Close Menu
The Financial News 247The Financial News 247
  • Home
  • News
  • Business
  • Finance
  • Companies
  • Investing
  • Markets
  • Lifestyle
  • Tech
  • More
    • Opinion
    • Climate
    • Web Stories
    • Spotlight
    • Press Release
What's On
Did Meta Signal The AI Boom Is Overbuilt? Wall Street Cheered Anyway

Did Meta Signal The AI Boom Is Overbuilt? Wall Street Cheered Anyway

July 13, 2026
LA Times’ billionaire owner repeatedly fell behind on payments to Catherine Herridge, vendors: report

LA Times’ billionaire owner repeatedly fell behind on payments to Catherine Herridge, vendors: report

July 13, 2026
How To Download 1st iPhone Public Beta — Starting Now

How To Download 1st iPhone Public Beta — Starting Now

July 13, 2026
The 25 Madonna Songs That Defined Pop Music

The 25 Madonna Songs That Defined Pop Music

July 13, 2026
Fed governor warns of possible interest-rate hikes if inflation comes in hot this week

Fed governor warns of possible interest-rate hikes if inflation comes in hot this week

July 13, 2026
Facebook X (Twitter) Instagram
The Financial News 247The Financial News 247
Demo
  • Home
  • News
  • Business
  • Finance
  • Companies
  • Investing
  • Markets
  • Lifestyle
  • Tech
  • More
    • Opinion
    • Climate
    • Web Stories
    • Spotlight
    • Press Release
The Financial News 247The Financial News 247
Home » ​Why Authentication Is Not Enough For Agents

​Why Authentication Is Not Enough For Agents

By News RoomJuly 13, 2026No Comments6 Mins Read
Facebook Twitter Pinterest LinkedIn WhatsApp Telegram Reddit Email Tumblr
​Why Authentication Is Not Enough For Agents
Share
Facebook Twitter LinkedIn Pinterest Email

Shashwat Sehgal is CEO and co-founder of P0 Security, helping enterprises secure runtime access across agents and users before risk happens.

Most companies start AI agent security by examining the agent itself: which agents exist, what systems they can reach, what permissions they have and what actions they can take. Those are reasonable questions. But they are not enough.

The harder problem is not the agent in isolation but what happens when a requester, an agent, a tool and a resource come together at runtime. By “requester,” I mean the human, service account, workload or even another agent that causes an agent to act. That distinction matters because agentic access does not always start with a person clicking a button. It may start with an automated process, another system or one agent calling another. Should this requester, through this agent, using this tool, be allowed to take this action on this resource right now?

That is where many identity and access models fail. Authentication can tell you who started a session. Agent inventory can tell you which agents exist. Logging can tell you something happened. But none of that alone determines whether the action should be allowed, given the full chain of authority behind it.

The Security Boundary Is The Full Chain Of Authority

It’s the full action chain that matters. A requester may have limited access. An agent may have a broader reach. A connected tool may expose actions the requester could not take directly. A downstream workflow may touch a system no one considered when the agent was approved. Each piece may look acceptable on its own, but the combination can create an authority the organization never intended. This is often missed when companies treat agent security as an agent-only problem.

In a traditional model, the path is direct: A user signs in, a permission check happens, access is granted or denied and the user acts. That works when the human is both requester and actor. Agents make the path less direct: The requester may initiate work, but the agent executes it. The agent may call a tool or spawn sub-agents. A tool may reach into a database, cloud console, ticketing system, code repository or production environment. One action may trigger another, and the final outcome may be several steps from the original request.

Authentication alone is not control. Control means knowing whether the requester had the right to cause the action, whether the agent stayed within scope, whether the tool was appropriate and whether the resource was allowed to be touched. It also means being able to stop, escalate or constrain the action when risk rises, then revoke access when the task ends.

Runtime Authorization Is The Missing Control Layer

This is where agentic runtime security matters. The real security decision happens at runtime: who initiated the action, which agent is acting, which tool is used, which resource is touched, what the action will do and whether the full combination should be allowed. After the action completes, if an agent finishes a task, that access should not become permanent. The same JIT principle applies: Access should be for a specific purpose, constrained to the right scope and revoked when the task, workflow, session or project is done.

Security teams are asked to approve agent use without a clear way to understand what agents can do once connected. Platform teams build agent workflows without consistent enforcement across every tool. Compliance teams seek audit trails, but logs are fragmented: the requester in one place, the agent in another, the tool somewhere else.

Fragmentation is the problem. If an agent changes a production setting, queries customer data or triggers an operational workflow, the organization needs the full path behind that action. It’s not enough to know a token was valid, an agent existed or a workflow ran. They need to know what authority was assembled in the moment and whether it should have been allowed.

