Identity for AI Agents: From Gatekeeper to Command Center

This IDC Market Perspective analyzes how AI agents are reshaping IAM and accelerating convergence across identity, security, and telemetry. Regulation - including the EU AI Act, EU Data Act, NIS2, DORA, and U.S. EO 14028 - elevates identity from enabler to enforcement boundary, shifting AIM from optional to obligatory. Vendors that deliver AIM-ready fabrics, verifiable authorization, continuous signal sharing, and regulator-grade auditability will set the pace. Buyers that operationalize AIM now will achieve safer autonomy, faster."The identity landscape is shifting from static, manual trust to continuous, telemetry-driven verification across devices, data, networks, and workloads," said Senior Research Analyst Emanuel Figueroa, Worldwide Identity and Access Management Security at IDC. "For years we said, 'Trust but verify,' but AI agents now demand something closer to 'Verify, continuously.' They represent a shift as disruptive as microservices, redefining how autonomy and security intersect. In this emerging architecture, identity doesn't just enable AI security - identity is AI security."