Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Oso Security. Show all posts
Todd Thiemann
ai agents authorization Cybersecurity enterprise AI Graham Neray identity management Oso Security Technology Todd Thiemann

The Rise of AI Agents and the Growing Need for Stronger Authorization Controls

 

AI agents are no longer confined to research labs—they’re now writing code, managing infrastructure, and approving transactions in real-world production. The appeal is speed and efficiency. The risk? Most organizations still use outdated, human-oriented permission systems that can’t safely control autonomous behavior.

As AI transforms cybersecurity and enterprise operations, every leap in capability brings new vulnerabilities. Agentic AI proves this clearly—machines act faster than people, but they also fail faster.

Traditional access controls were built for human rhythms. Users log in, complete tasks, and log off. But AI agents operate nonstop across multiple systems. That’s why Graham Neray, co-founder and CEO of Oso Security, calls authorization “the most important unsolved problem in software.” He adds, “Every company that builds software ends up reinventing authorization from scratch—and most do it badly. Now we’re layering AI on top of that foundation.”

The problem isn’t intent—it’s infrastructure. Most companies still manage permissions through static roles and hard-coded logic, which barely worked for humans. An AI agent can make thousands of changes per second, and one misstep can cause massive damage before anyone intervenes.

Pressure to prove ROI adds another layer of risk. Todd Thiemann, principal analyst at Omdia, explains, “Enterprise IT teams are under pressure to demonstrate a tangible ROI of their generative AI investments… Security generally, and identity security in particular, can fall by the wayside in the rush to get AI agents into production to show results.”

It’s tempting to give agents the same permissions as their human users—but that’s exactly what creates exposure. Thiemann warns, “AI agents lack human judgment and contextual awareness, and that can lead to misuse or unintended escalation.” For example, an agent automating payroll should never be able to authorize transfers. “Such high-risk actions should require human approval and strong multi-factor authentication,” he adds.

Neray believes the solution lies in designing firm, automated boundaries. “You can’t reason with an LLM about whether it should delete a file,” he says. “You have to design hard rules that prevent it from doing so.”

That means building automated least privilege systems—granting only temporary, task-specific access. Oso Security is helping companies move authorization from hard-coded systems to modular, API-driven layers. “We spent a decade making authentication easier with Okta and Auth0. Authorization is the next frontier,” Neray says.

As CISOs step in earlier to guide AI deployment, the goal isn’t to block innovation—but to make it sustainable. Limiting privileges, requiring human approval for critical actions, and maintaining audit trails are key.

Thiemann sums it up: “Minimizing those privileges can minimize the potential blast radius of any mistake or incident.”

AI doesn’t just change what’s possible—it redefines what’s safe. Machines don’t need more power; they need better permissions.
Read more »
Subscribe to: Comments (Atom)