The CSA’s paper “Agentic AI Identity and Access Management: A New Approach” addresses the inadequacy of traditional IAM systems when applied to autonomous, dynamic agentic AI systems operating in multi-agent environments. It proposes a novel IAM framework built around decentralized, verifiable Agent Identities using Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs) that capture an AI agent’s capabilities, provenance, and security posture. Key components include an Agent Naming Service (ANS) for secure agent discovery, dynamic fine-grained access controls such as attribute- and policy-based mechanisms, and a unified session management layer ensuring consistent enforcement and real-time revocation across heterogeneous ecosystems. The framework leverages zero-trust architecture and privacy-enhancing technologies like Zero-Knowledge Proofs for secure, context-aware, adaptive IAM that meets the unique demands of agentic AI, emphasizing self-sovereign control and continuous monitoring in this new paradigm.
Publication's URL
https://cloudsecurityalliance.org/artifacts/agentic-ai-identity-and-access-management-a-new-approachAdditional documents on this topic
- OWASP Practical Guide for Secure MCP Server Development
- NIST IR 8596 Cybersecurity Framework Profile for Artificial Intelligence (Cyber AI Profile): NIST Community Profile ★★★★★
- ETSI EN 304 223: Securing Artificial Intelligence (SAI) – Baseline Cyber Security Requirements for AI Models and Systems
- CSA Data Security within AI Environments
- CISA Principles for the Secure Integration of Artificial Intelligence in Operational Technology