{"id":21593,"date":"2026-04-30T09:50:08","date_gmt":"2026-04-30T07:50:08","guid":{"rendered":"https:\/\/redtrust.com\/agentes-ia-desafio-gestao-identidades\/"},"modified":"2026-05-12T15:42:30","modified_gmt":"2026-05-12T13:42:30","slug":"ai-agents-identity-management","status":"publish","type":"post","link":"https:\/\/redtrust.com\/en\/ai-agents-identity-management\/","title":{"rendered":"AI Agents: A New Challenge for Identity Management in Organizations"},"content":{"rendered":"<p>[et_pb_section fb_built=&#8221;1&#8243; admin_label=&#8221;Secci\u00f3n&#8221; _builder_version=&#8221;4.27.4&#8243; _module_preset=&#8221;default&#8221; custom_padding=&#8221;||0px|||&#8221; global_colors_info=&#8221;{}&#8221;][et_pb_row _builder_version=&#8221;4.27.4&#8243; _module_preset=&#8221;default&#8221; custom_padding=&#8221;||0px|||&#8221; global_colors_info=&#8221;{}&#8221;][et_pb_column type=&#8221;4_4&#8243; _builder_version=&#8221;4.27.4&#8243; _module_preset=&#8221;default&#8221; global_colors_info=&#8221;{}&#8221;][et_pb_text _builder_version=&#8221;4.27.4&#8243; _module_preset=&#8221;default&#8221; header_text_color=&#8221;#E62E3B&#8221; header_2_font=&#8221;|600|||||||&#8221; header_2_text_color=&#8221;#E62E3B&#8221; header_3_font=&#8221;|600|on||||||&#8221; header_3_text_color=&#8221;#E62E3B&#8221; global_colors_info=&#8221;{}&#8221;]<\/p>\n<p>Artificial intelligence is already part of the day-to-day operations of most organizations and has significantly contributed to improving operational efficiency. This is evident in tools that analyze large volumes of data, as well as in systems capable of automating tasks and making decisions without human intervention.<\/p>\n<p>According to a McKinsey study, <a href=\"https:\/\/www.mckinsey.com\/capabilities\/quantumblack\/our-insights\/the-state-of-ai\" target=\"_blank\" rel=\"noopener\">62% of organizations report that they are experimenting with AI agents<\/a> in their operations.<\/p>\n<p>However, there is a critical aspect that still does not receive the attention it deserves: AI agents are not just autonomous systems, they represent new identities within organizations.<\/p>\n<p>Just like human identities, these identities must also be managed, controlled, and audited.<\/p>\n<p>This is a new challenge for organizations, and one we will explore throughout this article.<\/p>\n<p>[\/et_pb_text][et_pb_text _builder_version=&#8221;4.27.4&#8243; _module_preset=&#8221;default&#8221; header_text_color=&#8221;#E62E3B&#8221; header_2_font=&#8221;|600|||||||&#8221; header_2_text_color=&#8221;#E62E3B&#8221; header_3_font=&#8221;|600|on||||||&#8221; header_3_text_color=&#8221;#E62E3B&#8221; global_colors_info=&#8221;{}&#8221;]<\/p>\n<h2>What is an AI agent and why should it be considered a digital identity?<\/h2>\n<p>An AI agent is a system capable of interpreting information, making decisions, and executing actions autonomously or semi-autonomously.<\/p>\n<p>More than simply executing tasks based on prompts or isolated automations, these agents interact directly with processes, applications, and corporate data.