Strata Identity’s launch of Maverics Identity Orchestration for AI Agents tackles a problem that has quietly become one of the most consequential gaps in enterprise identity architecture: most organisations have no standards-based way to secure, control, and observe what their AI agents are actually doing once they’re granted access. Strata’s answer — an orchestration layer purpose-built for agentic behaviour — is a useful lens on where non-human identity security is heading.

The core issue is that AI agents don’t behave like traditional service accounts or even like human users. A human employee logs in, performs a bounded set of actions, and logs out. A traditional service account performs the same narrow task repeatedly. An AI agent, by contrast, may chain together dozens of actions across multiple systems in pursuit of a single instruction — reading a database, calling an API, triggering a workflow, writing to a file store — often without a human in the loop to sanity-check each step. Existing identity infrastructure was never designed to secure, or even observe, that kind of dynamic, multi-step behaviour.

This is precisely the gap Maverics is positioning to close: providing an orchestration layer that sits between AI agents and the systems they touch, applying consistent identity and access policy regardless of which underlying application or cloud platform the agent is interacting with. The “standards-based” framing matters here — without common protocols for agent authentication and authorisation, every integration becomes a bespoke security project, and coverage gaps multiply as agent deployments scale.

The observability dimension deserves particular attention from security teams. One of the most persistent complaints from CISOs managing early AI agent deployments is the lack of audit trail — when an agent takes an unexpected or harmful action, reconstructing exactly what happened, which credentials were used, and what data was touched is often impossible after the fact. An orchestration layer that logs and correlates agent actions across the identity fabric addresses a foundational governance requirement, not just a nice-to-have.

For enterprises evaluating how to bring AI agents into production safely, Strata’s approach illustrates a broader architectural principle worth adopting regardless of vendor: agentic identity cannot be secured through point solutions bolted onto individual applications. It requires an identity orchestration layer that can enforce consistent policy, standards-based authentication, and comprehensive observability across the entire agent lifecycle — from provisioning through every action the agent takes.

Source: Business Wire