Why AI is forcing a reset of the identity stack

Identity and access management (IAM) is no longer a back-office security control. In an AI-driven world, it is fast becoming the control plane for how organisations operate, compete and manage risk.

The rapid adoption of generative AI (GenAI), autonomous agents and machine-driven workflows is fundamentally reshaping the identity landscape. What we are seeing is not an incremental evolution of IAM, but the emergence of an entirely new identity stack, one that must account for humans, machines and increasingly, AI agents acting with autonomy and speed.

This shift is exposing a critical gap. Traditional IAM architectures were built around relatively static identities, employees, partners and customers, with predictable access patterns. AI breaks that model. Identities are now dynamic, ephemeral and often non-human, with agents being created, modified and retired in real time.

That has immediate security implications. Gartner predicts that by 2028, 25% of organisational breaches will be traced back to AI agent abuse, underscoring how quickly this risk surface is expanding.