<\/p>\n<p>Within an organization, their main capabilities include:<\/p>\n<ul>\n<li>Connecting to applications and interacting with critical infrastructures<\/li>\n<li>Accessing corporate and confidential data to perform their processes<\/li>\n<li>Executing actions on behalf of the organization<\/li>\n<\/ul>\n<p>In practice, an AI agent performs functions similar to those of a human employee. For this reason, it makes sense to treat it as a non-human digital identity that requires the same level of:<\/p>\n<ul>\n<li>Security<\/li>\n<li>Control<\/li>\n<li>Traceability<\/li>\n<li>Governance<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>[\/et_pb_text][et_pb_text _builder_version=&#8221;4.27.4&#8243; _module_preset=&#8221;default&#8221; header_text_color=&#8221;#E62E3B&#8221; header_2_font=&#8221;|600|||||||&#8221; header_2_text_color=&#8221;#E62E3B&#8221; header_3_font=&#8221;|600|||||||&#8221; header_3_text_color=&#8221;#E62E3B&#8221; global_colors_info=&#8221;{}&#8221;]<\/p>\n<h2>What is the main risk associated with AI agents?<\/h2>\n<p>The biggest risk associated with AI agents does not lie in the technology itself, but in uncontrolled access to corporate systems and the lack of proper identity management. In practice, this can result in:<\/p>\n<ul>\n<li>Agents with excessive permissions<\/li>\n<li>Access to sensitive information without proper oversight<\/li>\n<li>Difficulty in tracking which actions were performed by each agent<\/li>\n<\/ul>\n<h3>Practical example<\/h3>\n<p>Imagine an AI agent connected to a software company\u2019s GitHub repository. This agent can:<\/p>\n<ul>\n<li>Read all source code<\/li>\n<li>Identify bugs<\/li>\n<li>Suggest improvements<\/li>\n<\/ul>\n<p>If access is not properly defined, the risk lies not in the agent\u2019s function, but in the level of permissions granted to it. In this scenario, some key questions arise:<\/p>\n<ul>\n<li>Can we ensure that accessed information will not be shared or exposed?<\/li>\n<li>Are the granted permissions truly necessary, or do they exceed the agent\u2019s scope?<\/li>\n<\/ul>\n<h3>How does the lack of control over AI identities impact security?<\/h3>\n<p>The absence of governance over AI agent identities directly affects an organization\u2019s security. Key risks include:<\/p>\n<ul>\n<li>Use of agents as an attack vector<\/li>\n<li>Risk of identity hijacking or spoofing<\/li>\n<li>Unauthorized access with elevated privileges<\/li>\n<\/ul>\n<p>Additionally, the lack of control reduces the organization\u2019s ability to respond to situations such as:<\/p>\n<ul>\n<li>Improper actions executed by the agent<\/li>\n<li>Automated operational errors<\/li>\n<li>Lack of visibility over active agents (shadow AI)<\/li>\n<li>This can lead to significant impacts, including:<\/li>\n<li>Leakage of confidential data (financial information, customer data, source code, etc.)<\/li>\n<li>Operational disruptions<\/li>\n<\/ul>\n<p>According to a Gravitee report, <a href=\"https:\/\/www.gravitee.io\/state-of-ai-agent-security\" target=\"_blank\" rel=\"noopener\">88% of organizations that implemented AI agents have confirmed or suspected security incidents<\/a>.<\/p>\n<p>[\/et_pb_text][et_pb_text _builder_version=&#8221;4.27.4&#8243; _module_preset=&#8221;default&#8221; text_font=&#8221;||on||||||&#8221; text_text_color=&#8221;#B0192A&#8221; text_font_size=&#8221;22px&#8221; text_orientation=&#8221;center&#8221; custom_margin=&#8221;|35px||35px|false|true&#8221; global_colors_info=&#8221;{}&#8221;]<\/p>\n<p>If an AI agent accesses corporate systems or executes actions, it must have a strong, verifiable, and revocable identity. Otherwise, the organization\u2019s attack surface increases significantly.