The push to adopt AI agents is still strong. Although only few organizations talk about their approach publicly, especially large organizations are moving from experimentation into production. What is missing, though, is a public discussion about Agentic AI security when these new systems access your corporate network and business systems.
Especially verifying agents’ identity, treating trust as a sliding score, and building the infrastructure needed to run agents safely move to the forefront. But how can you protect agents with verifiable IDs, transaction-level controls, and clear strategy? I recently invited Tim Williams, CEO & Co-Founder of AstraSync AI, to join me on “What’s the BUZZ?” and discuss how leaders can best secure their Agentic AI deployments.
Why Agent Identity Matters More Than You Think
AI agents operate nonstop, make many decisions per minute, and can spawn sub-agents. Unlike humans, they leave no biometric fingerprint and can change or delete audit trails. That means identity for agents isn’t a nice-to-have and rather a core control.
Start by thinking beyond the existing username/password or long-lived token model. Those are the exact things attackers are exploiting today. Agents need cryptographically tamper-resistant identifiers that can be resolved quickly and independently of any single vendor. That kind of identity lets you answer three questions instantly:
Who created this agent?
Who is responsible for its actions?
What authority was granted?
Map where agents will interact with sensitive systems, stop giving permanent credentials to agents, and require verifiable identities attached to every session. Treat agent identity as a compliance control, requesting to log it, validate it, and block any persistent tokens that bypass your short-lived approvals.
ONLINE COURSE — Mitigate AI Business Risk
Business leaders are under pressure from their boards and competitors to innovate and boost outcomes using AI. But this can quickly lead to starting AI projects without clearly defined, measurable objectives or exit criteria.
Learn how to implement proven risk mitigation strategies for starting, measuring, and managing AI projects. Along the way, get tips and techniques to optimize resourcing for projects that are more likely to succeed.
One of the most important shifts is that trust for agents must be graded, dynamic, and transaction-focused. Human trust models often assume a binary decision—you either have access or you don’t. Agents demand something different. Their behavior and risk profile can change over time. An agent can be well-built at the start and later become compromised or drift into risky behavior.
Design a trust scoring approach that considers origin, accountable owner, recent behavior, provenance of training data or plugins, and evidence of compromise (memory poisoning, tool misuse, etc.). Use that score to gate actions. Low-risk, low-value operations can be handled at lower trust thresholds. High-value transactions (e.g., payouts, access to customer PII, or system configuration changes) must require a much higher trust score, additional approvals, or human-in-the-loop confirmation.
Operationalize this by enforcing short-lived, per-transaction tokens and adaptive checks. Don’t let agents hold broad, persistent credentials. Instead, require re-evaluation at each critical step. Build dashboards that show current trust scores, recent changes, and who is accountable so you can act fast when a score degrades.
Thanks for reading The AI MEMO! Share this thought-provoking post with your network.
You’ll hear people either say “wait” or “move fast” with agents. Build the infrastructure in parallel with agent deployments. Create a clear strategy that addresses the business outcomes are you trying to achieve with agents, the processes you’ll transform, and the controls you must have before agents touch sensitive systems.
Start with observability. You need comprehensive, tamper-evident logging and replay capability for agent actions. Treat audit trails as critical product telemetry, not optional logs. Second, design access as temporary and transaction-scoped. Third, plan for accountability: every agent must be tied to a responsible organization or person who can be contacted and held accountable for its actions.
Cryptographic identifiers are a practical choice. In many use cases, decentralized verification (blockchain-based proofs or equivalent PKI approaches) provides immutable, quick verification of an agent’s origin and credentials. Consider technologies that supply immutable verification without relying on a single point of failure.
Finally, accept that you’ll keep a human-in-the-loop for higher-risk flows while automating low-risk work. Iterate and deploy agents where the ROI and risk appetite match, then expand controls and observability as confidence grows.
Summary
Agents can accelerate work, reduce costs, and create new customer experiences, but they change the rules for identity and access. Treat agent identity as a hard security control. Move away from persistent tokens and require cryptographic, verifiable identifiers tied to an accountable entity. Use a sliding trust model. Score agents across origin, behavior, and risk; enforce short-lived, transaction-level approvals based on that score. Build infrastructure now. Implement observability, per-transaction access, accountability, and phased human oversight. Choose verification tech that gives immutable proof of origin and can scale with your needs.
Take these three immediate actions:
1) Inventory where agents will run and which systems they’ll touch. Remove any persistent credentials you find.
2) Define risk tiers for agent tasks and require per-transaction checks for anything above your low-risk threshold.
3) Pilot verifiable identities for a small set of agents and validate end-to-end logging for replay and incident response.
If you focus on identity, trust scoring, and infrastructure, you’ll be ready to capture the upside of agents while keeping the most dangerous risks in check.
Equip your team with the knowledge and skills to leverage Agenti AI effectively. Book a consultation or workshop to accelerate your company’s AI adoption.
Join my bi-weekly live stream and podcast for leaders and hands-on practitioners. Each episode features a different guest who shares their AI journey and actionable insights. Learn from your peers how you can lead artificial intelligence, generative AI, agentic AI, and automation in business with confidence.
