AI agent security for enterprises: Securing multi-agent systems at scale with Permit.io and AGNTCY

As AI agents become integral to modern enterprise software, organizations face new challenges in identity management, data security, and permission control. 

The Outshift by Cisco marketing team sat down with Permit.io, an AGNTCY contributing member and a leader in fine-grained authorization and identity solutions, to explore how their latest advancements help enterprises manage the growing complexity of AI-driven workflows.

Gabriel Manor, Vice President of Developer Relations at Permit.io, shares real-world customer stories, discusses the company’s commitment to open source and industry standards, and offers a forward-looking perspective on the role of agentic identity in a zero-trust world. 

Q: Permit.io recently announced a new solution for AI agent security. What is it about AI agents that led you to create a new identity and access management platform?

Permit.io’s new agent security solution is an evolution of the company’s core mission to provide fine-grained permissions for modern applications. 

Apps handle enormous volumes of information—ranging from user profiles to individual prompts—making it more important than ever to manage permissions at a granular level. Controlling access based on specific attributes or even relationships between data points is a must.

A key driver of this shift is the growing demand for zero trust security models in cloud native environments. With applications becoming more distributed and users expecting greater autonomy, organizations are under more pressure to meet higher requirements for privacy, ownership, and security. Fine-grained permissions allow for nuanced controls, like setting quotas or granting access to select data subsets, which are essential in today’s world.

While this started as addressing developer-centric needs, AI agents bring a wider range of people when it comes to interacting with permissible resources. 

Product managers, marketers, and legal professionals can use AI agents to perform complex actions and access APIs, sometimes without a full understanding of security implications. This democratization of AI and automation means that permission systems need to be easy to use for everyone, not just engineers. 

In response, Permit.io has introduced an agent security platform designed to sit on top of its existing infrastructure. This platform acts as a hybrid identity provider and security posture manager, enabling organizations to define, authenticate, and enforce permissions for both AI agents and human users. It leverages standards such as OAuth and uses relationship-based access control to ensure that permissions are enforced at the most appropriate level—down to individual tasks or prompts initiated by AI agents.

By bringing human, machine, and AI agent identities and access management together, organizations can keep a consistent, zero trust security posture. This makes it easier for technical and non-technical users to confidently tap into the potential of AI agents, knowing that context-aware permissions are in place to protect sensitive data and operations every step of the way.

Q: Can you provide us with an example highlighting how your customers are solving AI identity problems today?

One example comes from a major hedge fund with a relatively small IT team but a large user base of traders. Recognizing that standard data exploration tools weren’t sufficient, they urgently needed to securely deploy and manage multiple Model Context Protocol (MCP) servers for their workforce. 

By implementing the Permit.io MCP gateway—part of the agent security solution—they could quickly roll out custom MCPs to their traders within two weeks. Since they were already Permit.io customers, their existing policies were automatically applied to the new gateway, making for faster  deployment and eliminating the need to write new policies or custom code.

This demonstrates how Permit.io’s agent security and identity management solutions can help organizations achieve granular control, seamless integration, and rapid deployment of AI tools. By supporting industry protocols and building on existing policies, customers can tackle AI identity and permission challenges  with ease and confidence.

Q: Given your background in technical leadership, security, and devtools, how do you see the role of fine-grained authorization evolving as AI agents become more prevalent in enterprise environments?

AI agents are transforming the role of fine-grained authorization. As organizations allow users to create or deploy custom AI agents—sometimes embedded within everyday software features—there is a growing need for standardized controls. Every agent must meet strict identity and permission requirements. With AI agents accessing a broader array of datasets and performing more sensitive operations, the complexity of permissions is rising dramatically. Every task or prompt initiated by an agent may require specific, contextual permissions, making it crucial for industry standards and frameworks to support all users  in understanding and managing access rights. 

The traditional, static consent screen—once encountered only occasionally—will become a frequent and vital touchpoint. It will let users see and control which agents have access to their data and actions at any given moment.

To meet these demands, you need dynamic consent mechanisms. Features like adaptive consent screens that provide fine-grained, temporary permissions allow users to approve or restrict AI agent actions in real time. This approach balances security and productivity.

As a result, end users can act as supervisors over their own collections of AI agents. They can manage permissions seamlessly and securely as AI adoption continues to grow.