<\/p>\n<p>[\/et_pb_text][et_pb_text _builder_version=&#8221;4.27.4&#8243; _module_preset=&#8221;default&#8221; header_text_color=&#8221;#E62E3B&#8221; header_2_font=&#8221;|600|||||||&#8221; header_2_text_color=&#8221;#E62E3B&#8221; header_3_font=&#8221;|600|on||||||&#8221; header_3_text_color=&#8221;#E62E3B&#8221; global_colors_info=&#8221;{}&#8221;]<\/p>\n<h2>Why include AI agents in an identity management model?<\/h2>\n<p>Many organizations already adopt Identity and Access Management (IAM) solutions, but most of these frameworks were designed primarily for human users.<\/p>\n<p>According to a CyberArk report, only 32% of organizations have adequate identity security controls. This means that non-human identities, such as AI agents, are also left unmanaged. Consequences of this gap:<\/p>\n<ul>\n<li>Lack of visibility over agents and their access<\/li>\n<li>Absence of specific control policies<\/li>\n<li>Difficulty in auditing and traceability<\/li>\n<\/ul>\n<p>In other words, when not integrated into a governance model, AI agents operate as unmanaged identities.<\/p>\n<p>This issue becomes even more critical considering that, according to the <a href=\"https:\/\/cloudsecurityalliance.org\/artifacts\/identity-and-access-gaps-in-the-age-of-autonomous-ai\" target=\"_blank\" rel=\"noopener\">Cloud Security Alliance<\/a>, 68% of organizations cannot accurately distinguish between actions performed by AI agents and those performed by human users.<\/p>\n<p>As automation and AI adoption grow, so does the number of agents, and consequently, the number of identities that need to be managed.<\/p>\n<p>[\/et_pb_text][et_pb_text _builder_version=&#8221;4.27.4&#8243; _module_preset=&#8221;default&#8221; text_font=&#8221;||on||||||&#8221; text_text_color=&#8221;#B0192A&#8221; text_font_size=&#8221;22px&#8221; text_orientation=&#8221;center&#8221; custom_margin=&#8221;|35px||35px|false|true&#8221; global_colors_info=&#8221;{}&#8221;]<\/p>\n<p>Limits applied to artificial intelligence should not be seen as barriers, but as essential mechanisms to ensure control, security, and governance.<\/p>\n<p>[\/et_pb_text][et_pb_text _builder_version=&#8221;4.27.4&#8243; _module_preset=&#8221;default&#8221; header_text_color=&#8221;#E62E3B&#8221; header_2_font=&#8221;|600|||||||&#8221; header_2_text_color=&#8221;#E62E3B&#8221; header_3_font=&#8221;|600|||||||&#8221; header_3_text_color=&#8221;#E62E3B&#8221; global_colors_info=&#8221;{}&#8221;]<\/p>\n<h2>Digital certificates: an essential mechanism for control and traceability<\/h2>\n<p>The question is no longer whether AI agents should be controlled, but how to do it effectively.<\/p>\n<p>One of the most efficient approaches is to treat them like any other user within the organization by assigning each agent a digital identity based on a digital certificate.<\/p>\n<h3>Benefits of using digital certificates for AI agents<\/h3>\n<ul>\n<li>Unique and unambiguous identification of each agent<\/li>\n<li>Clear definition of access policies<\/li>\n<li>Easy revocation and adjustment of permissions<\/li>\n<li>Detailed auditing of executed actions<\/li>\n<li>Control over the duration of access to resources<\/li>\n<\/ul>\n<p>Building architectures that allow organizations to manage, monitor, and audit which agents access specific resources, and for what purpose, is essential.