Keynote: Agentic AI and Identity: The Biggest Problem We’re Not Solving

Cybersecurity has an identity problem. Managing the complexities of identity in a corporate environment never gets easier.

As we enter the world of Agentic AI, each “Agent” will also have its own identity, and attributes that may identify it as an agent of the company it represents – or be fakes that attackers use to socially engineer victims in a new range of attacks. Traditional cybersecurity frameworks aren’t prepared for Agentic AI, identity, and access management, and companies lack policies to define how to authenticate, authorize, or audit AI Agents. Without clear identity frameworks and standards for Agentic AI, we run the risk that AI Agents will exceed intended scope, be difficult to audit, and without clear threat models, enable unintended attacks or exploits. Employees will also create Shadow AI Agents, even if well intended, that may act autonomously, access sensitive data, trigger workflows, and connect with third-party systems all in the name of “getting the job done”.

Attackers are going to take advantage of this chaos. Security teams will have to identify and combat this activity. We have an opportunity to solve some of the systemic problems now, before Agentic AI becomes prolific. Standards bodies are engaging, and startups are offering ideas. In this discussion, we will explore ideas and solutions to the Agentic AI crisis, and the risks to organizations and governments alike when internal accidents or external attacks strike.

By:
Cristin Flynn Goodwin | Founder and Managing Partner, Advanced Cyber Law

Full Abstract Available:
https://www.blackhat.com/sector/2025/briefings/schedule/?#keynote-agentic-ai-and-identity-the-biggest-problem-were-not-solving-49591Black HatRead More