CISOs across Asia are facing a rapidly evolving threat landscape as agentic AI adoption surges, outpacing existing security measures. Enterprise Management Associates (EMA) research reveals a critical gap between the enthusiasm for deploying AI agents and the preparedness of current Identity and Access Management (IAM) infrastructures.
The study, authored by Ken Buckler, highlights that agentic AI is no longer a future concept but a present reality, reshaping operational practices across industries.
Yet, a significant portion of organisations are ill-equipped to handle the identity and security challenges these autonomous entities introduce. The most immediate risk is the misplaced belief that existing IAM solutions can absorb the identity load of AI agents.
"When it comes to agentic AI identity, most organisations are woefully unprepared for inherent security risks and operational challenges of managing those identities," says Buckler.
This unpreparedness is further compounded by the fact that 79% of organisations without written policies regarding agentic AI have already deployed these agents. This highlights a significant blind spot, leaving organisations vulnerable to systemic risks.
The research indicates that 41% of organisations have security or reliability concerns with their current IAM providers, a major red flag given the autonomous nature of AI agents. Furthermore, unpredictable costs associated with IAM solutions are a top challenge for many, particularly medium and large organisations.
For Asian CISOs, this means a fundamental shift in IAM is needed. AI agents must be treated as first-class digital identities, managed with the same rigor as human users. Without this paradigm shift, organisations risk introducing systemic vulnerabilities into their operational fabric.
Immediate actions include establishing Zero Trust agent-centric policies, demanding unified visibility, and seeking scalable, all-in-one IAM solutions that treat agents as first-class digital citizens.
