By Vesa Suontama, CTO at Trivore
Artificial Intelligence has been adopted across the corporate world at an unprecedented pace. Often, its implementation outstrips the development of its governing frameworks. When combined with the sheer power of Generative AI (GenAI), the situation becomes particularly demanding.
Gartner predicts that by the end of 2026, 40% of enterprise applications will include AI agents—up from less than 5% just a year ago. Meanwhile, IBM research reveals a staggering gap: 97% of organisations that experienced an AI-related data breach had failed to implement adequate access management controls.
While industry analysts often focus solely on the looming threat of AI growing uncontrollably, they rarely offer a concrete path forward. In this article, I explore the specific opportunities and threats posed by GenAI and present a practical roadmap for its secure deployment.
In this article, I will explore the specific opportunities and threats posed by generative AI and present a practical roadmap for its secure deployment.
Furthermore, I will explain why your choice of Identity and Access Management (IAM) architecture is a decisive factor in whether AI becomes a systemic risk or a competitive advantage for your organisation.
The core principle is simple: AI serves effectively as a highly intelligent extension layer, but the heart of access management must remain deterministic and auditable.
A Brave New World of AI
An AI agent is not a static tool in the same sense as a spreadsheet or a CRM system. It is an autonomous actor with its own credentials, permissions, and access to corporate data. If an agent is misconfigured or its credentials fall into the wrong hands, the fallout can surpass that of a traditional breach. This is because agents are often implicitly trusted and operate at machine speed.
The role of IAM in closing this governance gap is vital. In February 2026, Gartner named the identity management of AI agents as one of the top six cybersecurity trends of the year. However, for IAM to be effective, it must adapt to the GenAI era.
The challenge is fundamental. An agent does not log into a system like a human does. It can operate across multiple systems simultaneously, modify its own parameters during execution, and trigger sub-processes that inherit its original permissions. Traditional Role-Based Access Control (RBAC) was designed for static identities—not for dynamic actors that negotiate rights based on context.
Currently, most organisations lack even a basic inventory of how many AI agents are active in their environment, whose authority they operate under, and what data they can access.
The Governance Gap in Numbers
Risks are also driven by GenAI users. Recent studies show that 13% of GenAI prompts contain sensitive information, such as personal data, business intelligence, or client details. When attachments are included, this figure rises above 20%.
According to IBM, one in five data breaches was caused by “Shadow AI”—AI tools used by employees without official organisational oversight. In these cases, the cost of data leaks was significantly higher than average. Shadow AI led to the compromise of personal data (65%) and intellectual property (40%) more frequently than other breach types.
The risk of a major breach rooted in unmanaged AI agents is growing rapidly.
To address this, Forrester introduced the AEGIS (Agentic AI Guardrails For Information Security) framework in 2025. A central pillar of this framework is IAM, operating alongside Zero Trust principles.
But not just any IAM will do: architecture matters.
The Deterministic Core: The Foundation for Everything Else
When an AI agent requests access to a patient record system, financial reports, or a customer register, a decision must be made: allow or deny.
If that decision is made by a statistical model whose logic cannot be explained after the fact, the organisation is neither secure nor compliant. Regulators and auditors will ask: On what grounds was access granted? Answering “the model deemed the confidence level sufficient” is simply not enough.
This does not mean AI should be excluded from identity management. On the contrary.
AI is an excellent “scout”: it identifies anomalies in behavioural data, predicts risks, suggests actions, and dramatically accelerates operations. However, the access management decision itself must be based on rules that are explainable, repeatable, and traceable. AI enriches the decision with context; the core engine decides deterministically.
Three Fronts, One Principle
AI is transforming identity management from three directions simultaneously, and in all three, a deterministic core is a prerequisite.
Efficiency: AI streamlines IAM operations through role mining, automated provisioning, and data cleansing. IBM found that the strategic use of AI and automation in security operations saved an average of $2 million per breach.
Defence: Continuous behavioural analytics and dynamic trust scoring enable adaptive access management. AI calculates the risk, but a deterministic rule decides whether to grant access or require further authentication. This is critical: Gartner notes that 30% of enterprises no longer trust biometric identification alone due to deepfake technology.