<\/p>\n<p>Without this level of control, artificial intelligence stops being a competitive advantage and becomes an operational and security risk.<\/p>\n<p>[\/et_pb_text][et_pb_text _builder_version=&#8221;4.27.4&#8243; _module_preset=&#8221;default&#8221; text_font=&#8221;||on||||||&#8221; text_text_color=&#8221;#B0192A&#8221; text_font_size=&#8221;22px&#8221; text_orientation=&#8221;center&#8221; custom_margin=&#8221;|35px||35px|false|true&#8221; global_colors_info=&#8221;{}&#8221;]<\/p>\n<p>Digital certificates play a central role in this process, as they enable authorization, authentication, and auditing of actions, ensuring the level of trust required for the secure adoption of AI agents within organizations.<\/p>\n<p>[\/et_pb_text][et_pb_cta button_url=&#8221;https:\/\/redtrust.com\/en\/contact\/&#8221; button_text=&#8221;Talk to our experts and take control&#8221; _builder_version=&#8221;4.27.4&#8243; _module_preset=&#8221;default&#8221; body_text_color=&#8221;#171529&#8243; body_font_size=&#8221;21px&#8221; background_color=&#8221;#EAF0F2&#8243; button_alignment=&#8221;center&#8221; text_orientation=&#8221;left&#8221; custom_margin=&#8221;|0px|50px|0px|false|true&#8221; custom_padding=&#8221;|55px||55px|false|true&#8221; border_radii=&#8221;on|25px|25px|25px|25px&#8221; global_colors_info=&#8221;{}&#8221;]<\/p>\n<p>If your organization is using AI agents, ask yourself:<\/p>\n<p>Do you know exactly what each agent is accessing?<br \/>Are you fully aware of what it can do and where its limits lie?<br \/>Can you clearly prove which actions it has performed?<\/p>\n<p>If the answer to any of these is \u201cno,\u201d then you likely don\u2019t have full control over your AI agents.<\/p>\n<p>[\/et_pb_cta][\/et_pb_column][\/et_pb_row][et_pb_row disabled_on=&#8221;on|on|on&#8221; _builder_version=&#8221;4.27.4&#8243; _module_preset=&#8221;default&#8221; disabled=&#8221;on&#8221; collapsed=&#8221;off&#8221; global_colors_info=&#8221;{}&#8221;][et_pb_column type=&#8221;4_4&#8243; _builder_version=&#8221;4.27.4&#8243; _module_preset=&#8221;default&#8221; global_colors_info=&#8221;{}&#8221;][et_pb_text _builder_version=&#8221;4.27.4&#8243; _module_preset=&#8221;default&#8221; header_2_text_color=&#8221;#E62E3B&#8221; global_colors_info=&#8221;{}&#8221;]<\/p>\n<h2><strong>Perguntas frequentes sobre o tema<\/strong><\/h2>\n<p>[\/et_pb_text][et_pb_toggle title=&#8221;Por que agentes de IA precisam de controle de identidade digital?&#8221; _builder_version=&#8221;4.27.4&#8243; _module_preset=&#8221;default&#8221; global_colors_info=&#8221;{}&#8221;]<\/p>\n<p>Agentes de IA precisam de controle de identidade digital porque eles acessam sistemas, utilizam informa\u00e7\u00f5es e executam a\u00e7\u00f5es dentro das empresas. Na pr\u00e1tica, esses agentes funcionam de forma parecida com usu\u00e1rios humanos, j\u00e1 que podem:<\/p>\n<ul>\n<li>acessar dados corporativos<\/li>\n<li>interagir com aplica\u00e7\u00f5es<\/li>\n<li>automatizar tarefas<\/li>\n<li>executar opera\u00e7\u00f5es em nome da empresa<\/li>\n<\/ul>\n<p>Por isso, \u00e9 importante conseguir identificar cada agente, controlar seus acessos e acompanhar suas atividades.<\/p>\n<p>[\/et_pb_toggle][et_pb_toggle title=&#8221;Quais desafios os agentes de IA trazem para a gest\u00e3o de identidades nas empresas?