{"id":279809,"date":"2026-06-23T10:00:00","date_gmt":"2026-06-23T14:00:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/06\/23\/no-more-blind-trust-identity-controls-for-ai-agents-resource\/"},"modified":"2026-06-23T15:20:10","modified_gmt":"2026-06-23T19:20:10","slug":"no-more-blind-trust-identity-controls-for-ai-agents-resource","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/06\/23\/no-more-blind-trust-identity-controls-for-ai-agents-resource\/","title":{"rendered":"No more blind trust: Identity controls for AI agents | resource"},"content":{"rendered":"<p><a href=\"https:\/\/www.scworld.com\/resource\/no-more-blind-trust-identity-controls-for-ai-agents\">No more blind trust: Identity controls for AI agents | resource<\/a><\/p>\n<p><a href=\"https:\/\/www.scworld.com\/resource\/no-more-blind-trust-identity-controls-for-ai-agents\">https:\/\/www.scworld.com\/resource\/no-more-blind-trust-identity-controls-for-ai-agents<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-06-23 10:00:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.scworld.com\">www.scworld.com<\/a><\/p>\n<p>AI agents are starting to do real work inside the enterprise. Think of a product manager querying Anthropic&#8217;s Claude to draft a launch-readiness summary. Or a developer asking an agent in Cursor or VS Code to check deployment status.Users rarely see most of the transactions happening underneath, and that&#8217;s a problem. The handshake between an AI agent and the enterprise application typically happens outside the view of the IT and security teams responsible for governing it.&#8221;There&#8217;s a lot of stuff we&#8217;ve been doing for years that we&#8217;ve gotten away with because of the scale that&#8217;s happened,&#8221; says Aaron Parecki, Director of Identity Standards at identity and access management provider Okta. &#8220;A lot of the stuff around AI is new, but at the same time, it&#8217;s not actually that it&#8217;s new; it&#8217;s just happening faster.&#8221;For years, static API keys and standing privileges were an acceptable trade-off: clunky, but manageable. AI agents have changed that math.The volume and speed of machine-to-machine requests hitting enterprise applications now outpaces what those legacy controls were built for, and the gap between what security teams can see and what&#8217;s happening has widened into a real blind spot.<\/p>\n<h2>The visibility gap<\/h2>\n<p>When an AI agent requests data from an enterprise app on a user&#8217;s behalf, it gets there through OAuth, the open identity protocol behind most enterprise login and authorization flows. Somewhere in that flow, the user logs into the organization&#8217;s identity provider; a routine sign-in is what shows up in the admin&#8217;s logs.What the logs don&#8217;t show is the next step: the app granting an access token to the agent itself.That connection was not negotiated through the enterprise identity provider, so it never surfaces in the admin&#8217;s view.A handful of more sophisticated applications build their own visibility tools so their administrators can see which agents are granted access. But most don&#8217;t. Even where the data exists, it&#8217;s scattered application by application, rather than&#8230;<br \/>\n<br \/><a href=\"https:\/\/www.scworld.com\/resource\/no-more-blind-trust-identity-controls-for-ai-agents\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>No more blind trust: Identity controls for AI agents | resource https:\/\/www.scworld.com\/resource\/no-more-blind-trust-identity-controls-for-ai-agents Publish Date: 2026-06-23&#8230;<\/p>\n","protected":false},"author":1,"featured_media":279811,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/files.cyberriskalliance.com\/wp-content\/uploads\/2026\/06\/AdobeStock_2028791751-scaled.jpeg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26],"class_list":["post-279809","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/279809"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=279809"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/279809\/revisions"}],"predecessor-version":[{"id":279813,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/279809\/revisions\/279813"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/279811"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=279809"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=279809"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=279809"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}