Risky Bulletin Sponsored: AI Agents need distinct identities
Mar 1, 2026
Harish Peri, SVP and GM for AI security at Okta, leads identity and access strategy for AI agents in enterprises. He discusses how agentic systems force firms to relearn identity basics. He highlights the need for distinct agent identities, fine-grained authorization, token theft risks, and challenges from ephemeral agent swarms and agent-to-agent calls.
AI Snips
Chapters
Transcript
Episode notes
Agents Are First Class Identities
- Agentic AI requires treating agents as first-class identities rather than ad-hoc scripts.
- Harish Peri explains agents need distinct identities because they live in the application layer and decide tool access autonomously.
Audit Trails Must Separate Agent Actions
- Regulators will likely require auditability separating agent autonomous access from user-driven access.
- Harish predicts reporting will ask for aggregate data showing what agents accessed autonomously versus on behalf of users.
AI Forces Firms To Relearn Identity Basics
- Identity basics haven't been practiced closely and AI forces teams to relearn fundamentals like OAuth and token exchange.
- Harish jokes about creating a course or ChatGPT to teach identity basics because companies 'forgot' them over the last decade.