Video security, access control and adjacent industries are far from being the only ones where AI agents are having a major impact on how organizations redesign their workflows. The possibilities seem endless—as are the challenges that come with it.
Video security, access control and adjacent industries are far from being the only ones where AI agents are having a major impact on how organizations redesign their workflows. The possibilities seem endless—as are the challenges that come with it.
In its
The State of Identity Security in the AI Era study, Semperis, a leading cybersecurity company and Active Directory (AD) expert, highlights how organizations deal with cybersecurity threats against systems that integrate agentic AI. We talked to Sarah Cecchetti, Director of Product Management, Semperis, about the study’s key findings, as well as best practices for users and system integrators in physical security and beyond.
Asmag: Your recently published The State of Identity Security in the AI Era study highlighting the effects of agentic AI on the cyberthreat level at professional organizations. What are your key findings? What findings surprised you?
Sarah Cecchetti: One of the clearest findings in the report is that AI is reshaping the identity attack surface far beyond the human user. As AI agents, service principals, and other non-human identities multiply, organizations are managing a much larger and more complex trust environment, with Microsoft estimating that non-human identities already outnumber human users by 10 to 1 and may trend toward 100 to 1.
The report also highlights a structural problem: overpermissioned agents, unused permissions, and abandoned workload identities create openings that attackers can exploit quietly and at machine speed. In that environment, identity hygiene is no longer just an administrative issue; it is becoming a core resilience issue, which is why governance, strong authentication and authorization for AI agents, and recovery preparedness need to move to the center of the security strategy.
What surprised us most was the gap between adoption and readiness. Organizations are moving quickly: 92% say AI is installed on some percentage of local workforce machines, 29% already use AI agents for security-related help desk tickets, and 64%(!) expect to use AI for that purpose within the next 12 months. But only 32% are very confident they could fully regain control of their identity infrastructure after an AI-related breach. That is a striking disconnect between enthusiasm for AI and confidence in resilience.
Asmag: Do AI agents increase the overall cyberthreat level, or are they a net positive in addressing cyberthreats? Where is the balance right now, and how do you see it shifting over the next few years?
Sarah Cecchetti: AI agents are not inherently a net negative or a net positive; they are a force multiplier, and right now they are amplifying both capability and risk. They can absolutely improve security operations by helping teams move faster and handle routine tasks at scale, but today the balance still tilts toward increased risk because deployment is outpacing governance, least-privilege design, and recovery readiness. The report points to the specific reasons: agents are often overpermissioned, they can make consequential changes inside identity systems, and when they operate on local machines, they can expose secrets and vulnerabilities at machine speed. Over the next few years, I expect that balance to shift in a more positive direction, but only for organizations that treat AI agents as first-class identities and apply the same rigor around registration, authentication, authorization, monitoring, and recovery that they would apply to any other critical access.
Asmag: Your study highlights the need to govern AI agents continuously. What are the operational challenges organizations should prepare for, and what best practices are emerging in this space?
Sarah Cecchetti: The operational challenge is that governing AI agents is not a one-time control; it requires continuous visibility into what agents exist, what they can access, where they are running, and whether their permissions still make sense. The biggest risks we see are overpermissioned agents, abandoned or shadow non-human identities, and agents operating on local machines with access to credentials, browser sessions, or other secrets. The best practices emerging now are straightforward: register AI agents formally, apply strong authentication and authorization, monitor them continuously, enforce guardrails around what they can change, and make sure recovery planning is in place if an agent causes disruption. In short, organizations need to manage AI agents with the same discipline they apply to any other critical identity in the environment.
Asmag: Let's think of a concrete situation: An organization realizes its system has been breached and a compromised AI agent was involved. How does that change the response compared with a ‘conventional’ breach?
Sarah Cecchetti: A breach involving a compromised AI agent changes the response because you are not just containing a bad account or a compromised endpoint; you are trying to regain control of an identity fabric where a machine-speed identity may have made changes that propagate well beyond the system it touched directly. An overpermissioned agent can reconfigure security settings, expose secrets, or disrupt access in ways that ripple across connected identity systems, so the blast radius can expand faster and farther than in a conventional incident.
Asmag: Many organizations grant AI agents access to their IT systems quite liberally, including to physical security infrastructures such as access control and video surveillance. What are the specific risks with regard to maintaining the overview of what AI agents are doing throughout their whole lifecycle, from their implementation to decommissioning?
Sarah Cecchetti: The physical security angle is terrifying! An agent with access to badge systems, surveillance platforms, browsers, or admin consoles can create consequences far outside its original use case. And with local harnesses like OpenClaw or Hermes running local models, the problem gets even harder: there's zero traffic running over the network, so the agent can operate through the local machine, inspect browser sessions, and use the same tools a human security director already has access to but with zero ability for network-based security tools to catch it.
