Last week’s Identiverse conference in Las Vegas left no doubt that the scope and importance of identity security is now magnified. Identiverse 2026 underscored the current transition in identity security as organizations grapple with an expanding universe of identities beyond humans. As Ping Identity CEO Andre Durand framed it in his opening keynote, the industry is shifting toward “actions, not access” — a move from static access control to continuous, real-time identity decisions that govern what entities can do.

Conversations across the event highlighted the growing importance of governing nonhuman identities (NHIs), AI agents, and machine-driven interactions as first-class security concerns. NHI and AI security was also the predominant theme across the 200-plus booths in the expo hall. Amid the crush of AI-infused presentations and vendor messaging, the conference also stood out as a testament to the range of identity’s reach, featuring breakout sessions spanning mobile driver’s licenses, data and privacy, fraud, FIDO passkeys, cybersecurity architecture, software development practices, industry standards, threat detection and response, and operational resiliency.

AI agent adoption is unstoppable; during the conference, we heard presenter estimates that 75–85% of organizations have already started adopting AI agents. Security and, in particular, identity and access management (IAM), continue to play an oversized role in securing AI agents.

AI agents represent an autonomous, nondeterministic, and numerous nonhuman identity type but also present a new channel for user interaction (e.g., human users can spawn their own enterprise data collection and consumer purchase agents). Here are our main takeaways from Identiverse 2026:

  • New discovery and governance methods are required. AI agents do not fit into the existing mold of static and human time-horizon identity management and governance tooling and processes. AI agent governance is more real-time, context-aware, and build-time-intent-aware. Delegation to a uniquely identified agent, and not impersonation, is the recommended design pattern. AI governance should also look at agent provenance and reputation using repositories and agent suppliers (e.g., Amazon shopping agents).
  • AI agents require new access policy decision frameworks. AI agent authentication to MCP servers is the easier, more mature part: They use OAuth 2.1 OIDC tokens to authenticate to MCP servers and other resources. AI agent authorization is where we are seeing the greatest paradigm shift from simple, static ABAC/RBAC authorization policies to much more contextual, intent-verified, boundary-constrained authorization (“this agent can only spend up to $300 on buying kitchenware from an e-commerce site”). Authorization occurs through just-in-time context (network, jurisdiction, resource) and must happen in real time. The conference reinforced the growing momentum behind more dynamic, fine-grained authorization.
  • Risk definition and measurement is still unclear. AI agent actions represent financial and reputational risk to organizations. For example, in a B2C use case, a purchasing AI agent may: 1) scrape a website and hoard a cart; 2) make fraudulent purchases; and 3) perform actions that cause dissatisfaction for the agent’s human owner. Defining, keeping track of, and abating these risks does not yet have a mature product solution. End user organizations are currently using in-house-built telemetry and solutions for this purpose.
  • IAM for AI agents must fit into an organization’s IAM mesh. AI agent identities must be tied and correlated to human-identity access management in enterprise IAM. IAM for human and deterministic machine identities remains an organizational challenge, and adding IAM requirements for AI agents further complicates the landscape. Trying to cobble together a nonstandards-based IAM solution to manage AI agents can quickly create technical debt. Okta, Microsoft, and Ping Identity have just introduced frameworks for IAM for AI agents; their ready-to-deploy blueprints with examples are overdue and solid starting points for managing AI agent identities.
  • Identity standards is ongoing but not unified. Auth.md, ID-JAG, SPIFFE, AIUC-1, IETF’s RFCs, and other standards are either not final, a work in progress, or less than 12 months old. Commercial and in-product support is still scarce but rapidly improving. Anecdotally, we found that organizations are still waiting for AI agent security standards to solidify, mature, and become commercially supported before fully implementing them.

Overall, Identiverse 2026 underscored that the next phase of identity security will be defined by how effectively organizations extend governance to autonomous systems, unify identity data across silos, and operationalize identity intelligence in real time.

Forrester clients who want to dive deeper into this topic and discuss how they should implement IAM for agents should schedule an inquiry or guidance session with us.