What tactics are you using to improve machine identity management or control? Have you adjusted your approach at all to address adoption of tech such as AI agents?

Machine identity OR Service Account governance is extremely important strategy not only for current running eco system but equally critical for adoption of Agentic AI based framework and modern digital eco system. To address new challenges, we prefer core foundational governance framework, policies, guardrails should be in place.

The concept of machine identity management isn't new; it's a scale issue. The proliferation of identity management tools is overwhelming, with IAM, IGA, PAM, and secrets management all requiring convergence into a single management interface. The emergence of AI security solutions, particularly with the rise of generative AI, has been rapid. But the move towards agentic AI presents a more complex problem that still needs addressing.

The emphasis on non-human identities has increased. We're exploring new tools like SailPoint's machine identity module and CyberArk's privileged access management solutions. Although we haven't yet solidified a comprehensive strategy, our GRC, security engineering, and AI security teams are collaborating to address this challenge. We are also developing our strategy for AI security, since this journey is just beginning.

We’ve absolutely made adjustments — machine identity management is the next frontier in managing attack surfaces both internally and externally. We've developed internal models, primarily LLMs, but the widespread adoption of AI outside our perimeter has necessitated an expansion of our cyber risk assessments. We are focusing on governance from a people, process, and technology standpoint. The key is understanding data movement, implementing appropriate controls, and treating AI-enabled applications uniquely, as they differ from traditional applications. Our security strategy is evolving rapidly to accommodate these changes.