Our vision for the future of identity security? It’s already in motion.

From Day 1 at Oleria, we’ve been committed to reimagining identity by building a completely new foundation — and drawing the industry toward our vision for the future of identity.

Our approach is unique, too. We’re building a solution that addresses that heart of the pain operators experience on a day-to-day basis. We should know — we are operators. 

But to ensure that we’re meeting our colleagues' needs, we’ve shared our approach with some of the most respected names in security and tech. They are visionaries in their own right who have indicated their alignment with our vision for the future of identity — and their support has been invaluable as we build something truly transformative. 

So, what is that vision, exactly? I’ll start by highlighting the problems we can all agree on — and then share what we believe the future of identity looks like.

What we know: Conventional identity security can’t keep up

Let’s be blunt: the approaches most companies use to manage identity security simply were never designed to handle the speed, scale, and complexity of today’s digital environments and operations.

Organizations are struggling to get their arms around ever expanding technology estates that have them juggling disparate systems and tools to manage human and non-human identities across SaaS, cloud, and on-premise applications and infrastructure — many of which typically have their own identity system embedded in the service. 

Perhaps most notably, burgeoning automation and accelerating AI adoption means non-human identities (NHIs) now outnumber human employees by as much as 80:1. Enterprises have policies that are supposed to help them protect and manage this identity sprawl — but without clear visibility, they have no way to know if those policies are actually being followed across all of their systems on a day-to-day basis.

This expansion and fragmentation of the identity ecosystem happened organically as organizations prioritized business acceleration, innovation, and enablement. But it’s created huge blind spots and control gaps around identity and access. 

Security teams are valiantly working to adapt their current toolset to patch these gaps and manually orchestrate the fragmented identity ecosystem. They’re layering point solutions for  Identity Governance and Administration (IGA), Privileged Access Management (PAM), and Just-in-Time (JIT) access onto their security stacks. But this layering can add to the fragmentation problem — and as the speed and scale grows, this manual adaptation and orchestration is proving frustratingly slow and difficult. It can feel like a chaotic, never-ending game of whack-a-mole, keeping security teams from focusing on other strategic initiatives.

Advancing autonomy demands a fundamentally new approach

Now, we’re looking at an oncoming wave of agentic AI that’s going to drive changes far too big and fast for us to keep up if we continue the adaptation approach — trying to manually adapt conventional tools, identity frameworks, and security architectures to address new challenges. 

As these AI agents evolve from simple query-based assistants with read-only access to more sophisticated GenAI copilots with write capabilities, their economic and business value clearly grows. But so does the complexity of managing these AI identities and their access. We’re looking at an entirely new set of challenges in access delegation when AI copilots can modify, move, or delete data on behalf of human users.

However, the real stress test comes with truly autonomous agents — that future state that sees AI agents making decisions and taking actions without a human in the loop at all. Imagine a future of billions, if not trillions, of AI agents managing critical systems like energy, transportation, and even our food supply. How do CISOs ensure these AI agents’ decisions align with policies and regulatory obligations when they’re moving at machine speed and scale? 

Protecting these AI agents from cyberattack will become existential to the future of humanity. Yet, our existing identity systems and the compliance/regulatory frameworks designed to govern them simply weren't built for this; they offer no good answers.

But these rapidly expanding limitations aren’t true barriers; they’re the definitive spark for innovation. We need to move from incremental adaptation to fundamental revolution in how we think about and build enterprise identity security.

Where we started: Solving the huge blind spots around identity and access

These are the pains and needs that my co-founder, Jagadeesh Kunda, and I felt during our time as security operators. We deeply understood that identity was at the core of Zero Trust — and it needed to be managed with precision and real-time insight, not manual processes and clicks/keystrokes. We also recognized that conventional tools weren’t built to cover the complexity and scale of today’s digital environments, or the speed and nuances of today’s identities (NHIs and AI). 

That’s exactly where we started with Oleria: Showing you all the identity risk that exists across your entire environment — every identity, every app, every piece of cloud infrastructure. It’s a completely unprecedented level of breadth and depth.

More than “more data”: Context-aware risk remediation

Here’s something that drove me nuts as a CISO: too many security tools stop at visibility. They give you a “holy s&%#” report that shows you risks you were missing — but lacks the context, interpretation, or implications for you to understand, prioritize, and act on that information. 

Over time, these context-less alerts have a numbing effect. The point: more data without context just becomes more noise.

