Episode 180 - GluuFederation/identerati-office-hours GitHub Wiki

Title: When AI Agents Take the Lead, Who Do They Become?

Channels

Description

Agentic AI is moving from recommendation engines to autonomous actors—booking flights, moving money, and making decisions on our behalf. In this episode, we unpack what changes when AI doesn’t just advise, but acts with intent across identity, payments, and enterprise workflows. Using real-world examples like AI-driven financial assistants, we explore why authorization, accountability, and trust become the hardest problems to solve. We’ll examine emerging risks—from agent impersonation to injection attacks—and why traditional machine-to-machine authentication is no longer sufficient. Finally, we’ll discuss what a trustworthy architecture for agentic AI looks like, and how identity must evolve to keep humans provably in the loop.

Homework

Takeaways

  • ⚡ AI agents don't complete tasks, they complete missions! Agents may pivot, spawn sub-agents, or access new systems. This expands the attack surface and invalidates some traditional security assumptions.

  • ⚡ Delegation + weak identity foundations = systemic risk. Without strong, verifiable identity and intent binding, agents can misbehave, be hijacked, or misuse downstream systems—amplifying existing fraud, API abuse, and supply chain risks at machine speed.

  • ⚡ Intent is hard to express—and harder to preserve. Even if human intent is captured and signed, propagating and enforcing that intent across distributed systems (agents → APIs → microservices) remains unsolved.

  • ⚡ Governance failure—not technology—is the primary bottleneck. Effective security requires treating it as a business imperative and prioritizing high-risk areas. But the norm in many enterprises is organizational complacency, reticence to fix legacy systems, checklist compliance, misaligned incentives, weak governance and ultimately security abdication. Or one could say "chaos" from a governance perspective.

Livestream Audio Archive

here