Identity security warning as AI agents fuel cyber risk

Security executives are using Identity Management Day to warn organisations about growing threats linked to digital identities. Their comments highlight rising risk from AI agents, machine identities and credential-based attacks.

Experts from Delinea, WatchGuard Technologies, Ping Identity and ClickHouse describe a rapid shift in cyber risk away from perimeter defences and towards identity. They point to AI-driven agents and machine accounts as emerging pressure points in enterprise security architectures.

Delinea Chief Executive Officer Art Gilliland said non-human identities now sit at the centre of many emerging threats. He argued that many organisations still treat AI systems as simple tools rather than as users with elevated access.

Gilliland said Australian organisations report high levels of readiness for AI but acknowledge that controls over identities linked to these systems remain immature. He warned that this gap creates hidden weaknesses inside corporate environments.

"Identity doesn't stop at people. Non-human identities, particularly AI agents, are quickly becoming one of the biggest sources of enterprise risk. Despite 83% of Australian organisations claiming they're ready for AI-driven automation at scale, 40% admit their identity governance for AI systems falls short. The problem is relatively simple but often overlooked: teams are still treating AI agents as tools, when they actually behave like privileged users. This creates the 'AI security paradox', where organisations are scaling their AI initiatives faster than they control which identities get access to what. Dangerous blind spots can form as a result, hiding unchecked privilege, quiet access paths, and little accountability for actions. The pressure to move fast on AI is real, but so is the need to lock down identities. As AI agents continue to multiply across enterprise environments, identity can't be viewed as just another part of security; it must be treated as the overarching control plane," said Art Gilliland, Chief Executive Officer, Delinea.

Gilliland's comments reflect a broader industry concern that AI rollouts have outpaced foundational governance. Security teams now face the task of inventorying and monitoring agents that can log in, move data and trigger processes autonomously.

Attackers logging in

WatchGuard Technologies sees a similar pattern on the adversary side. Anthony Daniel, Managing Director for Australia, New Zealand and the Pacific Islands, said attackers increasingly use legitimate credentials instead of exploiting software flaws.

He described a threat environment in which malware and intrusion tools are designed to avoid detection by blending into normal traffic and encrypted sessions. This puts more emphasis on signals derived from identity behaviour than on traditional perimeter alerts.

"Most cybercriminals don't hack into systems anymore, they simply log in. Attackers are increasingly exploiting identity to gain access, using stolen credentials, encrypted channels and legitimate tools to blend into trusted environments. Once inside, they move laterally across systems without raising alarms, rendering traditional defences ineffective. As highlighted in WatchGuard's Internet Security Report, there has been a 1,548% surge in new, unique malware alongside a rise in threats designed to evade detection. With 96% of malware now delivered over encrypted channels, visibility is shrinking while attacker capability continues to grow."

"This Identity Management Day, organisations need to shift the conversation from access management to identity risk management. That means continuously assessing behaviour, context and intent, and connecting identity with endpoint and network signals to detect compromise earlier. In an environment where attackers can appear indistinguishable from legitimate users, identity is no longer just part of the attack chain, it is where it begins and where it must be controlled," said Anthony Daniel, Managing Director, Australia, New Zealand and the Pacific Islands, WatchGuard Technologies.

Daniel's remarks underline a shift from one-off authentication to continuous analysis of how an identity behaves once inside a network. He linked this to the need to correlate identity with endpoint and network data.

Continuous trust

Ping Identity Chief Information Officer John Cannava made a similar case for continuous enforcement. He said AI and agentic systems are changing assumptions about where security boundaries sit.

He also pointed to growing interest in zero trust and decentralised models as organisations move away from centralised identity stores and static trust decisions.

"From an IT leadership perspective, Identity Management Day takes on new urgency this year as both individuals and organisations are managing human identities while also governing AI as it takes on increasingly agentic roles. The impact AI will have on identity will likely be far greater than we anticipate, which means our approach to security has to evolve in lockstep."

"In this new reality, the login is no longer the primary security boundary - access must be continuously evaluated and enforced. In agentic systems, risk doesn't end at sign-in; it evolves dynamically at runtime as users and systems interact. Identity can no longer be verified once and trusted indefinitely. It must be continuously evaluated at every high-impact action."

"That's why approaches like zero trust and decentralized identity are becoming critical to reducing risk while still enabling the business to move quickly. As AI-driven attacks increasingly target centralised data and try to imitate legitimate users, organisations need to move away from single points of failure and verify every access request in real time, no matter who or what is behind it. This requires rethinking identity across both workforce and customer environments."

"As the way we work continues to change, the focus has to be on securing the workforce, maintaining customer trust, and delivering digital experiences that are both seamless and secure. The future of identity will depend on how well we adapt to this more dynamic, continuous model of trust," said John Cannava, Chief Information Officer, Ping Identity.

Cannava's comments suggest that both employee and customer access flows require redesign. He emphasised runtime context and repeated checks around sensitive actions.

Mergers and machine IDs

ClickHouse Area Vice President Sales for APAC Paul Davis focused on changes in the vendor landscape and the rise of machine identities. He cited recent acquisitions in the identity sector as evidence that security vendors now treat identity as a distinct discipline.

Davis also highlighted examples of AI-based fraud and the scale of non-human identities interacting with corporate systems. He argued that data infrastructure now sits at the centre of efforts to observe and verify identity behaviour at scale.

"The identity security market has matured significantly over the past year, with Palo Alto Networks completing its $25 billion acquisition of CyberArk and CrowdStrike picking up SGNL for $740 million, which signals that the industry now treats identity as a standalone discipline rather than a feature within a broader security stack. The landscape driving that shift is clear: machine identities vastly outnumber human ones, credential-based attacks have overtaken traditional malware as the preferred method of entry, and AI-generated identity fraud is already playing out at scale, as we saw recently where fabricated documents were allegedly used to secure roughly a billion dollars in fraudulent loans."

"The emergence of agentic identity security adds another dimension to all of this. AI agents are now accessing systems, making decisions, and acting on behalf of organisations, and the identity conversation has expanded from how we authenticate users to how we ensure an agent gets precisely the access it needs and nothing more, while continuously verifying it stays within those boundaries. Doing that well requires real-time correlation of identity events across your SSO provider, cloud IAM, application logs, and privileged access tools at a speed and scale that most traditional SIEM platforms weren't designed to handle, which is where a platform like ClickHouse comes in."

"As a high-performance data platform powering workloads across real-time analytics, data warehousing, observability, and AI/ML, ClickHouse gives teams the analytical infrastructure to retain every identity event at full granularity and query it in real time. On our own cloud platform we support enterprise SSO with SAML and just-in-time provisioning, granular role-based access at every layer, and integrations with providers like Okta, Azure AD, Google Workspace, and Duo, and through our recent acquisition of Langfuse, the open-source LLM engineering platform, we also provide observability and evaluation for agentic systems so teams can monitor whether their AI agents are operating within the access boundaries they've been set. Protecting identities in 2026 means protecting every identity: human, machine...and agent," said Paul Davis, Area Vice President Sales - APAC, ClickHouse.

The executives agree that identity now sits at the heart of both attack techniques and defensive strategies. They also emphasise that this extends beyond human users to a wide range of automated agents and machine accounts that touch sensitive data and systems.