Introduction

Non-human entities are evolving at an unprecedented rate. As enterprises deploy increasingly sophisticated AI agents to handle mission-critical functions—from approvals to resource provisioning—identity governance and administration (IGA) teams face a fundamental challenge: the security models built for humans no longer suffice.

As SailPoint’s APAC leadership puts it provocatively: you can’t put an AI agent in jail. This phrase encapsulates a profound shift in how organisations must think about identity security in an AI-driven world. Traditional compliance frameworks assume human intent, accountability, and the ability to legally prosecute bad actors. AI agents operate in a different domain entirely.

The Problem: Traditional IGA Wasn’t Built for Non-Human Identities

Identity lifecycle management systems were designed with human workers as the primary subject. The entire IGA apparatus—provisioning workflows, access reviews, compliance monitoring—assumes a human identity will authenticate, behave predictably within risk parameters, and be subject to human oversight.

But non-human identities behave differently. An AI agent deployed to handle identity governance administration tasks may make thousands of access decisions per day, operate across systems its human creators never anticipated, and escalate permissions autonomously based on learned patterns. Traditional access reviews—where a manager approves a report of user permissions quarterly—become laughably inadequate when applied to agents making real-time decisions.

The second complication: you cannot deter an AI agent with threats. Legal liability, termination, audit logs—the mechanisms used to ensure human accountability—simply don’t work on an algorithmic entity. An AI agent won’t be “scared” by a compliance violation because its very nature is mathematical, not emotional.

Key Points: Rebuilding IGA for the AI Era

1. Runtime Control Over Governance Decisions

Rather than controlling agent behaviour through post-hoc compliance checks, modern identity governance must shift to real-time enforcement. If an AI agent is attempting an action that violates policy—even if that agent is performing a legitimate task—identity governance systems must be able to interrupt, verify, and re-authorise the action within the execution flow itself. This is a fundamental departure from IGA’s traditional model of access reviews and audit trails.

2. Behavioural Fingerprinting and Anomaly Detection

Since you cannot put an agent “in jail,” you must instead establish clear boundaries on what that agent can do at any point in time. This requires identity governance systems to learn and monitor agent behaviour patterns—not just what permissions exist, but how those permissions are being exercised. A sudden spike in access requests to privileged systems might indicate a compromised agent or a model drift requiring human intervention.

3. Agent Identity Governance as a Distinct Discipline

The identity governance and administration function must now encompass non-human identities as a first-class concern. This means developing governance policies specific to agents, defining identity lifecycle stages for agents (provisioning, execution, retirement), and creating review mechanisms tailored to how agents actually operate—not by treating them as privileged users.

4. Cross-Function Collaboration

Identity governance can no longer be siloed as a compliance function. It must integrate tightly with machine learning operations (MLOps), application security, and AI governance frameworks to ensure that the identities underpinning agent execution remain secure and compliant in real time.