
Enterprise security leaders must adopt zero trust architecture immediately for AI agents rather than treating it as a long-term initiative, according to Ping Identity's CEO. The speed and scale of agentic AI—thousands of agents making thousands of access requests—has compressed the security risk timeline, making real-time permission verification essential to prevent exposure from accumulated access grants that appear routine in isolation.
Summaries like this, in your inbox every morning.
Sign up free →What happened
Andre Durand, CEO of Ping Identity, argues that enterprises must now treat zero trust security—a model requiring continuous verification rather than a single login check—as an immediate requirement for AI agents, not a future goal. Agentic AI has compressed the risk timeline, demanding permission decisions be evaluated in real time.
Why it matters
Each time an employee approves an AI agent's request for access to company resources (drives, databases, code repositories), the enterprise grants a small slice of control. Across thousands of agents making thousands of requests, those individual approvals accumulate into significant security exposure that existing security frameworks may not catch.
What to watch
The shift reflects a fundamental change in how enterprises must think about access control—from a model that verifies users once at login to one that continuously verifies every action an AI agent takes, in real time.
Andre Durand, CEO and founder of Ping Identity, has made a stark argument about the urgency of zero trust security in the age of AI agents. He contends that enterprises must treat zero trust—a security model predicated on the principle that no user, device, or system should be automatically trusted—not as a long-term architectural goal but as an immediate operational requirement. The traditional zero trust concept relies on continuous verification before every action, replacing the older model where a single login check granted extended access. However, the emergence of agentic AI has fundamentally compressed the risk timeline. These autonomous agents operate at a pace and scale that human-driven systems do not. Durand illustrates the risk through a concrete mechanism: permission accumulation. Each time an employee approves an AI agent's request for access to a company drive, database, or code repository, the enterprise grants what appears to be a routine, small slice of control. In isolation, each approval is unremarkable. But across thousands of agents making thousands of requests, those individual permissions stack into substantial exposure. Most existing security frameworks were designed to handle and monitor human-driven access patterns, where the volume and frequency of requests are far lower. They are not built to detect or prevent the cumulative risk that emerges when autonomous systems scale. This gap between the speed at which agents operate and the visibility that legacy security tools provide creates a window of vulnerability that Durand argues enterprises can no longer afford to ignore or defer.
Andre Durand's perspective reflects a critical timing shift in enterprise security thinking. Zero trust as a concept is not new, but the advent of agentic AI—systems that autonomously make requests and take actions—has fundamentally altered the calculus. Traditional security models were built around user-centric risk: a human logs in once, is verified, and operates within defined permissions. That model assumes human judgment gates resource access. Agentic systems compress that timeline dramatically. Where a human employee might make a handful of access requests per day, an AI agent can make thousands. Each individual approval looks benign, but the cumulative exposure across an enterprise running many agents is profound. The body emphasizes that existing security frameworks are not equipped to catch this accumulation because they were not designed for this velocity and scale. The shift Durand describes is not merely an upgrade but a category change: zero trust must move from an occasional verification event to a continuous, real-time process embedded in every agent action.
AI-summarized, only the topics you pick — one digest a day via Email, Slack, or Discord.
Free · takes 30 seconds · unsubscribe anytime
No comments yet. Be the first to share your thoughts!
Log in to join the discussion



Get curated AI news from 200+ sources delivered daily to your inbox. Free to use.
Get Started FreeFree · takes 30 seconds · unsubscribe anytime
1 minute a day. The AI essentials.
200+ sources · Email / LINE / Slack