AIToday

Zero trust security must shift to real-time for AI agents

VentureBeat AI5h ago
Zero trust security must shift to real-time for AI agents

Key takeaway

Enterprise security leaders must adopt zero trust architecture immediately for AI agents rather than treating it as a long-term initiative, according to Ping Identity's CEO. The speed and scale of agentic AI—thousands of agents making thousands of access requests—has compressed the security risk timeline, making real-time permission verification essential to prevent exposure from accumulated access grants that appear routine in isolation.

Summaries like this, in your inbox every morning.

Sign up free →

3 Key Points

  • What happened

    Andre Durand, CEO of Ping Identity, argues that enterprises must now treat zero trust security—a model requiring continuous verification rather than a single login check—as an immediate requirement for AI agents, not a future goal. Agentic AI has compressed the risk timeline, demanding permission decisions be evaluated in real time.

  • Why it matters

    Each time an employee approves an AI agent's request for access to company resources (drives, databases, code repositories), the enterprise grants a small slice of control. Across thousands of agents making thousands of requests, those individual approvals accumulate into significant security exposure that existing security frameworks may not catch.

  • What to watch

    The shift reflects a fundamental change in how enterprises must think about access control—from a model that verifies users once at login to one that continuously verifies every action an AI agent takes, in real time.

In Depth

Andre Durand, CEO and founder of Ping Identity, has made a stark argument about the urgency of zero trust security in the age of AI agents. He contends that enterprises must treat zero trust—a security model predicated on the principle that no user, device, or system should be automatically trusted—not as a long-term architectural goal but as an immediate operational requirement. The traditional zero trust concept relies on continuous verification before every action, replacing the older model where a single login check granted extended access. However, the emergence of agentic AI has fundamentally compressed the risk timeline. These autonomous agents operate at a pace and scale that human-driven systems do not. Durand illustrates the risk through a concrete mechanism: permission accumulation. Each time an employee approves an AI agent's request for access to a company drive, database, or code repository, the enterprise grants what appears to be a routine, small slice of control. In isolation, each approval is unremarkable. But across thousands of agents making thousands of requests, those individual permissions stack into substantial exposure. Most existing security frameworks were designed to handle and monitor human-driven access patterns, where the volume and frequency of requests are far lower. They are not built to detect or prevent the cumulative risk that emerges when autonomous systems scale. This gap between the speed at which agents operate and the visibility that legacy security tools provide creates a window of vulnerability that Durand argues enterprises can no longer afford to ignore or defer.

Context & Analysis

Andre Durand's perspective reflects a critical timing shift in enterprise security thinking. Zero trust as a concept is not new, but the advent of agentic AI—systems that autonomously make requests and take actions—has fundamentally altered the calculus. Traditional security models were built around user-centric risk: a human logs in once, is verified, and operates within defined permissions. That model assumes human judgment gates resource access. Agentic systems compress that timeline dramatically. Where a human employee might make a handful of access requests per day, an AI agent can make thousands. Each individual approval looks benign, but the cumulative exposure across an enterprise running many agents is profound. The body emphasizes that existing security frameworks are not equipped to catch this accumulation because they were not designed for this velocity and scale. The shift Durand describes is not merely an upgrade but a category change: zero trust must move from an occasional verification event to a continuous, real-time process embedded in every agent action.

FAQ

What is zero trust security?
Zero trust is a security model built on the assumption that no user, device, or system should be automatically trusted. It requires continuous verification before every action rather than a single check at login.
Why does AI agent deployment change zero trust priorities?
Agentic AI has compressed the risk timeline enterprises must manage. Each agent request for access (to company drives, databases, code repositories) represents a small approval, but across thousands of agents making thousands of requests, those approvals accumulate into significant exposure.

Get the latest Large Language Models news every morning

AI-summarized, only the topics you pick — one digest a day via Email, Slack, or Discord.

Free · takes 30 seconds · unsubscribe anytime

Discussion

No comments yet. Be the first to share your thoughts!

Log in to join the discussion

Related Articles

Stay ahead with AI news

Get curated AI news from 200+ sources delivered daily to your inbox. Free to use.

Get Started Free

Free · takes 30 seconds · unsubscribe anytime

1 minute a day. The AI essentials.

200+ sources · Email / LINE / Slack

Get it free →