Share
AI/ML
7 min read
Share
When it comes to setting the standards for artificial intelligence (AI) agents and Model Context Protocol (MCP) server identity and security, it’s clear that no single vendor can call all the shots. That’s why Identity and Access Management (IAM) leaders are teaming up through the AGNTCY project to create an open source framework for managing agent identity, authentication, and authorization.
To get a better sense of how Cisco’s Duo Security team is approaching this space, we reached out to Colin Medfisch, Senior Product Manager at Duo Security. He shared his thoughts on agent identity and access management, key challenges facing the industry, and advice on how organizations can prepare for the growing presence of AI agents in the enterprise.
Q: What are the biggest challenges in securing AI agents?
The rise of agentic AI introduces an entirely new class of “users” into the enterprise—AI agents that operate autonomously, access sensitive (often proprietary) data, and perform tasks at machine speed and scale. Unlike traditional users or rigid machine accounts, these agents don’t rely on human judgment. It makes them both super capable, but also much riskier.
In conversation with customers, some common themes around security and AI have come up. One is around agent identity: how do you reliably identify and register each agent? There needs to be a way that shows a clear link to a responsible human.
Authorization is another concern. Agents need dynamic, context-aware permissions so they only access what’s necessary. Existing protocols like OAuth weren’t truly designed for this level of granularity. To bridge this gap, organizations are turning to policy-driven models and continuous authorization approaches that can evolve with the context in real time.
Lastly, enterprises are interested in continuous monitoring so they can trace every action an agent takes, detect anomalies, and respond quickly if something goes wrong.
Q: How is Duo addressing the challenges that come with securing AI agents?
Duo is addressing these challenges by extending our Security-First IAM approach to agentic AI.
We’re building foundational controls, such as agent identity lifecycle management, just-in-time authorization, and full behavioral monitoring via Cisco Identity Intelligence—that integrates seamlessly with existing human users. Duo acts as a control point between agents and enterprise resources, making zero trust for agentic AI both practical and accessible.
Q: How does Duo's active involvement with the AGNTCY project directly contribute to its broader strategy?
Duo’s work with the AGNTCY project is a key part of our strategy to lead identity security into the AI era. AGNTCY provides a standards-driven, open source framework for managing agent identity, authentication, and authorization.
By collaborating with AGNTCY, we’re helping to define how agent identities are established, registered, and governed. We’re also ensuring that the controls required for secure agent operations, such as human-in-the-loop delegation and agent reputation tracking are foundational. We’re also supporting the adoption of external authorization standards so that organizations can implement zero trust principles for human users and AI agents.
Q: Given the evolving landscape of AI and agent proliferation, what unique strengths or capabilities does Cisco Duo bring to the table in securing both human and machine identities in the AI era?
As AI and agents become ubiquitous, new challenges around identity and access management have emerged. We feel Duo can help organizations navigate this new shift.
Our universal zero trust approach means that every identity, no matter if it’s human, device, or agent, needs to earn trust at every step. We recognize the needs for consistent access controls and visibility across hybrid and multi-cloud environments. We’re also rethinking identity lifecycle management. Each agent has to be identifiable, traceable, and linked back to a human.
Authorization is evolving as well. Instead of static roles, we’re moving towards dynamic, intent-based access decisions, so humans and agents have the right level of access control at the right time they need it. By drawing upon Cisco’s broader security stack, we can also deliver deep behavioral monitoring and rapid incident response, even for agent-specific threats.
Finally, we know that the future of identity security means working openly and collaboratively. Through our work with projects like AGNTCY, we’re committed to open standards and want our customers to benefit from interoperable, future-proof security architectures.
Q: What advice do you have for existing Cisco Duo customers that are wondering how advancements in agent identity and security will translate into tangible benefits?
Our customers want to take full advantage of agentic AI. We want to make this transition both seamless and secure. Advancements in agent identity and security will be woven directly into the Duo experience, allowing existing controls for user authentication and access to naturally extend to AI agents.
This means that, as customers begin to deploy and rely on autonomous agents, they can do so with the same zero trust foundation they’ve come to expect from Duo, minimizing operational friction while maintaining strong identity security standards.
By integrating AI agents into Duo’s identity framework, organizations gain the ability to enforce consistent, least-privilege access policies and maintain visibility across both human and machine identities. This unified approach ensures that every action, whether taken by a person or an agent, can be traced, audited, and reviewed, providing the assurance needed to detect and respond to anomalous behavior.
Q: What steps should organizations consider taking now to prepare for the increasing proliferation of AI agents in their environments?
To get ready for the growing presence of AI agents, organizations should begin by understanding where these agents are already at work or planned for deployment within their environments. Setting up clear registration and approval processes, where every agent is registered, ownership is defined, and explicit human delegation is required, lays the groundwork for responsible adoption.
Moving toward dynamic, fine-grained access policies, and using Duo’s monitoring capabilities to continuously review agent activity, will help teams proactively manage risk.
By taking these steps now, our customers can confidently scale their use of agentic AI, leading to new productivity gains without sacrificing security or compliance.
Q: Looking to the future, how does Duo see identity security evolving as autonomous AI agents become more common? And what major developments or new initiatives can we expect from Duo in this area over the next few years?
Duo’s long-term vision is to make adopting agentic AI secure and practical for every organization.
At the heart of this vision is a redefinition of identity itself. AI agents will be treated as first-class citizens within identity and access management. They’ll be met with the same rigor around lifecycle, provenance, and accountability that we apply to human users.
We’re committed to bringing zero trust principles to every corner of the enterprise. Security will extend universally across people, devices, and agents, regardless of where they operate, on-premises, in the cloud, or at the edge.
Our goal is also to foster an open, portable ecosystem. By championing industry standards and enabling agent portability, we want organizations to avoid vendor lock-in and have the freedom to build, run, and secure agents wherever it best suits their business needs and to use Duo where it makes the most sense for them.
Q: What major developments or new initiatives can we expect from Duo in this area over the next few years?
Looking ahead, we envision an enterprise-ready agent security platform. It’ll be easy enough for the entire workforce to use, not just developers, while safely unlocking the full potential of AI automation.
To make this a reality, Duo is investing in deeper integration with agent hosting frameworks, enhancing behavioral analytics for agents, and expanding the Duo Directory and authorization capabilities to support the growing complexity of agent-driven workflows. And as the ecosystem evolves, we’re committed to leading the development and adoption of standards that ensure security, interoperability, and trust in this new era of identity.
To hear more discussions between Outshift and Duo teams about how organizations can build secure, scalable agentic AI solutions, watch our recent joint webinar: The Key Autonomous AI Agents and MCP Servers You Can Trust.
Get emerging insights on innovative technology straight to your inbox.
See how SoftServe used AGNTCY to overcome intelligent video monitoring challenges with scalable, modular, and real-time solutions.
* No email required
The Shift is Outshift’s exclusive newsletter.
Get the latest news and updates on agentic AI, quantum, next-gen infra, and other groundbreaking innovations shaping the future of technology straight to your inbox.