Your Newest Colleague Is an AI. Who Gave It the Keys to the Kingdom?

HERNDON, Va. – June 16, 2026 – We are on the cusp of an economic transformation driven not by people, but by their digital proxies. Autonomous AI agents—software designed to act independently on our behalf—are poised to move from experimental curiosities to the primary engines of digital commerce. They promise to negotiate purchases, manage supply chains, and execute complex business decisions with superhuman speed and efficiency. But beneath the hype lies a foundational question that most organizations are dangerously unprepared to answer: When an AI agent acts, who, exactly, is accountable?

This isn't a philosophical debate. It's a looming crisis of identity. As AI agents begin conducting transactions and accessing sensitive systems, they create a governance black hole. How do you verify who authorized an agent? How do you govern what it is permitted to do? And when something inevitably goes wrong, how do you maintain a provable chain of custody? This is the challenge of “agentic identity,” and it represents the next critical frontier in cybersecurity and digital trust.

The $15 Trillion Identity Problem

The scale of this shift is staggering. Industry analysts at Gartner project that by 2028, AI agents will intermediate 90% of B2B buying, representing more than $15 trillion in commercial transactions flowing through automated exchanges. Yet the traditional identity and access management (IAM) systems that secure the corporate world were designed exclusively for humans. They authenticate people, not the autonomous agents acting for them.

This gap creates profound new risks. Customers and partners are already adopting AI agents that operate outside the enterprise firewall, a phenomenon some security experts are calling “shadow IT on steroids.” Without a framework to govern them, these external agents could become vectors for fraud, misuse, and catastrophic data breaches. The core questions are ones of identity: Who or what is acting? Who authorized it? What is it permitted to do? And what happened?

“The identity market is entering a new phase,” said Keith Graham, Co-founder and CEO of Strivacity, an identity management firm that today announced an expanded platform to tackle this issue. “For decades, identity was focused primarily on people. As AI agents begin acting on behalf of customers and partners, organizations need new ways to establish trust, verify authority, and maintain accountability.”

From Human-Centric to Hybrid Identity

Addressing this challenge requires a paradigm shift—from a human-centric view of identity to a hybrid one that seamlessly governs both people and their AI counterparts. This is the vision behind Strivacity’s latest release, Strivacity for Agentic AI. The company, recently named a Leader in customer identity solutions by Forrester, is extending the tools used to manage human customers to the AI agents that represent them.

The new capabilities directly address the governance black hole. The platform introduces a “Know Your Agent” (KYA) verification process to establish trust in external agents before granting them access. It enables precise, transactional authorization, allowing a human user to define exactly what actions an agent can take independently and where their explicit approval is required. For accountability, it creates unified audit trails that attribute every action back to both the AI agent and the authorizing individual.

This creates a system of delegated authority, managed through a self-service portal where customers can view, manage, and revoke permissions for their stable of AI agents. It’s a pragmatic approach that treats agentic identity not as an esoteric problem, but as a logical extension of modern customer identity management.

Building on Open Foundations, Not Replacing Them

For enterprise leaders staring down yet another costly technology migration, the most compelling part of this emerging strategy may be how it’s implemented. Rather than demanding a disruptive “rip-and-replace” of existing infrastructure, solutions like Strivacity’s are designed to coexist with the identity providers that companies already use, including Okta, Auth0, and Ping Identity.

This interoperability is made possible by building on a foundation of open identity standards such as OAuth 2.1, which are designed for secure delegation. This allows an organization to layer agentic governance on top of their current systems, addressing the new AI-driven requirements without tearing out the plumbing. The focus is on extending capabilities, not starting from scratch.

“The hard part of agentic AI was never getting an agent to act. It was answering who authorized it and proving what it did afterward,” noted Jeff Steadman, a digital identity security consultant and podcast host, in a statement. “That is squarely an identity problem. Strivacity's work... addresses consent, delegation, and audit trails at the customer identity layer, which is an area the broader IAM community is increasingly focused on.”

The Governance Gateway to the AI Economy

Ultimately, robust governance is not a barrier to innovation but an essential enabler. Research shows that many organizations remain stuck in pilot mode with agentic AI precisely because of a lack of mature governance and identity controls. Solving the agentic identity problem is the key to unlocking the immense productivity and growth promised by the AI-mediated economy.

It’s also a prerequisite for regulatory compliance. As AI agents handle personal data and make impactful decisions, they fall under the scrutiny of frameworks like GDPR and the EU AI Act. Traceable consent and auditable activity logs are no longer optional.

“We believe the growth of AI agents will create new requirements around authorization, consent, and accountability,” said José Manuel Rivera García, CISO at Iberia Cards. “Organizations will need ways to verify who authorized an agent to act and maintain auditable records of those decisions.” As enterprises prepare for a future where their digital front door is staffed by AI, establishing who holds the keys will be the most important decision they make.