors in IAM, PAM, IGA, and cloud identity, Rotenberg argues that the main issue is not a lack of tools.

“We’ve had identity tools for decades,” he said. “They do a good job of facilitating operations aimed at reducing risk. But they all miss the same point – they rely too much on the human factor.”

Each tool, he explained, only sees a part of the identity landscape. Identity providers handle authentication, PAM tools manage privileged access, and governance platforms oversee reviews. None provides a unified, real-time view of identity behaviours across systems.

The Fabrix CEO calls it “partial truth.” Security teams dealing with identity issues have to manually gather data from various platforms, piece it together, and make decisions with incomplete information.

“This leads to long review cycles, manual investigations, and over-provisioning by default,” he said. “Permissions get copied and duplicated because people don’t fully grasp who has access to what or why.”

This can often lead to unclear decisions, with the organisation handing out more permissions than fewer. Eventually, it creates sprawling identity landscapes filled with excessive privileges and risky combinations. In some cases, an individual might have limited rights in one system but full control in another without anyone noticing.

“Misconfigurations can occur between systems,” Rotenberg noted. “Things don’t align. And without a unified view, these risks remain hidden.”

The Need for Identity Intelligence Layer

Fabrix’s solution to this fragmentation is what Rotenberg calls an identity intelligence layer. This layer brings together existing identity tools without replacing them. They aim to continuously gather signals from IAM, PAM, IGA, cloud platforms, and other sources, then process them in real time.

“It’s not about tearing everything out,” Rotenberg said. “Each tool serves a purpose. But when you connect them through an intelligence layer, you can finally understand your entire identity framework.”

This intelligence layer aims to lessen reliance on manual decision-making. By providing contextual insights and recommendations at the moment decisions need to be made—and eventually automating those decisions—it addresses what Rotenberg sees as identity security's weakest link – human judgment at scale.

“Even if you set good policies, enforcing them continuously and at scale is impossible without automation,” Rotenberg said. “There’s simply too much data.”

Over time, he envisions identity systems that not only provide insights but also manage access automatically. They would revoke permissions, flag anomalies, and adjust as identity behaviours change.

“Rather than enforcing more rules,” Rotenberg added, “we need intelligence layers that constantly understand who has access, why that access exists, and whether it still makes sense.”

Watch the podcast at em360tech.com. For more information, please visit fabrix.security

Takeaways

  • Identity security is becoming increasingly pivotal in modern organisations.
  • The complexity of managing identities is compounded by the rise of AI agents.
  • An intelligence layer is essential for effective identity security.
  • Automation is crucial for managing identity security at scale.
  • Fragmented identity management systems lead to operational inefficiencies and increase risk.
  • Organisations often have over-permissive identities due to poor management practices.
  • Integrating existing tools with an intelligence layer can enhance security.
  • CISOs need to rethink their identity architecture for future flexibility.
  • Identity security is shifting from a static to a dynamic approach.
  • Continuous monitoring and adaptation of identity access is key. 
Help good content travel further, give this a like.
Link copied to clipboard!

Chapters

00:00 Introduction to Identity Security Challenges

02:53 The Role of Identity Intelligence

05:38 Operational Inefficiencies in Identity Management

08:49 Integrating Intelligence into Existing Tools

11:43 Rethinking Identity Architecture for AI Agents

About Fabrix Security

Fabrix Security builds AI Agents designed specifically for identity security. With identities multiplying across SaaS, cloud, and on-prem environments, Fabrix equips IAM teams with the intelligence to make confident, explainable access decisions – right at the moment of decision.

By infusing AI into identity security, Fabrix closes today’s biggest gap: visibility and intelligence. It enhances existing IAM workflows with speed, consistency, and accuracy, cutting through the chaos of manual, context-less decision-making. From user access reviews and access requests to full identity lifecycle management and AI-agents governance, Fabrix delivers intelligent, scalable, and proactive identity security.

#IdentitySecurity #AIagents #Cybersecurity #CISO #IAM #FabrixSecurity #FutureofIdentity #TechPodcast #TechPodcast #CloudSecurity #DynamicIdentity #SecurityIntelligence #FutureofIdentity #InfoSec