Episode 145 - GluuFederation/identerati-office-hours GitHub Wiki
Title: Breaking Identity With AI Agents
- Host: Mike Schwartz, Founder/CEO Gluu
- Guest: Arnaud Lacour, Head of AI & Disruptive Programs, Ping Identity
- Guest: Richard Bird, Chief Security Officer, Singulr.ai
Channels
Description
Dive into the emerging challenges of AI identity, access, and accountability, especially for agents that can act on behalf of humans. Persona shadowing? Capability tokens? Delegation chains? How can AI agents act on our behalf while preserving traceability and least-privilege access? We'll discuss some of the standards (or lack thereof), especially OAuth, WIMSE, OpenID, FIDO and others. Finally, we’ll connect all this to the upcoming Agentic Internet Workshop — a neutral space for protocol innovators to collaborate on agent identity solutions--at the Computer History Museam in Mountain View, CA... be there are be square!
Homework
-
Identity for AI: Who Are Your Agents and What Can They Do?, blog by Michael Grinich of Workos
-
Agentic Internet Workshop - Get your tickets now!
Takeaways
-
⚡ Agent identity taxonomy -- what does the agent do and how does that change over time. There are a wide array of agents with different capabilities (science fiction analogy: is it an "Agriculture-bot" or a "Security-bot")--different risk and policies are required based on the type of agent you are governing.
-
⚡ Shoe-horning agents into existing identity goverance platforms won't work, and it will cost you a bunch of money as the numbers of identities grows exponentially.
-
⚡ The tech industry is under huge pressure to deliver AI security (weeks/months). But the time for consensus and careful engineering of new standards really be accelerated? If so, by how much?
-
⚡ Tokens themselves aren't the problem. What we need are new types of tokens, new flows to obtain tokens, and new trust frameworks to enable consumption of tokens across domain boundaries.