In 2026, enterprise developers are rapidly creating and deploying advanced AI agents. The pressing challenge now is how to secure these agents effectively.

Many vendors face significant hurdles in this space. Traditional identity and access management (IAM) tools were not designed to manage the complexities of agentic AI. Furthermore, the proliferation of both sanctioned and shadow AI agents is creating unprecedented governance and security vulnerabilities, which could have severe repercussions for organizations.

While major cloud platforms like Okta, Ping Identity, and Microsoft’s Entra ID are competing to address these challenges, Curity, a Swedish company, asserts that traditional IAM methods are inadequate for securing AI agents. This week, Curity has introduced Access Intelligence, an extension of its existing API IAM platform, Identity Server.

Redefining IAM for AI

The primary issue at hand is that conventional IAM tools operate under the assumption that applications are accessed by human users or machine identities, governed by a singular authentication process. However, AI agents function differently; they execute lengthy chains of actions at remarkable speeds, making their access needs ephemeral, complex, and unpredictable. Over-restricting their permissions can halt their functionality, while too lenient access can lead to security breaches.

Curity proposes a novel solution by treating AI agents as a distinct type of application. Like traditional applications, agents communicate via APIs and are credentialed using OAuth tokens. Through its innovative feature, Token Intelligence, Curity enhances the role of OAuth tokens beyond mere access permissions to include information about the agent's intended purpose. This means that access to resources is granted based on the specific, defined purpose of each agent.

Dynamic Access Control

Unlike traditional methods that rely on static permissions, Curity allows for dynamic access control. Each action requested by an agent generates a unique token that details the required access. When an agent begins a new task, it requests a new token with a different set of permissions. In high-stakes scenarios, such as fund transfers, human authorization may be mandated.

Jacob Ideskog, Cofounder and CTO of Curity, emphasized, “Curity has always been application-centric. Our focus has always been on how we broker access.”

Innovative Security Strategies

Currently, agent security strategies fall into several categories, including traditional inline methods like API gateways and web application firewalls (WAFs), as well as out-of-band systems that assess intent by analyzing agent behavior against established baselines.

In contrast, Curity’s Access Intelligence functions as a self-hosted microservice, acting as a sophisticated IAM layer that all agent requests must navigate. Ideskog pointed out, “Just because we allow an agent to perform an action now doesn't mean it should be permitted to do so a moment later.”

Access Intelligence employs centralized token validation from Identity Server, enabling developers to initiate agents or APIs without the need for prior registration. This validation is crucial for agents to interact meaningfully with real-world actions.

Comprehensive Security Solutions

The emergence of solutions like Access Intelligence signals that vendors are beginning to tackle the issue of agent security, often by expanding existing API security platforms. However, this raises the question of which method to adopt.

Ideskog cautions against viewing the various security strategies as mutually exclusive. He believes that Curity’s Access Intelligence can complement other security layers, underscoring that no single solution can address the entire spectrum of security needs.

“Until now, the IAM industry has concentrated on identity. The critical issue is access. Enterprises are posing questions to their privilege access management (PAM) vendors regarding their strategies for agent security, and I believe PAM vendors currently lack robust answers,” he said.

In summary, as AI agents become increasingly prevalent in enterprise environments, the need for innovative security solutions like Curity’s Access Intelligence becomes ever more critical to safeguard operations and maintain governance.

Source: InfoWorld News