Tokenless

Non human identity

Agentic Runtime Security Explained: Securing Non‑Human Identities

Agentic Runtime Security Explained: Securing Non‑Human Identities

Agentic AI introduces a massive number of non-human identities that traditional, human-centric Identity and Access Management (IAM) systems are not equipped to handle. This creates significant security gaps, including lack of accountability, overprivilege, risky delegation, and the dangerous 'last mile' problem. The solution lies in adopting a Zero Trust approach with five key imperatives: registering all agents, stripping static privileges for just-in-time access, tying actions to intent, enforcing security at the point of use, and proving control through comprehensive audits. Implementing this requires a combination of orchestration, governance, and unified observability across security, IT, and development teams.

Securing AI Agents with Zero Trust

Securing AI Agents with Zero Trust

This post explores how to secure modern agentic AI systems by applying the core principles of Zero Trust. It details the unique attack surfaces of AI agents, such as prompt injection and model poisoning, and outlines a comprehensive security architecture including non-human identity management, AI firewalls, and the critical role of human oversight.

Securing AI Agents

Securing AI Agents

Jason Martin of Permiso Security discusses the exponential rise of AI agents in enterprises and the urgent security challenges they present. He covers the concept of Non-Human Identity (NHI), applying Zero Trust principles to ephemeral and over-permissioned agents, and outlines key attack vectors like prompt injection and data poisoning, while also exploring the potential of defensive AI to enhance security operations.