Rahul Dubey, vice president of global regulated markets solutions at CyberArk, said federal agencies should treat artificial intelligence agents as a new class of privileged identities to mitigate emerging security risks.
“AI agents have access to an organization’s most sensitive resources, which makes them privileged identities. And although they are machines, they share some of the same vulnerabilities as human users,” Dubey wrote in an article published on Carahsoft.com.
Why Should Agencies Apply Identity Security to AI Agents?
Dubey said identity security has evolved from traditional identity and access management to privileged access management and now extends to machine identities, including AI agents.
He noted that as agencies deploy agentic AI systems capable of autonomous decision-making and orchestrating complex workflows, the associated risk expands across applications, data and network access.
Dubey said agencies should keep zero trust principles in mind and consider risks across the external supply chain and internal software development pipeline when deploying AI.
What Is Zero Standing Privilege?
Dubey highlighted zero standing privileges as a key strategy for reducing risk in AI environments.
Under this model, AI agents receive temporary, privileged access only when needed to complete a specific task. Once the task is finished, access is automatically revoked.
Dubey said this just-in-time approach helps agencies minimize exposure and reduce the overall attack surface.
What Is CyberArk’s Secure AI Agents Solution?
Dubey said CyberArk’s Secure AI Agents solution is designed to treat AI agents as a new class of privileged machine identities within its Identity Security Platform. The offering starts with discovery by identifying AI agents across cloud and developer environments and collecting context such as ownership, function and access levels.
He said the platform’s AI Agent Gateway works by enforcing task-specific permissions and automatically revoking access to support zero standing privileges, while strengthening authentication through secret rotation, dynamic credentials and activity monitoring integrated with logging tools.
