Managing Identity in the Age of AI

Last summer in Jackson Hole, Wyoming, something remarkable happened. A group of leading CISOs gathered in the shadow of the Teton Mountains to discuss critical topics in cybersecurity. What started as a typical discussion of our shared identity and access pain points — and what we’re testing as solutions, quickly evolved into something much more significant: a definitive recognition that we can no longer adapt our way to the Identity program we all need. 

Our digital ecosystems have become too broad and complex — and the oncoming wave of agentic AI will fundamentally transform our ecosystems and operations. We stand at a threshold between the cybersecurity practices of the past and the radically different approaches our future demands.

The Moment of Truth

As I led that discussion, we quickly converged on several key points of consensus:

• Identity is the cornerstone of securing our businesses  —  and the key to confident business enablement.
• The conventional identity architecture is inherently limiting  —  because it was never designed for a world of complex hybrid ecosystems, proliferating non-human identities, and agentic AI.
• NIST CSF is the ideal maturity framework for cybersecurity programs  —  but Identity is underrepresented in that framework.
• Security practitioners need prescriptive guidance on what a great Identity program looks like  —  and practical guidance on how to get there from where they are today.

The statistics we're seeing are staggering: 80% of breaches start with compromised identities, and identity-based attacks are increasing 77% year-over-year. But this isn't just about defense — it's about enabling the future of business itself.

Access the new guide Managing Identity in the Age of AI: A practitioner’s guide to the future of identity

Turning consensus into action

From that meeting, we formed the SINET Identity Working Group, committed to filling these critical gaps. Over the past nine months, we've been focused on creating something the industry desperately needs: 

• A practitioner-centric identity reference architecture that provides a prescriptive path to more effectively manage identity and access today.
• A comprehensive maturity model for Identity that we've successfully piloted with several large organizations.
• A roadmap for autonomous identity management that prepares organizations for the AI-powered future.
• A blueprint for driving measured progress toward world-class maturity in identity.

A guide built by practitioners, for practitioners

What sets this guide apart is that it wasn't developed in isolation by academics or standards bodies. This framework has been built, tested, and refined by veteran security practitioners who understand the real-world challenges of managing identity at enterprise scale.

Our unified identity and access system operates on three core principles:

1. Unified data foundation: A single source of truth for identity lifecycle, entitlements, and policy decisions
2. Single control plane: Centralized policy definition and consistent enforcement across all identity systems
3. System of intelligence: Comprehensive understanding of identity and access patterns and associated risks across the entire digital estate

Why this matters now more than ever

We’re looking at an oncoming wave of agentic AI that’s going to drive changes far too big and fast for us to keep up if we continue the adaptation approach — trying to manually adapt conventional tools, identity frameworks, and security architectures to address new challenges.

As these AI agents evolve from simple query-based assistants with read-only access to more sophisticated GenAI copilots with write capabilities, their economic and business value clearly grows. But so does the complexity of managing these AI identities and their access. We’re looking at an entirely new set of challenges in access delegation when AI copilots can modify, move, or delete data on behalf of human users.

The future state sees AI agents making decisions and taking actions without a human in the loop at all. Imagine a future of billions, if not trillions, of AI agents managing critical systems like energy, transportation, and even our food supply. 

Protecting these AI agents from cyberattack will become existential to the future of humanity. Yet, our existing identity systems and the compliance/regulatory frameworks designed to govern them simply weren't built for this.

The choice is clear: Transform now — or face systemic security risks that will leave you chasing the AI revolution from behind.

The path forward

Our guide provides CISOs both direction and accountability: a framework for prioritizing investments and allocating resources to best manage Identity-related risk  —  and a blueprint for driving measured progress toward world-class maturity in identity.

The journey from fragmented identity to unified autonomy begins with understanding where you are today and having a clear roadmap for where you need to go. Our maturity model provides exactly that — a structured progression through five distinct levels, each delivering measurable risk reduction and operational improvement.

A community effort

I'm deeply grateful to Robert Rodriguez from SINET, my team at Oleria and all of the security experts who have participated in this effort — including Antony Abraham from HPE, Heather Adkins from Google, Peter Clay from Aireon, Carey Frey from TELUS, Ramy Houssaini from Cloudfare, Oliver Newbury from Halycon, Matt Thomlinson from Electronic Arts, Kevin Towey from Vimeo, Sandip Wadje from BNP Paribas, Troy Wilkinson and the many others who've contributed their expertise and real-world insights.

This isn't just about releasing a framework — it's about building a community committed to advancing the state of identity security across the industry. I look forward to seeing these tools put into practice and continuing to evolve them together.

Your next step

The challenges we face are universal — shared across departments, industries, and geographies. The fragmented identity landscape, the explosion of non-human identities, and the emergence of agentic AI affect every organization.

Ready to transform your identity posture? The complete guide "Managing Identity in the Age of AI" is now available, providing detailed frameworks, maturity assessments, and practical implementation guidance.

Access the full guide Managing Identity in the Age of AI: A practitioner’s guide to the future of identity

The future of secure business enablement starts with identity. There’s no question you’ll need to address these challenges — but the difference between a reactive or proactive approach will determine the winners and losers of tomorrow’s business world.