Agent Governance: This is the newest and most difficult front. When an agent retrieves data or modifies a configuration, who is responsible? The AEGIS framework is clear: agents are their own class of identity. They require a defined scope of authority and a lifecycle—just like a human user. Without a deterministic core, an agent’s permissions could expand unnoticed, potentially leaking sensitive data through prompts without ever breaking a traditional access rule.
Five Steps to Take Immediately
Here are five steps to help your organisation take control of GenAI quickly and effectively:
1. Inventory AI Agents and Shadow AI Start by identifying which AI tools and agents are actually used in your organisation. This includes both IT-approved systems and services implemented by employees themselves. In practice, this means network traffic analysis, SaaS application inventories and user surveys. In the welfare sector, this may reveal that nursing staff are using ChatGPT to draft patient records without the knowledge of the organisation.
2. Systematise the lifecycle of AI identities The creation, authorisation, review and removal of AI agents must be managed with the same rigour as the identities of human users. Identity Governance and Administration (IGA) style policies and practices for agent identities need to be established, monitored and audited. This may mean that each agent has a designated owner who reviews its rights at least quarterly. The review checks whether the agent has access to data it no longer needs and whether its operational authority is still in line with its original purpose. Increased access is granted only when needed and for a limited period of time (just-in-time), not permanently.
3. Deploy a security layer for GenAI prompts An effective way to prevent data leaks when using GenAI tools is a cloud-based AI security proxy. This proxy authenticates the user, inspects prompts and attachments in real-time, and removes or replaces identified sensitive information. Modern solutions do not require endpoint agents or browser extensions; instead, they are chained with existing SASE architecture, allowing deployment in days rather than months. This layer also identifies high-risk users: experience shows that typically a small percentage of GenAI users account for over half of the data leak risk.
4. Demand deterministic access management decisions AI can enrich decision-making, but the rationale for each key decision must be explainable in an audit situation. When the CISO of a large company or the head of information security in a welfare area talks to an auditor, the system must be able to answer: why did this agent get access to this data, when, and with whose authority. If the answer is “model estimate,” that’s not good enough.
5. Evaluate your IAM vendor’s AI strategy IT managers should immediately assess the AI management capabilities of their suppliers. For an IAM provider, this means asking concrete questions: how your system manages the identities of AI agents, whether the kernel engine generates deterministic log data for each access decision, and where the data resides in the infrastructure.
Personal Liability for Leadership
The Finnish Cybersecurity Act (124/2025), which came into force on 8 April 2025, places personal responsibility for cybersecurity risk management on an organisation’s leadership. Section 10 covers all risks to communication networks and information systems, including those arising from AI. Management cannot delegate this responsibility away or plead ignorance.
In practice, this means that the executive board must understand which AI tools are being used within the organisation, what risks are associated with them, and how these risks are managed. A general-level security policy is no longer sufficient: the law mandates active and documented risk management that specifically covers the new threat models introduced by AI.
A deterministic core engine that logs every access decision and its justification is the simplest way for a leadership team to ensure they meet their duty of care.
AI is a Permanent Shift, Not a Project
In 2026, AI is moving from the “hype” phase into the mainstream. While this boosts productivity, access management risks are escalating.
Organisations must stop treating AI as a standalone innovation project and start managing it as part of a standard identity lifecycle. The foundation for this is a microservices-based Identity Fabric—where AI acts as an intelligent extension layer on top of a deterministic core.
A viable approach is a microservices-based Identity Fabric, which combines IAM and IGA functionality and where AI acts as an intelligent extension layer on top of a deterministic core. In such an architecture, the identities of people, machines, and AI agents are managed with unified principles, and AI streamlines operations, strengthens defence, and enables context-aware access management without compromising the predictability of the core engine.
For a European organisation, it is also significant where the IAM and IGA layers are located. When the identity management platform operates on European infrastructure, governance data and log information remain within the scope of European legislation. Solutions based on this architectural model are already on the market. For example, Trivore’s eIAM Identity Fabric.
TL;DR
AI agents need their own identity class: An agent is not a tool but an autonomous actor that needs an identity, defined authority, and a lifecycle — just like a human user.
The core of access management must remain deterministic. AI enriches decision-making with contextual information, but the core engine decides based on rules, explainability, and auditability.
Leadership bears personal responsibility: The Cybersecurity Act requires that the management team also understands and manages the risks posed by AI. Delegation or pleading ignorance does not absolve you of responsibility.