TalksAWS re:Invent 2025 - AI Agents – the new face of privileged machine identities (SEC226)

AWS re:Invent 2025 - AI Agents – the new face of privileged machine identities (SEC226)

Summary of "AWS re:Invent 2025 - AI Agents – the new face of privileged machine identities (SEC226)"

Introduction to Cyber Arc

  • Cyber Arc is an identity security leader offering a comprehensive platform for securing human, machine, and AI agent identities
  • They provide capabilities like identity and access management, threat detection and response, governance, and machine identity security
  • Cyber Arc was recently announced to be acquired by Palo Alto Networks as part of their broader platformization strategy

The Rise of Agentic AI

  • Agentic AI, where AI agents are given agency to access and perform actions, has immense potential to unlock trillions of dollars in value across industries
  • Early experiments have shown measurable gains, but this also uncovers unprecedented risks as these AI agents are granted elevated privileges
  • Risks stem not only from external threat actors, but also from the AI agents themselves potentially misunderstanding context or hallucinating and performing unintended actions

Evolving Complexity of AI Agents

  • AI agents are rapidly becoming the new face of privileged machine identities in the enterprise
  • Starting with simple AI assistants, the complexity is expected to grow rapidly within a year:
    • Autonomous agents with broader access to enterprise resources
    • Multi-level orchestrator agents invoking other agents and humans for multi-step tasks
  • This increasing complexity and access will lead to a significant increase in risk unless proper identity security measures are put in place

Identity Security Imperative for AI Agents

  • AI agents exhibit characteristics of both human and machine identities, making them a new identity class that requires a unique approach to security
  • Traditional approaches like treating them as service accounts or relying on MFA are insufficient, especially for autonomous agents
  • AI agents should be treated as privileged machine identities, requiring a combination of human and machine identity security controls:
    • Credential management, zero standing privileges, session monitoring, and isolation for the human aspects
    • Strong authentication, secrets rotation, certificates, and workload access for the machine aspects

Cyber Arc's Secure AI Agent Solution

  • Cyber Arc is announcing the general availability of their Secure AI Agent solution by the end of the year
  • The solution addresses key CISO concerns:
    • Discovery and context: Identifying existing AI agents running in the organization
    • Secure access and zero standing privileges: Enforcing dynamic, context-aware access policies and just-in-time permissions
    • Threat detection and response: Quickly detecting and responding to rogue or compromised AI agents
    • Governance and lifecycle: Governing AI agents to ensure compliance
  • The solution integrates with AWS Bedrock, one of the target agentic ecosystems

Securing AI Agent Access

  • Traditional access controls and policies are too static for the dynamic and complex nature of AI agents
  • Cyber Arc's AI Agent Gateway provides a dynamic, context-aware policy engine to control what actions and resources an AI agent can access
  • The solution enforces the principle of least privilege, granting just-in-time permissions that are revoked after use to prevent excessive permissions
  • The gateway also provides audit and traceability, allowing organizations to understand who (user or AI agent) performed what actions and why

Developer Tools for Secure AI Agent Development

  • Cyber Arc provides open-source security tools to help AI agent developers reduce the risk of exposing sensitive credentials
  • These tools integrate with common security stores like AWS Secrets Manager and Cyber Arc Conjur to inject credentials just-in-time and remove them when no longer needed

Key Takeaways

  • AI agents are the new face of privileged machine identities and their adoption is expected to grow rapidly, increasing the attack surface and risk
  • Identity security is the foundation for defending against the risks posed by AI agents, requiring a combination of human and machine identity security controls
  • Cyber Arc's Secure AI Agent solution provides a comprehensive approach to discovering, securing, monitoring, and governing AI agents in the enterprise
  • Developers can leverage Cyber Arc's open-source tools to shift left and build secure AI agents from the ground up

Your Digital Journey deserves a great story.

Build one with us.

Cookies Icon

This website stores cookies on your computer.

These cookies are used to collect information about how you interact with this website and allow us to remember you. We use this information to improve and customize your browsing experience, as well as for analytics.

If you decline, your information won’t be tracked when you visit this website. A single cookie will be used in your browser to remember your preference.