Close Menu
Alpha Leaders
  • Home
  • News
  • Leadership
  • Entrepreneurs
  • Business
  • Living
  • Innovation
  • More
    • Money & Finance
    • Web Stories
    • Global
    • Press Release
What's On
Elon Musk and Sam Altman accuse each other of scamming investors as each pitches their AI vision

Elon Musk and Sam Altman accuse each other of scamming investors as each pitches their AI vision

13 July 2026
NYT Connections Hints And Answers: Tuesday, July 14

NYT Connections Hints And Answers: Tuesday, July 14

13 July 2026
Exclusive: Delaware Secretary of State partners with Norm Ai to propose the AIC, a legal entity for agents

Exclusive: Delaware Secretary of State partners with Norm Ai to propose the AIC, a legal entity for agents

13 July 2026
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram
Alpha Leaders
newsletter
  • Home
  • News
  • Leadership
  • Entrepreneurs
  • Business
  • Living
  • Innovation
  • More
    • Money & Finance
    • Web Stories
    • Global
    • Press Release
Alpha Leaders
Home » ​Why Authentication Is Not Enough For Agents
Innovation

​Why Authentication Is Not Enough For Agents

Press RoomBy Press Room13 July 20266 Mins Read
Facebook Twitter Copy Link Pinterest LinkedIn Tumblr Email WhatsApp
​Why Authentication Is Not Enough For Agents

Shashwat Sehgal is CEO and co-founder of P0 Security, helping enterprises secure runtime access across agents and users before risk happens.

Most companies start AI agent security by examining the agent itself: which agents exist, what systems they can reach, what permissions they have and what actions they can take. Those are reasonable questions. But they are not enough.

The harder problem is not the agent in isolation but what happens when a requester, an agent, a tool and a resource come together at runtime. By “requester,” I mean the human, service account, workload or even another agent that causes an agent to act. That distinction matters because agentic access does not always start with a person clicking a button. It may start with an automated process, another system or one agent calling another. Should this requester, through this agent, using this tool, be allowed to take this action on this resource right now?

That is where many identity and access models fail. Authentication can tell you who started a session. Agent inventory can tell you which agents exist. Logging can tell you something happened. But none of that alone determines whether the action should be allowed, given the full chain of authority behind it.

The Security Boundary Is The Full Chain Of Authority

It’s the full action chain that matters. A requester may have limited access. An agent may have a broader reach. A connected tool may expose actions the requester could not take directly. A downstream workflow may touch a system no one considered when the agent was approved. Each piece may look acceptable on its own, but the combination can create an authority the organization never intended. This is often missed when companies treat agent security as an agent-only problem.

In a traditional model, the path is direct: A user signs in, a permission check happens, access is granted or denied and the user acts. That works when the human is both requester and actor. Agents make the path less direct: The requester may initiate work, but the agent executes it. The agent may call a tool or spawn sub-agents. A tool may reach into a database, cloud console, ticketing system, code repository or production environment. One action may trigger another, and the final outcome may be several steps from the original request.

Authentication alone is not control. Control means knowing whether the requester had the right to cause the action, whether the agent stayed within scope, whether the tool was appropriate and whether the resource was allowed to be touched. It also means being able to stop, escalate or constrain the action when risk rises, then revoke access when the task ends.

Runtime Authorization Is The Missing Control Layer

This is where agentic runtime security matters. The real security decision happens at runtime: who initiated the action, which agent is acting, which tool is used, which resource is touched, what the action will do and whether the full combination should be allowed. After the action completes, if an agent finishes a task, that access should not become permanent. The same JIT principle applies: Access should be for a specific purpose, constrained to the right scope and revoked when the task, workflow, session or project is done.

Security teams are asked to approve agent use without a clear way to understand what agents can do once connected. Platform teams build agent workflows without consistent enforcement across every tool. Compliance teams seek audit trails, but logs are fragmented: the requester in one place, the agent in another, the tool somewhere else.

Fragmentation is the problem. If an agent changes a production setting, queries customer data or triggers an operational workflow, the organization needs the full path behind that action. It’s not enough to know a token was valid, an agent existed or a workflow ran. They need to know what authority was assembled in the moment and whether it should have been allowed.

For agentic systems, that becomes the real security boundary. The requester matters. The agent matters. The tool matters. The resource matters. The action matters. The runtime context matters. Looking at any single piece creates a false sense of control because risk lies in how they combine.

Companies need a practical way to govern agentic access: discover which agents exist and what they can access and connect each agent action back to the requester. They need to understand which tools, systems and resources were involved. They need policies that evaluate the full chain of action, not just the agent’s standing permissions. They need runtime controls that approve, deny, limit or escalate based on what is happening.

They also need an audit trail that leadership can understand after the fact: who or what initiated the action, which agent acted, what tool was used, what resource was touched, what the outcome was, whether the action was allowed by policy and where it should have been stopped. That is the difference between observing agent activity and governing agentic access.

It is tempting to treat agent security as a visibility problem first: Build an inventory, map the agents and watch what they do. That matters, but it only answers part of the question. Companies must govern what agents can do, on whose behalf, under what conditions and against which systems. That requires runtime authorization.

Identity still matters, but it requires more context. The requester, agent, tool and resource must be evaluated together because access in an agentic system is exercised that way. This is the start of blended identity for agents: a better understanding of the full chain of authority behind an action.

