
Powered by Ping Identity
Andre Durand, CEO and founder of Ping Identity, says that enterprises should consider a “zero-trust” security architecture as an immediate requirement for AI agents, not a long-term goal. Zero trust, a security model based on the assumption that no user, device, or system is automatically trusted, requires continuous verification before every action, rather than a single check at login. Agent AI has deeply compressed the risk timeline that enterprises must manage by requiring real-time evaluation of authorization decisions.
type: internal-input-internal id: 1Ieiy1KhHNWZE5KVqNdA1G
This compression shows how permissions are stacked. Every time an employee approves an AI agent’s request for access to a company drive, database, or code repository, the enterprise is handing over a piece of control that seems mundane in isolation. These assertions are collected across thousands of agents sending thousands of requests that most existing security architectures were never built to scale.
"Today’s growing desire to use agents and agent speed underscores the need to move faster on zero-trust principles," Durand says. "Agents move faster, stop completely. A person’s tolerance can be measured in minutes or hours, sometimes days. At agent speed, a thousand moves can happen in five minutes."
Why zero trust is now relevant for agent AI
This difference in speed is changing the way enterprises think about permissions. Two variables are important: the access field granted to the agent and the length of time the access remains valid. Traditional identity and access management tends to grant broad permissions and leave sessions open for long periods of time because the person using them moves at human speed. Zero trust, on the other hand, destroys both variables at once by narrowing down access to what is strictly necessary and continuously revalidating it, rather than just once on entry.
"Zero confidence really says, enough is enough, just in time," Durand says. "What we care about is your next move. We’re moving from an era where identity is our point of control over the runtime of a login—ie, are you logged in, have a session—to the decision behind that login."
Why should agents be treated as first class entities?
The shift to decision-based control has a direct impact on how agents are provisioned in the first place. Durand says the common practice of allowing an agent to operate under a cloned human login or shared service account doesn’t work.
"Each agent must have its own identity," explains. "It should not imitate a person. It can act on behalf of the person, we could obviously empower the agent, but we don’t want to blur the lines between the person acting and the agent acting."
In addition, there is another concern: shared secrets, especially API keys that are trusted by many service accounts. For example, the habit of embedding keys directly into source code is a convenient but poor security example, where they can be accidentally generated and exposed, making agent workflows significantly risky. Creating service account architectures that allow agents to authenticate without relying on that shared credential or other long-term access is now an immediate priority rather than a long-term cleanup project.
Where businesses can implement a zero-trust policy
Applying any of these in practice requires determining where the policy can actually be applied. Several existing choke points, including API gateways and agent gateways that sit in front of MCP servers, offer practical places where enterprises can inspect what an agent is requesting and apply policy rules before submitting it.
"These policies can use real-time risk and fraud alerts and then strictly enforce what an agent can do when interacting with these systems." Durand explains.
The goal is to move authorization from something that is decided once at login to something that is evaluated at every subsequent action, such as when an agent tries to code a repository. Instead of carrying permanent permission to write to GitHub, the agent’s request will be checked against the context and policy at that particular moment, and the trust window will be closed to the scope of a single action.
Stop AI agents from rewriting their permissions
This model becomes especially important when we consider how agents can behave once they are already inside a system—for example, coding agents that, when questioned, either completely ignore a specific guard or attempt to override the permissions granted to them.
"Who is watching the viewer? Zero trust should apply here," Durand says. "If generative AI systems follow your instructions 97% of the time and you just want advice from it, that might be fine. 97% is not good enough if it is responsible for deciding who gets permission."
How to trust AI-generated output at agent speed
The answer to this gap is not to exclude AI from the review process, but to structure reviews so that no agent’s judgment is taken at face value. Since human review cannot achieve the volume and speed of agent output without completely removing the advantage of using agents, a new framework is needed so that when an agent produces work as code, individual agents can evaluate it, provided that those reviewing agents communicate with each other or with the agent they are reviewing. Durand says this is the new human-AI paradigm.
"We will probably have to develop frameworks that we trust without directly seeing or inspecting the output," explains. "This construction is not 100% flawless. However, this is the best we can do to move at agent speed. We can’t trust the exact result, but we can trust the frame."
In practice, this means combining automated verification with clear human accountability for higher-stakes decisions, rather than treating agent output as self-validating.
It is never possible for traditional auditors to review each transaction separately, and statistically valid sampling stands in for a complete audit. The same applies to risk accumulation: a single agent action may carry little risk on its own, while a sequence of actions moving in a sequential direction may exceed the threshold for intervention, including a kill switch that can stop an agent before further damage can occur.
What to ask when evaluating agent identity platforms
There is no narrow checklist for security leaders evaluating identity platforms for agency AI. Enterprises need to evaluate what the full lifecycle of agent management looks like. Most enterprises manage agents on two fronts simultaneously: customer-facing agents acting on behalf of external users and internal agents deployed to automate enterprise processes.
"Pause long enough to understand what it means to provide multiple agents that interact with you both externally and internally," Durand says. "We need discovery and visibility of all agents operating within our property, a place to register them, a standard way to assign custodians, and a policy to enforce and centralize security across the organization."
While basic security principles were already fully understood before the arrival of agent AI, Durand says the cost of moving slowly has finally paid off, giving companies a narrowing window to build the right architecture before widespread agent deployment.
Sponsored articles are content produced by a company that paid for the post or has a business relationship with VentureBeat and is always clearly marked. Contact for more information sales@venturebeat.com.




