Cisco has formally launched Duo Agentic Identity, a new capability within its Cisco Duo platform designed to address a critical security gap: identity governance and access control for autonomous AI agents. This represents a significant shift in how security vendors approach the machine identity problem—moving beyond traditional service account management to purpose-built controls for AI workloads that operate with fundamentally different behavioral patterns than human users or conventional services.
The introduction of dedicated agentic identity controls signals broad industry recognition that AI agents represent a distinct identity category requiring distinct security solutions. Unlike service accounts tied to specific applications, agentic identities are dynamic, context-dependent, and increasingly autonomous. An AI agent might spawn temporary sub-agents, request permissions dynamically based on task requirements, and operate across multiple trust boundaries in a single workflow. Traditional access control models—even those optimized for service accounts—cannot capture this complexity.
Duo Agentic Identity appears to focus on several key areas: context-aware access decisions that factor in agent behavior, task requirements, and environmental risk; dynamic permission models that adjust access in real time based on agent activity; and audit mechanisms that capture agentic behavior at the speed agents operate. These capabilities directly address the gap between how enterprises currently manage machine identities and how they need to manage them in an agentic computing era.
The broader significance lies in vendor direction. When security leaders like Cisco introduce purpose-built controls for agentic identities, it validates what forward-thinking organizations have recognized: traditional IAM and PAM approaches are insufficient. The industry is moving toward identity solutions that treat agentic identities as a first-class concept, not a special case of service account management.
CISOs evaluating identity platforms should assess whether their vendors are investing in genuine agentic identity capabilities or merely retrofitting existing human-centric solutions. As AI agents become central to cloud operations and business processes, organizations need security platforms designed for agentic identity governance from the ground up. Duo Agentic Identity represents a step in this direction—acknowledging that non-human identity security requires solutions designed for non-human threat models, not human access patterns applied to machines.
Source: Cisco Duo