Introduction:
AI agents are quickly moving from experimentation to production, creating new opportunities for automation as well as new security risks. As organizations race to deploy agentic AI, questions around identity, authorization and accountability are becoming just as important as the models themselves. In this conversation, Ory’s Chief Product Officer Greg Vesper explains why identity is emerging as the control plane for AI agents, how enterprises should think differently about securing autonomous software, and what the future of agent identity management looks like.
Q: You’ve spent much of your career building enterprise infrastructure and security products. What did you see in the emergence of AI agents that convinced you this was the next major identity challenge to solve, and why did Ory have the right foundation to tackle it?
A: Enterprise adoption of agentic computing dramatically diverges from legacy adoption patterns. It took a decade for internet electronic commerce to go mainstream. Even though the technology was safer, faster, and cheaper than legacy alternatives, and the downside risk was minimal. It has taken under a year for enterprises to adopt agentic computing where the costs are material, the downside risks are significant, and unknowns are still being discovered. Discovery is happening in real time, inside enterprise operations.
The enterprise adoption curve remains aggressive for three durable reasons:
- We have sophisticated technology accessible by ordinary people using plain English. This has never happened before.
- The functional utility of AI for workforce optimization and automation is a much larger step-function in productivity than preceding innovations.
- Global capital investment and competition has created a high-stakes marketplace driving accelerated cycles of innovation and adoption.
With adoption outpacing compliance, legacy controls, and legacy ROI metrics, enterprises need safe and pragmatic solutions.
Why is identity the right place to start? Because agents are actors, powerful actors, often more powerful than human actors. For a safe and successful business, every actor, human and non-human, needs to be identified, authorized, and made accountable to business policy and business outcomes.
Q: We’ve seen identity evolve from workforce IAM to customer IAM to machine identities. Is agent identity simply the next step in that progression, or does it require a fundamentally different security model?
A: Agents are different from human actors in several ways:
- LLMs are powerful probability engines, this means agent actions are inherently unpredictable and non-deterministic. This non-determinism needs to be managed into deterministic outcomes for a business to operate safely and predictably.
- Most agents are ephemeral – they rapidly spawn and retire leaving behind only the artifacts of their actions.
- A single human spawns dozens of agents in a single interactive session. This creates explosive growth in the agentic call fabric.
Agents are similar to human actors in several ways:
- Agents can execute on the same broad spectrum of workforce tasks that humans do.
- Agents are uniquely identifiable.
- Agents can be granted specific permissions and authorizations.
- Every agent can be traced, tracked, and made accountable to business policies
- and outcomes.
Agent security requires the same fundamental controls required for humans – identify, authorize, make accountable. The application of these controls for agent security is substantially differentbecause the speed and volume of agent activity is substantially greater than the speed and volume of human activity.
Q: In announcing Agent Security, you said “the root cause of agentic security risk is the absence of enforceable agent identification and authorization.” Many vendors are focused on prompt injection, guardrails, model safety, or sandboxing. Why do you believe identity is the foundational problem those approaches don’t solve?
A: Safe models and agent activity are different problem domains. Safe models are good and necessary and help address cyber risk. But safe models do not govern agent activity. A safe model for margin trading does not govern the actual trading activity of a trading agent. Trading agents need to be authorized for specific trading scenarios and thresholds. This is the domain of Agent IAM – the deterministic identification and authorization of fine-grained agent activity.
Q: Ory Agent Security enforces policy at the point of action before an agent invokes a tool or executes a command. Enterprises already rely on OAuth, API keys, and service accounts for machine identities. Why does that model break down once an LLM is making the decisions?
A: The basic identity management model and primitives do not break down, rather, they are composed and deployed into the actual agent runtimes. OAuth tokens, API keys, and service accounts are all still in play – in addition to emerging standards for agentic commerce. These are the primitives that create a secure agent IAM control plane.
Ory Agent Security composes these primitives within the actual agent runtimes. This means every agent, every subagent, and every human in the loop is identified, authorized, made traceable, and made accountable. This is what creates deterministic agent behavior. Nothing else does.
Q: AI-assisted development is putting application-building capabilities into the hands of far more employees, from product managers to operations teams, not just software engineers. How does that change the way identity needs to be embedded into applications, and what design challenges does it create for a product like Agent DX?
A: It has never been easier to build applications. And every application needs authentication. So how do we make it easy to add auth flows to your app? That was the design goal for Ory Agent DX: make it trivial for any agentic developer to add auth flows to their apps with just a few prompts.
Ory already had all the IAM components and APIs, and we already had the subject matter expertise to combine those components into secure authentication flows. So we created skills for all the major agentic development environments so any agentic developer can quickly and safely add auth flows to their apps without having to become a subject matter expert in authentication protocols.
Q: Ory manages more than 2.5 billion identities and supports authentication at enormous scale. What lessons from securing human identities translate directly to autonomous AI agents, and where do the similarities end?
A: The biggest learning that carries over from human to agentic is scale. It is easy enough to say every agent needs to be identified and authorized. The runtime reality is we now have many more agents than humans – experimentation, ephemeral agent storms, agents spawning subagents – these are creating explosive growth in the identity management call fabric. Scaling the agent identity control plane becomes a real issue.
Ory has always focused on scale. Our experience scaling human identities – for instance supporting almost 1 billion weekly active users in a single deployment for a single customer – this experience and our cultural predisposition towards scalable solutions, put us in scoring position to handle the explosive growth in agent identity management.
Q: Looking ahead 18 months, what’s the agent IAM failure you expect enterprises will be talking about after the next major breach? Is the industry (including standards bodies) moving quickly enough to prevent it?
A: Agentic deploys already outpace agentic controls, and there is no putting that genie back in the bottle. We will continue to see the full spectrum of agentic missteps and growing pains. But you do not have to wait on new standards or new technology to get your agents under control. The obvious entry point for the agentic control plane is identity.
The current rally cry in the enterprise is ‘agent discovery’ to try and reel in over- empowered and over-deployed agents. The future rally cry will be ‘agent accountability.’ Every agent will be identified, authorized, audited, and held accountable to business policy and business outcomes.

Greg Vesper, Chief Product Officer, Ory
Greg Vesper is Chief Product Officer at Ory, leading product strategy and development of the company’s identity and access management platform and AI agent security. He has more than two decades of experience building enterprise infrastructure, cloud, and security products, with a focus on identity, authentication, and developer platforms.