Q: You mentioned that people will start building custom agents as features within their software. What new risks and challenges are emerging around resource management, permissions, and data security because of this trend?

Platforms like Clay, Salesforce, and n8n allow users without technical expertise to build and configure their own agents. This can lead to several issues such as unintended resource consumption, overspending on credits, and accidental exposure of sensitive data are becoming more common. A simple mistake or misconfiguration in an agent can quickly deplete a user’s monthly credits or inadvertently grant broad access to personal or company data.

These risks show why fine-grained policies and controls are needed.It’s not just to manage identity and permissions, but also to set restrictions like rate limiting and data access boundaries. Many engineering teams have long dealt with these challenges through FinOps and DevOps practices, but now non-technical users need these safeguards as well. 

Q: Your team has been collaborating with other organizations on the AGNTCY Linux Foundation project to evolve the approach to agentic identity. Can you tell us why you chose to become part of AGNTCY? 

One of the main reasons we joined the AGNTCY project is its commitment to making identity and agentic security first-class priorities in the agent ecosystem. While protocols like MCP are valuable and have excellent teams working on them, we found that their reliance on OAuth can limit the creation of  agent-centric identity and security. AGNTCY, in contrast, is designed from the ground up to prioritize both identity and agentic security, which is essential for enabling enterprise-grade and production-ready AI agents.

We see AGNTCY as an important collaboration opportunity offering promising standards. As a company with strong expertise in identity management, we believe we can contribute to this project in a meaningful way. We’ve already been involved in shaping the framework and its initial demos, and we’re excited to continue working with organizations to advance agentic identity for the broader ecosystem.

Ultimately, our involvement is driven by the belief that putting identity and security at the forefront is crucial for the future of AI agents. AGNTCY provides the right foundation to achieve that vision.

Q: How does your commitment to open source components benefit developers and enterprises adopting Permit.io’s platform? 

Open source is especially important for developer-first companies like ours. It fosters transparency, trust, and collaboration. By opening up identity standards for AI agents we are speeding up adoption and simplifying integration, which means both our users and our business win.

Identity, particularly in the context of AI agents, is inherently distributed—there isn’t a single provider that can cover every scenario. Open standards and open source components give organizations the power to configure and deploy solutions like the Permit.io policy engine, consent screen, and gateways in a truly plug-and-play manner. 

This flexibility and interoperability get an extra boost from collaborative projects like AGNTCY, helping us provide adaptable tools that work for a variety of use cases.

Q: What are the next significant frontiers or challenges Permit.io aims to tackle in AI agent security and authorization, and how might these influence the AGNTCY project’s roadmap?

The world of agentic identity and permission standards is still in its early stages. One of the main challenges is creating clear, interoperable ways for systems to communicate and enforce fine-grained authorization—especially as AI agents become more autonomous. 

Permit.io sees this as an opportunity to help shape these standards with the AGNTCY project, by advancing both AI agent identity standards and fine-grained permission models that allow agents to verify and enforce their own permissions.

We aim to drive innovation in making agent identity and authorization seamless, secure, and scalable. The goal is to build an ecosystem where AI agents can  check and enforce their permissions, supporting zero trust principles and enabling organizations to confidently deploy autonomous agents. 

As the field matures, we want to contribute our  expertise and technology to both the broader standards community and to AGNTCY’s roadmap.

Overall, we’re focused on agent security and authorization, working with partners and the open source community to ensure that flexible solutions are available as AI adoption accelerates. By focusing on identity and fine-grained permissions, Permit.io and the AGNTCY project are laying the foundation for secure, scalable, and innovative use of AI agents in the enterprise.

Explore the future of identity and access management in an AI-driven world

At Outshift we believe that agent identity standards cannot be vendor controlled. That’s why we’ve partnered with industry experts like Permit.io to host a meetup next week in San Francisco. Join us for drinks and discussion at Reimagining IAM for an Agent World,, where industry thought leaders  will share groundbreaking strategies for securing autonomous AI agents. 

If you’re unable to attend the event, don’t miss our live webinar, The Key Autonomous AI Agents and MCP Servers You Can Trust, where you’ll gain practical insights and actionable guidance for building secure, scalable AI solutions. Secure your spot today and be part of the conversation shaping the future of enterprise AI security!