So, from Day 1, we engineered Oleria to go beyond just more data, delivering three critical things: 

1. Granular integrations that unlock the rich context around identity and access activities to fully understand the risks it uncovers. 
2. Context-aware insights that machine the intuition of experienced security practitioners, providing a more reliable signal of the risks that matter most.
3. Remediation workflows that make it fast and easy to fix those risks directly from Oleria. 

But those unique capabilities are just the first phase of Oleria’s vision. To be scalable and sustainable, identity security has to become more proactive, adaptive, and intelligently automated. This starts with policy. Not just having policies, but having assurance that those policies are working everywhere, all the time.

Defining a new standard: A unified architecture for identity and access management

Let’s acknowledge a frustrating reality: those multiple identity systems aren’t going away — not soon, and likely not ever. But the core of our vision is a system that unifies and orchestrates a multitude of identity systems to deliver consistent enterprise-wide security outcomes — a world where you don’t have to manage dozens of disparate identity systems in isolation. 

To get there, we’re driving an architectural shift that stems from a core observation: vendors often build solutions without a deep understanding of customer challenges. So, as a founder, I’m taking a different approach. Last summer, while speaking to a group of leading CISOs, I posed a question: was there interest in building a practitioner-centric reference architecture for identity? 

The answer was a resounding yes, and over the past ten months, I’ve led a working group helping us shape a new standard: a unified architecture that brings all your identity information together into a single data platform or fabric. (I’ll have much more to share soon — including new resources on this architecture.) This allows you to reason about identity across your entire enterprise estate from one central command point, finally giving you the control you’ve always needed.

From total visibility to total control: Empowering confident security

That’s where Oleria is making huge strides. We’ve engineered Oleria as a unified system that acts as a “system of intelligence” — a comprehensive store of all your identity data in one place delivering total visibility that allows for better analysis and decision-making. 

This total visibility and control enables operators to ensure that all their identity policies and best practices are working for them everywhere, everyday. For example, that all human identities are using strong, phish-resistant multi-factor authentication — or that all your non-human identities and AI agents are using strong credentials that have been recently rotated.

This isn’t just about spotting problems — it’s about making security an enabler for your business to move and accelerate with confidence.

AI transformation demands identity transformation

This “security as an enabler” idea has come into the spotlight as we look at how to accelerate the much-hyped AI transformation of business. It’s very clear that our existing frameworks cannot keep pace with AI’s speed and scale. You can continue down the path of adapting those conventional frameworks — relying on human processes as the ‘glue’ to bridge the gaps. But this isn’t only an incredibly risk-laden approach; it’s too slow.  

Accelerating the AI transformation demands a transformational approach to identity. If you want to be one of the fast-moving companies that grabs the first-mover advantages of enabling truly autonomous AI agents, you need to be focused on these three things today:

1. Establish a robust identity security program: Build a unified system for all identities and access (like what we’ve built with Oleria) to ensure consistent policy enforcement and move toward automated lifecycle management across your entire digital estate. This is the strong foundation you need to securely scale agentic AI.
2. Gain full visibility and control over non-human identities: Close your existing NHI blind spots before AI agents proliferate and amplify the problem. Inventory all your NHIs, understand their exact access, and ensure you can monitor their actions. This control is non-negotiable if you want to be able to mitigate agentic AI risks.
3. Assess your readiness for AI copilots & agents: Proactively evaluate your identity security with agentic AI’s unique capabilities and risks in mind. Can you develop dedicated identity lifecycles for AI agents? Do you have the ability to implement granular authorization based on an AI agent’s function? Are you able to continuously audit AI actions — including when those actions are fully autonomous?

These are practical steps to help remove security bottlenecks and turn what today looks like a daunting challenge into tomorrow’s strategic advantage. Moreover, these are proactive steps you need to be taking now if you want to have the agility and speed to move quickly on your organization’s AI ambitions. 

Built by security operators — for security operators: This the future we’re forging, together

Looking ahead, we envision a future that sees organizations ready and able to capture the full, transformative potential of dynamic, non-deterministic AI agents — because they have the foundational confidence in their ability to see, manage, and protect all identities (human, non-human, and AI). This future sees agentic AI operating seamlessly within well-defined and continuously enforced boundaries, and security teams freed from manual identity orchestration and administration. 

This future is practical, achievable, and within reach. Moreover, this vision isn’t just Oleria’s anymore. We’ve vetted it with industry leading CISOs and security visionaries. Together, we’re collectively leading the industry toward a new approach and a new architecture that reimagines identity as the non-negotiable key to secure business enablement — propelling us confidently into the AI age. That’s the future we’re forging, together.

Join the conversation on LinkedIn