AI agents introduce a critical security gap when connecting to legacy enterprise systems, known as the 'agentic last mile identity problem'. This summary explains how losing user identity, context, and delegation breaks zero-trust principles and outlines a solution using a policy-driven vault to manage access and issue short-term credentials.
Grant Miller from IBM explains Agentic Consent, a dynamic framework for governing AI agents. The model moves beyond static permissions, using identity, context, and just-in-time user prompts to ensure AI agents act with, not instead of, their human counterparts, enabling trust and safety as autonomy scales.
This session from Okta and Auth0 introduces a comprehensive framework for securing AI agents, covering identity establishment, delegated API access via Token Vault, user consent for risky operations using Asynchronous Authorization (CIBA), and integration with MCP servers.
A deep dive into the security vulnerabilities of Multi-Context Protocol (MCP) for AI agents. The talk explores how identity loss, "all-or-nothing" permissions, and disappearing audit trails create significant attack surfaces, and presents solutions like identity chain tracking, context-aware permissions, and intelligent auditing to secure agent-to-tool communication.