Saviynt’s Nitin Varma’s observation that “AI created new identities” — and that this is fundamentally why machines now need to be managed within enterprise identity governance frameworks — captures in a single phrase what the IGA market has been grappling with for the past two years. AI has not just changed how identity governance is performed; it has expanded the population of identities that must be governed.
The practical reality that Varma is describing is visible in enterprise environments everywhere. An organisation deploys a customer service AI agent. That agent needs credentials to access the CRM, the ticketing system, the knowledge base, and the email service. It needs permissions scoped to the data it is authorised to see. It needs a defined owner who is accountable for its actions. It needs a lifecycle — from the moment it is provisioned to the moment it is deprovisioned when the use case it was built for changes. In every meaningful sense, the AI has created a new identity that the IGA programme must now govern.
Multiply this across the AI deployments that a large enterprise is making simultaneously — across business functions, across geographic regions, across cloud environments — and the scale of the identity governance challenge becomes clear. Organisations that are deploying AI at pace without building the identity governance infrastructure to match are accumulating machine identity debt that will eventually manifest as security incidents, compliance gaps, or operational failures.
Varma’s framing is useful because it recentres the conversation on the governance fundamentals. The IGA discipline has always been about knowing who has access to what, ensuring that access is appropriate, and managing it throughout its lifecycle. AI has not changed these fundamentals — it has extended the scope of the “who” to include machines. The governance discipline remains the same; the identity estate it must govern has grown significantly larger.
For IGA practitioners, the message is clear: build the governance infrastructure for AI-created identities now, before the scale of those identities outpaces your ability to govern them reactively.
Source: Economic Times