AI agents must be treated as identities

An artificial intelligence agent should be logged and governed like a user account, not a background script with a shared key. (sify.com | securityboulevard.com) That shift showed up in April 2026 coverage that applies Zero Trust rules to agentic systems, and in Cisco’s March 23, 2026 RSAC launch for “Zero Trust Access for AI agents.” Cisco said its Duo identity tools let companies register agents, map them to human owners, and enforce task-specific permissions. (sify.com | securityboulevard.com) The basic idea is simple: a human user proves identity before opening a file or app, and an agent should do the same before every tool call, application programming interface request, or data pull. Sify’s April 15, 2026 explainer says agents and sub-agents need unique identities, strong authentication, and continuous checks on behavior, intent, and context. (sify.com) That is a change from older automation, where a bot often inherited one broad service account and kept it for an entire workflow. Will Velida wrote in March 2026 that when an agent shares the same managed identity as an application, the agent also inherits the application’s full database or infrastructure access. (willvelida.com) The pressure to tighten those controls is rising as companies test more autonomous systems. Sify, citing Deloitte Center for Technology, Media and Communications, reported that 25% of companies already using generative artificial intelligence were expected to launch agentic artificial intelligence pilots in 2025, rising to 50% in 2027. (sify.com) Vendors are also building products around that assumption. Cisco said 85% of major enterprise customers are experimenting with artificial intelligence agents, but only 5% have moved them into production, and it tied that gap to access-control problems. (securityboulevard.com) In practice, treating an agent as an identity means recording who owns it, what user or system delegated authority to it, which tools it is allowed to use, and what data it can touch. Cisco said all agent tool traffic in its model is routed through a Model Context Protocol gateway so security teams can see and control those actions. (securityboulevard.com) Detection comes next: security teams need alerts for an agent that suddenly calls a new tool, reads a new dataset, creates sub-agents, or expands its privileges. Splunk’s February 2026 observability update said teams now need monitoring that tracks the performance, quality, cost, and security risks of artificial-intelligence-powered applications as they move from experiments into production. (splunk.com) Splunk’s own platform already organizes access around identities, roles, and capabilities, which is why security teams are adapting those same fields for agents. Splunk documentation says roles define what a subject can do, while Enterprise Security lets administrators manage identity fields that can be merged and tagged across records. (help.splunk.com | help.splunk.com) The argument is not that agents are people. It is that once software can initiate payments, run searches, fetch dashboards, execute searches, or call outside tools on its own, the safer default is to treat that software as a named actor with bounded permissions and a full audit trail. (sify.com | help.splunk.com)