Identiverse 2026 Spotlights Identity Security for AI Agents

Identiverse 2026 convened in Las Vegas last week; Security Boulevard and GitGuardian report that more than 3,800 identity professionals attended and event programming included over 250 speakers. Forrester reports that Ping Identity CEO Andre Durand used his opening keynote to frame a move toward "actions, not access," describing a shift from static access control to continuous decisioning. Vendor coverage from Radiant Logic identifies the company as a Diamond Sponsor and highlights onsite keynotes, masterclasses, and customer sessions focused on unifying identity data across humans, non-human identities, and AI agents.

Industry reporting from Security Boulevard and GitGuardian emphasized several recurring technical and operational challenges raised at the conference: ownership of non-human identities (NHIs), credential lifecycle and rotation, delegation and least privilege at scale, and auditability of agent actions. Observed patterns at the event point to a gap between discovery/visibility solutions and enforcement primitives; multiple panels argued that visibility alone does not provide control over what an agent can do.

Companies deploying agentic AI face an orders-of-magnitude increase in identity instances compared with human-only environments. Editorial analysis: organizations that must manage NHIs at scale typically confront automation requirements for credential issuance, rotation, and attestation and need richer telemetry to map actions to identities. Panels and practitioner sessions at Identiverse highlighted that existing identity governance tooling often assumes human lifecycle patterns and decision workflows, which complicates applying the same controls to ephemeral, programmatic agents.

• •Ownership and attestation: multiple sessions raised that without explicit ownership mapping, NHIs proliferate with weak accountability, increasing audit burden.
• •Lifecycle automation: speakers discussed embedding lifecycle controls at credential creation and tying rotation to re-attestation as scalable controls.
• •Delegation and least privilege: panels explored delegation models and scoped credentials for agents, including short-lived keys and capability-based approaches.
• •Observability and enforcement: event coverage contrasted discovery/visibility tools with enforcement mechanisms, arguing that audit logs alone are insufficient for runtime control.

Editorial analysis: observers and practitioners should track vendor roadmaps and standards activity that aim to bridge visibility and runtime enforcement for agentic identities. Watch for tooling that integrates credential lifecycle automation, attestation workflows, and high-fidelity telemetry tying actions to identities. Also monitor community-driven best practices emerging from Identiverse sessions that address delegation, capability scoping, and auditability for agent actions.

Coverage of the conference repeatedly framed the core problem as operational scale rather than a single technical breakthrough. Security Boulevard and GitGuardian characterize the market as still wrestling with ownership and governance primitives for NHIs; Forrester captured the rhetorical shift toward decisioning at runtime with the "actions, not access" formulation. Radiant Logic used the event to position offerings that aim to unify identity data and provide observability for both human and non-human identities.

Editorial analysis: practitioners evaluating or building identity systems for agentic AI should consider automation of credential issuance and rotation, stronger attestation and ownership metadata, capability-based delegation patterns, and runtime enforcement tied to well-instrumented audit trails. These are recurring themes at Identiverse and reflect the immediate engineering trade-offs teams will encounter when agents move from experimental to production scale.