&#8221; _builder_version=&#8221;4.27.4&#8243; _module_preset=&#8221;default&#8221; global_colors_info=&#8221;{}&#8221;]<\/p>\n<p>O principal desafio \u00e9 garantir que os agentes de IA tenham acessos bem definidos e operem dentro de regras claras. \u00c0 medida que esses agentes passam a executar tarefas e interagir com sistemas, as empresas precisam aplicar controles semelhantes aos que utilizam para humanos e definir regras claras de acesso, ter visibilidade sobre as a\u00e7\u00f5es realizadas,\u00a0<\/p>\n<p>Isso n\u00e3o significa que os agentes de IA sejam um risco por si s\u00f3, mas que exigem novas formas de controle e gest\u00e3o para garantir seguran\u00e7a e confian\u00e7a no seu uso.<\/p>\n<p>[\/et_pb_toggle][et_pb_toggle title=&#8221;Como controlar o acesso de agentes de IA aos sistemas da empresa?&#8221; _builder_version=&#8221;4.27.4&#8243; _module_preset=&#8221;default&#8221; global_colors_info=&#8221;{}&#8221;]<\/p>\n<p>Controlar o acesso de agentes de IA exige definir permiss\u00f5es, monitorar atividades e garantir que cada agente tenha uma identidade verific\u00e1vel. As empresas podem:<\/p>\n<ul>\n<li>limitar quais sistemas cada agente pode acessar<\/li>\n<li>definir regras e permiss\u00f5es espec\u00edficas<\/li>\n<li>monitorar as a\u00e7\u00f5es executadas<\/li>\n<li>registrar atividades para auditoria<\/li>\n<li>revogar acessos rapidamente quando necess\u00e1rio<\/li>\n<\/ul>\n<p>Esse controle ajuda a reduzir riscos e aumenta a confian\u00e7a no uso corporativo da intelig\u00eancia artificial.<\/p>\n<p>[\/et_pb_toggle][\/et_pb_column][\/et_pb_row][\/et_pb_section][et_pb_section fb_built=&#8221;1&#8243; disabled_on=&#8221;on|on|on&#8221; admin_label=&#8221;Medios&#8221; _builder_version=&#8221;4.27.4&#8243; _module_preset=&#8221;default&#8221; disabled=&#8221;on&#8221; global_colors_info=&#8221;{}&#8221;][et_pb_row _builder_version=&#8221;4.17.4&#8243; _module_preset=&#8221;default&#8221; global_colors_info=&#8221;{}&#8221;][et_pb_column type=&#8221;4_4&#8243; _builder_version=&#8221;4.17.4&#8243; _module_preset=&#8221;default&#8221; global_colors_info=&#8221;{}&#8221;][et_pb_text admin_label=&#8221;t\u00edtulo casos de uso&#8221; _builder_version=&#8221;4.27.4&#8243; _module_preset=&#8221;default&#8221; text_font=&#8221;||||||||&#8221; text_text_color=&#8221;#171529&#8243; header_2_font=&#8221;|600|||||||&#8221; header_2_text_color=&#8221;#171529&#8243; header_2_font_size=&#8221;35px&#8221; global_colors_info=&#8221;{}&#8221;]<\/p>\n<h2 style=\"text-align: center;\">Consulta nuestras publicaciones relacionadas con IA en los medios<\/h2>\n<p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=&#8221;1_2,1_2&#8243; _builder_version=&#8221;4.27.4&#8243; _module_preset=&#8221;default&#8221; global_colors_info=&#8221;{}&#8221;][et_pb_column type=&#8221;1_2&#8243; _builder_version=&#8221;4.27.4&#8243; _module_preset=&#8221;default&#8221; background_color=&#8221;rgba(234,240,242,0.5)&#8221; custom_padding=&#8221;||0px||false|false&#8221; link_option_url=&#8221;https:\/\/cyberlideriamgzn.es\/europa-puede-ganar-la-carrera-de-la-ia-si-convierte-la-confianza-digital-en-su-ventaja-competitiva\/&#8221; link_option_url_new_window=&#8221;on&#8221; border_radii=&#8221;on|30px|30px|30px|30px&#8221; border_width_all=&#8221;1px&#8221; border_color_all=&#8221;#171529&#8243; global_colors_info=&#8221;{}&#8221;][et_pb_image src=&#8221;https:\/\/redtrust.com\/wp-content\/uploads\/2026\/04\/logo-cyberlideriamgzn_.jpg&#8221; title_text=&#8221;logo-cyberlideriamgzn_&#8221; _builder_version=&#8221;4.27.4&#8243; _module_preset=&#8221;default&#8221; global_colors_info=&#8221;{}&#8221;][\/et_pb_image][et_pb_text _builder_version=&#8221;4.27.4&#8243; _module_preset=&#8221;default&#8221; text_font=&#8221;|600|||||||&#8221; text_font_size=&#8221;20px&#8221; text_orientation=&#8221;center&#8221; custom_margin=&#8221;|15px||15px|false|true&#8221; global_colors_info=&#8221;{}&#8221;]<\/p>\n<p><em>Europa puede ganar la carrera de la IA si convierte la confianza digital en su ventaja competitiva<br \/><\/em><\/p>\n<p>[\/et_pb_text][\/et_pb_column][et_pb_column type=&#8221;1_2&#8243; _builder_version=&#8221;4.27.4&#8243; _module_preset=&#8221;default&#8221; background_color=&#8221;rgba(234,240,242,0.5)&#8221; custom_padding=&#8221;||0px||false|false&#8221; link_option_url=&#8221;https:\/\/aslan.es\/la-gestion-de-identidades-como-base-de-la-seguridad-ti-art\/&#8221; link_option_url_new_window=&#8221;on&#8221; border_radii=&#8221;on|30px|30px|30px|30px&#8221; border_width_all=&#8221;1px&#8221; border_color_all=&#8221;#171529&#8243; global_colors_info=&#8221;{}&#8221;][et_pb_image src=&#8221;https:\/\/redtrust.com\/wp-content\/uploads\/2026\/04\/logo-aslan_.jpg&#8221; title_text=&#8221;logo-aslan_&#8221; _builder_version=&#8221;4.27.4&#8243; _module_preset=&#8221;default&#8221; global_colors_info=&#8221;{}&#8221;][\/et_pb_image][et_pb_text _builder_version=&#8221;4.27.4&#8243; _module_preset=&#8221;default&#8221; text_font=&#8221;|600|||||||&#8221; text_font_size=&#8221;20px&#8221; text_orientation=&#8221;center&#8221; custom_margin=&#8221;|15px||15px|false|true&#8221; global_colors_info=&#8221;{}&#8221;]<\/p>\n<p><em>La gesti\u00f3n de identidades como base de la seguridad TI; certificados digitales y la hoja de ruta hacia la era postcu\u00e1ntica<\/em><\/p>\n<p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>AI agents are already handling critical company data. Properly managing and controlling them is essential to prevent security risks and ensure secure, auditable access.<\/p>\n","protected":false},"author":6,"featured_media":21594,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","content-type":"","_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[106],"tags":[],"class_list":["post-21593","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ia"],"_links":{"self":[{"href":"https:\/\/redtrust.com\/en\/wp-json\/wp\/v2\/posts\/21593","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/redtrust.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/redtrust.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/redtrust.com\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/redtrust.com\/en\/wp-json\/wp\/v2\/comments?post=21593"}],"version-history":[{"count":6,"href":"https:\/\/redtrust.com\/en\/wp-json\/wp\/v2\/posts\/21593\/revisions"}],"predecessor-version":[{"id":21655,"href":"https:\/\/redtrust.com\/en\/wp-json\/wp\/v2\/posts\/21593\/revisions\/21655"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/redtrust.com\/en\/wp-json\/wp\/v2\/media\/21594"}],"wp:attachment":[{"href":"https:\/\/redtrust.com\/en\/wp-json\/wp\/v2\/media?parent=21593"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/redtrust.com\/en\/wp-json\/wp\/v2\/categories?post=21593"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/redtrust.com\/en\/wp-json\/wp\/v2\/tags?post=21593"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}