The companies that get this right will move faster with agents because they’ll have a control model that matches how agents work. They’ll know what agents can reach, who or what caused each action and whether it should be allowed. When something goes wrong, they’ll explain the chain clearly. Those that don’t will keep asking narrower questions: Who authenticated? Which agent ran? Was there a log?

Those questions matter, but they do not answer the central one: Should this requester, through this agent, using this tool, have been allowed to take this action on this resource at that moment?

​How are you solving for this?​​

Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?

Shashwat Sehgal
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link

Related Articles

NYT Connections Hints And Answers: Tuesday, July 14

NYT Connections Hints And Answers: Tuesday, July 14

13 July 2026
Conor McGregor Makes Retirement Announcement After UFC 329 Injury

Conor McGregor Makes Retirement Announcement After UFC 329 Injury

13 July 2026
Tuesday, July 14 Clues And Answers

Tuesday, July 14 Clues And Answers

13 July 2026
Most Companies Have AI Tools, But Many Don’t Rewire Themselves For AI

Most Companies Have AI Tools, But Many Don’t Rewire Themselves For AI

13 July 2026
How AI Has Surfaced What’s Truly Valuable In Product Management

How AI Has Surfaced What’s Truly Valuable In Product Management

13 July 2026
The ‘Palworld’ Stats To Level First, Those To Ignore And How To Respec

The ‘Palworld’ Stats To Level First, Those To Ignore And How To Respec

13 July 2026
Don't Miss
Unwrap Christmas Sustainably: How To Handle Gifts You Don’t Want

Unwrap Christmas Sustainably: How To Handle Gifts You Don’t Want

By Press Room27 December 2024

Every year, millions of people unwrap Christmas gifts that they do not love, need, or…

Exclusive: DeFi platform Azura launches after raising .9 million from Initialized

Exclusive: DeFi platform Azura launches after raising $6.9 million from Initialized

22 October 2024
Sam Altman’s World Wants To Scan Your Eyes To Prove You’re Human

Sam Altman’s World Wants To Scan Your Eyes To Prove You’re Human

22 October 2024
Stay In Touch
  • Facebook
  • Twitter
  • Pinterest
  • Instagram
  • YouTube
  • Vimeo
Latest Articles
Trump takes a page from Iran’s Hormuz playbook, leveraging the chokepoint to generate revenue

Trump takes a page from Iran’s Hormuz playbook, leveraging the chokepoint to generate revenue

13 July 20262 Views
Tuesday, July 14 Clues And Answers

Tuesday, July 14 Clues And Answers

13 July 20262 Views
Meet Dan Sullivan, the retired schoolteacher running for office who insists he’s not trolling sitting Senator Dan Sullivan

Meet Dan Sullivan, the retired schoolteacher running for office who insists he’s not trolling sitting Senator Dan Sullivan

13 July 20262 Views
The Fed’s Christopher Waller Warns of Higher Rates if Inflation Stays High

The Fed’s Christopher Waller Warns of Higher Rates if Inflation Stays High

13 July 20263 Views

Recent Posts

  • Elon Musk and Sam Altman accuse each other of scamming investors as each pitches their AI vision
  • NYT Connections Hints And Answers: Tuesday, July 14
  • Exclusive: Delaware Secretary of State partners with Norm Ai to propose the AIC, a legal entity for agents
  • Conor McGregor Makes Retirement Announcement After UFC 329 Injury
  • Trump takes a page from Iran’s Hormuz playbook, leveraging the chokepoint to generate revenue

Recent Comments

No comments to show.
About Us
About Us

Alpha Leaders is your one-stop website for the latest Entrepreneurs and Leaders news and updates, follow us now to get the news that matters to you.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks
Elon Musk and Sam Altman accuse each other of scamming investors as each pitches their AI vision

Elon Musk and Sam Altman accuse each other of scamming investors as each pitches their AI vision

13 July 2026
NYT Connections Hints And Answers: Tuesday, July 14

NYT Connections Hints And Answers: Tuesday, July 14

13 July 2026
Exclusive: Delaware Secretary of State partners with Norm Ai to propose the AIC, a legal entity for agents

Exclusive: Delaware Secretary of State partners with Norm Ai to propose the AIC, a legal entity for agents

13 July 2026
Most Popular
Conor McGregor Makes Retirement Announcement After UFC 329 Injury

Conor McGregor Makes Retirement Announcement After UFC 329 Injury

13 July 20262 Views
Trump takes a page from Iran’s Hormuz playbook, leveraging the chokepoint to generate revenue

Trump takes a page from Iran’s Hormuz playbook, leveraging the chokepoint to generate revenue

13 July 20262 Views
Tuesday, July 14 Clues And Answers

Tuesday, July 14 Clues And Answers

13 July 20262 Views

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025
  • April 2025
  • March 2025
  • February 2025
  • January 2025
  • December 2024
  • November 2024
  • October 2024
  • September 2024
  • August 2024
  • July 2024
  • June 2024
  • May 2024
  • April 2024
  • March 2024
  • February 2024
  • January 2024
  • December 2023
  • March 2022
  • January 2021
  • March 2020
  • January 2020

Categories

  • Blog
  • Business
  • Entrepreneurs
  • Global
  • Innovation
  • Leadership
  • Living
  • Money & Finance
  • News
  • Press Release
© 2026 Alpha Leaders. All Rights Reserved.
  • Privacy Policy
  • Terms of use
  • Advertise
  • Contact

Type above and press Enter to search. Press Esc to cancel.