We’re on the cusp of the most disruptive workforce transformation since the Digital Revolution.
Soon, human employees will oversee swarms of agentic subordinates purpose-built for specialized tasks and workflows, from scheduling meetings to drafting emails to booking travel for the next industry conference.
This shift will drive an order-of-magnitude increase in distinct identities businesses will be required to safely and securely manage. You don’t need an advanced mathematics degree to understand how even a company with a few dozen human employees—each supported by a network of agents operating on their behalf—can quickly spiral into an identity quagmire.
The unvarnished reality is that most customers I speak with are simply unprepared for this identity imperative. The good news: they still have time, and they don’t have to reinvent the wheel. Technologies like access controls and decentralized identity management already exist, built on well-established standards such as OAuth and OpenID Connect. These frameworks form the backbone of delegated authorization in agent systems, and initiatives like Model Context Protocol (MCP) build on these identity layers to help standardize how agents access tools and services.
In the meantime, how can businesses evaluate their current identity strategies to ensure agents aren’t simply an afterthought?
If you think machine identity is enough, think again
I often ask customers how they plan to manage identities for their agents, and the most common response I get is some version of: “Agents are just machines, and we already use API keys for machine-to-machine identity.”
But the moment I ask whether these API keys give them visibility into who granted their agents access, how long that access was for and what systems, applications or data they were permitted access to, the room gets uncomfortably quiet.
Yes, machine-to-machine identity authenticates and authorizes traditional non-human personas, devices or entities to securely interact and communicate with each other. But the blunt truth is treating generative AI agents like traditional machines is like assuming a hurricane is just high winds—a disaster waiting to happen. Why? Because agents aren’t traditional machines at all.
Consider how many of our customers use API keys to connect their applications to our platform, such as sending SMS OTPs through Twilio Verify. This works when a human initiates an unambiguous action, like login verification.
But handing that same API key to a large language model (LLM), one defined by autonomous actions and generative workflows, suddenly the need to understand and explain every inference and the ‘delegated authority’ behind it becomes crucial—scoped access, time constraints, explicit consent and a clear audit trail all anchored to a valid user.
And that’s the root of the problem: API keys simply lack the observability required to know if an agent is staying within its guardrails or meandering outside of them. Without auditability, businesses incur an accountability tax—one that makes it both impossible and potentially costly to answer even the most basic questions about agent behavior. Not to mention as MCP servers are now the primary permission boundary for agents, API keys feel even further out of place.
Avoid the governance gap and pitfall of one-time verification
Let’s say it’s everyone’s favorite time of year: annual performance reviews. You manage five employees, so you task an agent with reviewing their calendars to understand the projects they worked on and people they collaborated with over the year, then draft and send feedback requests.
For this to work, the agent must know exactly what permissions it has—access only those five calendars—and for what period of time—only the previous 12 months. But what if the agent doesn’t just request feedback, but submits ratings on your behalf? Or uses those ratings to recommend promotions or performance improvement plans? Without real-time observability and role-based governance policies, human resources might assume you authorized the action or you may assume they did.
In the absence of identity standards or regulations, businesses must take the reins of accountability for clearly defining their agent-based policies and ensuring those are worked against, not around. The right governance model will depend entirely on each organization’s specific goals and, most significantly, its appetite for risk.
At the same time, identity must evolve beyond one-time logins and shift toward continuous, behavior-based verification. Most of us can think of a half-dozen applications where we signed in years ago and never left. Yet many businesses are wary that ‘continuous’ means friction—a customer recently disclosed that their onboarding flow only asks consumers for a name and email due to abandonment fears.
Instead, modern identity must be influenced by dynamic, real-time intent of both human and non-human users—multimodal signals, context change, time-bound consent—and how their behavior aligns with task-specific controls throughout the workflow. And all this must be done silently, passively and without interruption.
There’s a potentially fatal flaw in our current security frameworks: a dangerous assumption that agents will voluntarily identify themselves. While an identity solution governs "good" agents that follow the rules, it leaves a massive blind spot for malicious or "shadow agents" that simply choose to bypass the authentication layer altogether.
For CISOs and broader security teams, identity is no longer a sufficient gatekeeper; the true risk lies in the traffic that refuses to check in at reception. To secure the modern enterprise, we must shift from identity (who they claim to be) to agentic observability (how they actually behave). By fingerprinting the unique, non-linear patterns of autonomous agents, we need real-time detection and policy enforcement of every entity hitting an API or UI, ensuring that anonymity is no longer a loophole for exploitation.
Rewriting identity for the digital workforce
Few organizations today would grant employees network access without proper identity and authorization, yet many are facing this exact conundrum as more agents begin to onboard.
In these early stages, when common identity standards are still emerging, agent-specific solutions remain limited and internal development bandwidth is often scarce, businesses must prioritize observability and governance, embrace continuous, real-time verification and reject the illusion that traditional machine identity is enough.
I have no doubt we’re not far from a world where identity will work the same for humans, machines and agents. Until then, organizations need to ask themselves: Are they really in control?