For agentic systems, that becomes the real security boundary. The requester matters. The agent matters. The tool matters. The resource matters. The action matters. The runtime context matters. Looking at any single piece creates a false sense of control because risk lies in how they combine.

Companies need a practical way to govern agentic access: discover which agents exist and what they can access and connect each agent action back to the requester. They need to understand which tools, systems and resources were involved. They need policies that evaluate the full chain of action, not just the agent’s standing permissions. They need runtime controls that approve, deny, limit or escalate based on what is happening.

They also need an audit trail that leadership can understand after the fact: who or what initiated the action, which agent acted, what tool was used, what resource was touched, what the outcome was, whether the action was allowed by policy and where it should have been stopped. That is the difference between observing agent activity and governing agentic access.

It is tempting to treat agent security as a visibility problem first: Build an inventory, map the agents and watch what they do. That matters, but it only answers part of the question. Companies must govern what agents can do, on whose behalf, under what conditions and against which systems. That requires runtime authorization.

Identity still matters, but it requires more context. The requester, agent, tool and resource must be evaluated together because access in an agentic system is exercised that way. This is the start of blended identity for agents: a better understanding of the full chain of authority behind an action.

The companies that get this right will move faster with agents because they’ll have a control model that matches how agents work. They’ll know what agents can reach, who or what caused each action and whether it should be allowed. When something goes wrong, they’ll explain the chain clearly. Those that don’t will keep asking narrower questions: Who authenticated? Which agent ran? Was there a log?

Those questions matter, but they do not answer the central one: Should this requester, through this agent, using this tool, have been allowed to take this action on this resource at that moment?

​How are you solving for this?​​

Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?

Shashwat Sehgal
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related News

How To Download 1st iPhone Public Beta — Starting Now

How To Download 1st iPhone Public Beta — Starting Now

July 13, 2026
NYT Connections Hints And Answers: Tuesday, July 14

NYT Connections Hints And Answers: Tuesday, July 14

July 13, 2026
How Luxury Brands Are Winning The World Cup Without A FIFA Sponsorship

How Luxury Brands Are Winning The World Cup Without A FIFA Sponsorship

July 13, 2026
Tuesday, July 14 Clues And Answers

Tuesday, July 14 Clues And Answers

July 13, 2026
What Makes A Condition A ‘Neglected Tropical Disease’?

What Makes A Condition A ‘Neglected Tropical Disease’?

July 13, 2026
Local Authorities In England Praised For Clean Air Progress In New Study

Local Authorities In England Praised For Clean Air Progress In New Study

July 13, 2026
Add A Comment
Leave A Reply Cancel Reply

Don't Miss
LA Times’ billionaire owner repeatedly fell behind on payments to Catherine Herridge, vendors: report

LA Times’ billionaire owner repeatedly fell behind on payments to Catherine Herridge, vendors: report

Business July 13, 2026

The Los Angeles Times repeatedly fell months behind on payments to contractors and vendors —…

How To Download 1st iPhone Public Beta — Starting Now

How To Download 1st iPhone Public Beta — Starting Now

July 13, 2026
The 25 Madonna Songs That Defined Pop Music

The 25 Madonna Songs That Defined Pop Music

July 13, 2026
Fed governor warns of possible interest-rate hikes if inflation comes in hot this week

Fed governor warns of possible interest-rate hikes if inflation comes in hot this week

July 13, 2026
Stay In Touch
  • Facebook
  • Twitter
  • Pinterest
  • Instagram
  • YouTube
  • Vimeo
Our Picks
NYT Connections Hints And Answers: Tuesday, July 14

NYT Connections Hints And Answers: Tuesday, July 14

July 13, 2026
Lindsey Graham’s Sister Darline Graham Nordone WIll Finish His Senate Term

Lindsey Graham’s Sister Darline Graham Nordone WIll Finish His Senate Term

July 13, 2026
Three World Trade Center inks deal with event space Glasshouse to fill longtime vacancy

Three World Trade Center inks deal with event space Glasshouse to fill longtime vacancy

July 13, 2026
How Luxury Brands Are Winning The World Cup Without A FIFA Sponsorship

How Luxury Brands Are Winning The World Cup Without A FIFA Sponsorship

July 13, 2026
The Financial News 247
Facebook X (Twitter) Instagram Pinterest
  • Privacy Policy
  • Terms of use
  • Advertise
  • Contact us
© 2026 The Financial 247. All Rights Reserved.

Type above and press Enter to search. Press Esc to cancel.