Asmag: User authentication is an increasingly important factor in physical security, not just at the access control gate, but also in the maintenance of systems and the security room itself. Many organizations approach the authentication of AI agents the same way they authenticate human users. What, however, should operational differences be in this regard? Where can an AI agent be trusted more, or less than a human user?
Sarah Cecchetti: An AI agent can be trusted more than a human only in narrow, deterministic, high-volume tasks where consistency matters and permissions are tightly bounded; it should be trusted less anywhere judgment, exception handling, physical safety, or cross-system propagation are involved. That is especially true in an identity fabric, where an agent can make a fast, apparently local change that ripples across connected access, surveillance, or administrative systems well beyond its original touchpoint, so the real control plane has to be authorization design and blast-radius containment, not just authentication at login.
Asmag: Your study focused on the awareness level within organizations that are integrating AI agents into their workflows. What regional differences did you find in the ‘general awareness’ level? Are there areas where even organizations that are doing quite well in this regard have gaps that are potentially critical?
Sarah Cecchetti: Germany showed the highest level of concern, with 84% saying increased AI functionality will make attacks on identity infrastructure more common, followed by Australia at 80%, Spain at 78%, Singapore at 77%, and the UK at 76%; France and Italy were notably lower, at 63% and 62% respectively.
But the more important finding is that no region should feel comfortable: Singapore was the most likely to say AI identity governance is a priority, with only 5% saying it is not, yet only 21% there were very confident they could fully regain control of identity infrastructure after an AI-related credential exposure; Germany shows a similar pattern, with strong awareness but only 26% expressing that level of recovery confidence.
Even the US, which performed best on recovery confidence, was only at 53%.
So the critical gap is not whether organizations have heard the warning. It is whether they have actually operationalized governance, recovery, and control of AI identities inside the identity fabric. That gap is still very real in every region we surveyed.
Asmag: Many asmag readers are system integrators who implement security solutions for their clients. What role can integrators play when organizations adopt agentic AI in their security systems? What questions should integrators ask their clients, and themselves, before connecting an AI agent to a customer's infrastructure?
Sarah Cecchetti: System integrators have a critical role here because they are often the ones turning an AI concept into an operational trust relationship inside a customer’s identity fabric, and that means they should act less like feature installers and more like risk architects. Before connecting an agent to customer infrastructure, integrators should ask: What identity will this agent use? Is it a dedicated non-human identity? What exact systems can it touch, what is the minimum privilege it needs, how will its actions be logged, how will anomalous behavior be detected, and what is the recovery plan if it is compromised or makes a bad change at machine speed?
They should also ask themselves whether they are introducing hidden blast radius through API keys, OAuth tokens, browser sessions, local machine access, or overpermissioned workflows, because agents can become new entry points to identity systems and can expose secrets or make consequential changes far beyond their original use case.
The practical standard should be simple: if you cannot clearly register it, scope it, monitor it, and decommission it, you should not connect it to the customer’s environment yet.
Asmag: In your study you write there are for now 'no good options' for governing AI agents as unique entities. What would a ‘good option’ that will hopefully emerge in the future have to look like?
Sarah Cecchetti: A good option would look like first-class identity infrastructure for agents, not a workaround that treats them as slightly unusual humans and not a pile of custom tokens, API keys, and hard-coded logic. Our study shows why the current approaches break down: 57% of organizations use the same system for human and AI identities, 43% use a separate one, and there are serious drawbacks to both because agents are short-lived, highly dynamic, and easy to overpermission, which makes scoping, auditing, and governing them as unique entities extremely hard today.
The future model needs cryptographic identity for agents across trust boundaries, explicit delegation that can say this agent is acting on behalf of this human for this purpose, policy-based authorization that is separate from authentication, full lifecycle controls from creation to revocation, and audit trails that connect every action back to a human approval and a policy decision. In other words, the goal is a deterministic control plane for an increasingly nondeterministic set of actors.
Sarah Cechetti is a seasoned technology and identity security executive who leads product management at Semperis, focusing on advancing solutions for identity-driven cyber resilience and secure access in hybrid IT environments. She is widely recognized in the identity and access management (IAM) community for her deep expertise in digital identity standards, product innovation, and strategic leadership. Before Semperis, Sarah held senior product leadership roles, including Head of Product for Amazon Cognito at Amazon Web Services (AWS), where she drove significant portfolio growth and contributed to open-source projects like the Cedar policy language. She is also a co-founder of IDPro, a professional organization for identity practitioners, and has co-authored sections of the NIST SP 800-63-3C Digital Identity Guidelines, shaping industry approaches to identity assurance and federation.