Industry News: Akeyless launches AI Agent Identity Security for safer autonomous operations
AI agents are moving from experiments to daily operations. Akeyless just announced an AI Agent Identity Security solution aimed at securing how these agents authenticate, get access, and take action across your stack.
More than 95% of organizations plan to deploy AI agents in the next year. That's a surge of new, independent identities touching core systems-each one a potential incident if you don't control credentials, privileges, and auditability.
Why operations teams should care
Recent research found hundreds of secrets and tokens exposed in public AI extension packages. Investigators have also shown how prompt attacks can trick connectors into revealing API keys and secrets.
As former-NSA Director Admiral Mike Rogers put it, "AI Agents have an inherent design flaw in that they are aware of their own identities and credentials. When combined with their growing authorization to vast amounts of data across many workload environments, we get a constantly expanding attack surface."
What Akeyless is shipping
1) SecretlessAI™
Replaces static, embedded secrets with just-in-time, identity-based authentication. Access is short-lived and verified at request time, reducing credential sprawl and leakage risk.
2) AI Agent Identity Provider (IdP)
Issues verifiable, federated digital identities for agents that operate across clouds and on-prem. Integrations with AWS, GCP, and Azure IAM-and with OpenAI, Google Gemini, Anthropic Claude, and Grok-swap static API keys for dynamic credentials. IDE plugins for VS Code, Cursor, and GitHub Copilot extend the same controls into developer workflows.
3) AI Agent Privileged Access (PAM)
Applies Zero Trust and least-privilege to autonomous activity. Continuously monitors and governs agent actions so you can block misuse before it creates downtime, data loss, or policy violations.
4) AI Insights
An assistant for identity security: ask natural-language questions, pull instant reports, and surface risky behavior across agents, machines, and human access for faster remediation.
How it fits into your stack
Akeyless positions this as part of a broader Identity Security Platform: Secrets Management, Certificate Lifecycle Management & PKI, Workload Identity Federation, AI Agent Security, Multi-Vault Governance, and privileged access. It runs on a zero-knowledge model using patented Distributed Fragments Cryptography (DFC) with quantum-safe encryption.
For ops leaders, the draw is central control and consistent policy enforcement across multi-cloud, on-prem, and developer environments-without baking static secrets into code, tools, or agents.
Practical rollout plan (fast path)
- Week 0-2: Inventory and risk - List every AI agent, extension, and connector. Map each to data stores, APIs, and secrets. Flag any static keys in repos, CI, or config.
- Week 2-6: Go secretless - Replace embedded credentials with short-lived, identity-based access. Start with high-risk agents and production APIs.
- Week 4-8: Privilege and policy - Enforce least-privilege roles. Add guardrails for sensitive actions (write/delete/transfer). Require step-up approval for risky operations.
- Week 6-10: Observe and automate - Pipe identity and session logs to your SIEM. Set alerts for anomalous agent behavior and failed auth spikes. Auto-revoke or pause on policy violations.
Ops metrics that matter
- % of agents using short-lived credentials vs. static keys
- Mean time to revoke agent access (MTTR-Access)
- Failed authentication rate per agent and per integration
- Number of privileged actions per agent; % with approvals
- Secrets found in code or packages (trend to zero)
Governance and incident readiness
- Auditable identity - Ensure every agent has a verifiable identity tied to policy and logs you can trust.
- Pre-commit defenses - Block secrets in repos and extensions; scan packages before deployment.
- Runbooks - Define kill switches for agents, auto-rotation, and step-up approvals for sensitive tasks.
- Testing - Red team prompt attacks against connectors; validate that keys and secrets are never exfiltrated.
Key takeaways for Operations
- Static credentials plus autonomous agents equals avoidable incidents. Move to short-lived, identity-based access.
- Treat agents like non-human workforce identities: provision, monitor, limit, and deprovision with the same rigor.
- Build guardrails where agents act: least-privilege policies, step-up approvals, and real-time session oversight.
- Centralize identity and secrets to reduce tool sprawl, close audit gaps, and speed incident response.
As Akeyless CEO Oded Hareven notes, AI Agent adoption is just getting started-and unmanaged identities will drive breaches if left unchecked. The path forward is clear: verifiable identities, secretless access, and continuous control.
If you're formalizing your approach, NIST's Zero Trust guidance is a helpful reference point: NIST SP 800-207. For threat patterns like prompt injection and secret leakage in AI apps, see the OWASP Top 10 for LLM Applications.
Want to upskill your team on AI operations and governance? Explore role-based programs here: Complete AI Training - Courses by Job.
Your membership also unlocks:
