For more than 60 years, ever since famed computer scientist Fernando Corbató pioneered the first username and password verification at MIT, digital identity and authentication has largely been a human litmus test—through passwords, biometrics, or other security tokens, prove you are who you say you are.
But with the rapid rise of agentic AI and emerging artificial general intelligence (AGI), people are no longer the only players on our digital playgrounds. By the end of this year, Gartner predicts nearly every enterprise application will have embedded AI assistants and by 2026, 40% of these applications will be integrated with true task-specific agents.
By the end of the decade, Gartner forecasts agents will even be created on the fly, ushering in a ‘new normal’ of human-AI collaboration.
Senior Director of Product Management at Twilio.
Sounds harmonious. But even in our agentic infancy, we’re already witnessing how easily AI can replicate human traits with astonishing precision, from voice and written communication to mirrored biometric patterns (such as typing rhythms) and even synthetic identities.
As we accelerate toward a frontier that consists of billions of users of both flesh and blood and ones and zeros, identity and authentication can no longer just be static controls at point of entry. We need a dynamic flow that captures real-time context, intent, and parameters of human users and the legions of agents acting (or purporting to) on our behalf.
As we brace for this generational shift in digital identity, businesses must evolve beyond traditional strategies of access, authentication, and accountability to maintain customer experiences that are private yet personal and seamless yet secure.
It’s never been more important for businesses to not only know their customers, but ensure they’re interacting with a real person or an agent authorized on behalf of that person.
Identity must mature into a real-time trust engine
Historically, enterprises have planted a firm flag in the ground when it comes to digital identity and authentication—human good, bot bad. Today, this stance is not only archaic but potentially detrimental to both customer engagement and bottom lines.
As we begin to give agents greater decision-making authority and autonomy, it raises a theoretical but thorny question—if an agent screws up, who’s liable?
What if I tell a bot to research and purchase a pair of shoes with a budget of $100, but it spends $1,000. Who’s responsible for the unauthorized transaction—do I have to pay for it? The retailer? The credit card company?
Or what if I direct a bot to handle all my dreaded expense reports, but as it collates and catalogs all my receipts it takes a $5 charge and submits it for $50? Who’s at fault for what could be expense fraud?
Transparency begets trust (and culpability). If an agent operates outside its guardrails, only through an explicit system of continuous tracking, such as an immutable ledger (similar to blockchain), can we determine what was asked and if decisions were made independently or heedlessly (or willfully) sanctioned.
Google’s recently announced Agents Payment Protocol (AP2), especially around cart and intent mandates, speaks to this very issue of ‘rules of engagement’ and the ‘chain of evidence’ needed to understand what exactly agents are allowed to do.
It’s simply no longer enough to know who or what to let in. Businesses must understand when signals and context change once inside and verify those against task-specific controls.
If, for example, I direct an agent to book my travel and accommodation for an upcoming conference and it attempts to access my team’s performance records, that action is clearly beyond its designation and should immediately alert the Batphone.
The sobering reality is the identity readiness of most businesses remains frustratingly underprepared. Many still adopt a set-it-and-forget-it approach; just think of the applications on our devices gathering login dust—email, streaming, e-commerce. I logged into my home monitoring application once at registration and haven’t logged out in years.
If my phone is lost or stolen, someone could easily access every camera in and around my house, and unless those signals are constantly monitored, it’s unlikely the provider would be any the wiser.
A single identity platform to rule them all
Identity should mirror its environment—too far ahead of the curve and you risk friction, too far behind it and you risk vulnerability. In this new era of human-machine collaboration, businesses must abandon the notion of separate identity platforms for people, agents, and autonomous systems and embrace a structure around five core pillars:
Verification: move beyond static credentials and OTPs to continuous, real-time verification that monitors and detects when users’ context has changed.
Blocking bots: understand the nuances between humans, trusted agents, and nefarious bots to prevent pollution of engagement/analytics.
Dynamic consent & authorization: define contextual, time-bound, revocable authorizations for agents that limit permissions to information only needed to complete a specific task during a defined window.
Behavioral signals: leverage passive, layered, multimodal signals such as biometrics, behavioral patterns, contextual risk assessments, cryptographic credentials to detect anomalies and distinguish abnormal actions.
Account lifecycle memory: enable persistent memory of user preferences, behaviors, and goals across channels and platforms for frictionless, personalized sessions.
Much of the technology needed already exists across various use cases. Take privileged access management solutions, which allow service agents privileged access to sensitive account information for a given context and duration to support customer escalation tickets—the same dynamic consent needed for our machine counterparts.
Now, it’s about ensuring these technologies can be easily integrated into businesses’ existing tool sets and tech stacks and unified into a cohesive, comprehensive platform.
Technology availability is one thing, but adoption is something else entirely. The potential for broad, universal adoption will lie in our ability to build true community identity standards rather than a series of disparate and competing frameworks.
We’re not there yet, but exciting discussions and developments are underway led by open standards groups like the OpenID Foundation. These best practices could eventually be embraced by Model Context Protocol (MCP), for example, to help close authentication gaps as businesses build MCP servers to connect and empower agents.
Identity as a growth enabler
The next generation identity layer won’t just be foundational to secure access and fraud prevention but serve as the core infrastructure and connective tissue that orchestrate personalized, secure customer experiences at every step.
As our workforces and workstreams quickly welcome an influx of digital peers, businesses must evolve their identity strategies and postures at equal velocity to minimize friction, maximize safety, and infuse trust and accountability into every touchpoint and interaction.
We’ve featured the best AI website builder.
This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
https://cdn.mos.cms.futurecdn.net/LJ7xXkLMRdgVo8vT4Ccgrb-2560-80.jpg
Source link
