FEATURE organisations can apply behavioural analytics to detect privilege escalation or activity drift supported by auditable logging for compliance and traceability.
Humans will continue to define policies and interventions while AI handles continuous monitoring. Over time a central architectural control point is likely to emerge acting as a security gateway for AI agents. Much like an API gateway it would provide real-time tracking logging and enforcement allowing suspicious sessions to be terminated instantly.
Quantum computing adds another layer of urgency. Once mature it will be capable of breaking RSA and ECC undermining the cryptographic foundations of machine identities TLS certificates and API keys. Threat actors are already engaging in‘ harvest now decrypt later’ strategies by collecting encrypted data today.
Organisations must begin post-quantum planning now. The first step is building a full cryptographic inventory to understand where keys certificates and algorithms are used. High-risk systems should be prioritised alongside preparation for hybrid cryptography where post-quantum algorithms operate alongside existing standards.
Centralised key and encryption management will be essential for maintaining crypto agility. Using trusted vetted cryptographic libraries rather than bespoke implementations will simplify transitions as standards evolve.
Migrating to quantum-safe algorithms presents practical challenges. Shared services and libraries must be pre-architected so cryptographic updates can be made from one or two central points rather than across fragmented environments.
Interoperability will be a major hurdle particularly for legacy and IoT systems tied to static hardware or firmware. Some devices will need to be upgraded or retired entirely increasing operational complexity as machine identities scale into the millions.
Over the next three to five years agentic AI governance will become a defining security issue. Two concepts are set to dominate. The first is agentic lifecycle administration ensuring agents are governed from creation through retirement. The second is the emergence of guardian agents acting as independent supervisory layers for compliance ethics and security.
Identity security will also converge across humans machines and AI agents requiring unified platforms capable of managing all three. Predictive analytics will further enhance security by forecasting identity risks before incidents occur.
By understanding an agent’ s motivation intent and logic organisations will be better positioned to anticipate threats rather than simply react to them. • www. intelligentcio. com
INTELLIGENT CIO APAC
27