General

AI Agents Need Identities Now

Marcus Vellani ·
AI Agents Need Identities Now

AI Agents Need Identities Now

Companies are racing to put AI agents to work, but most have not solved the basic identity problem. Who is this agent? What can it access? Which actions came from the model, and which came from a human? That gap is why AI agent identity matters now. If you cannot answer those questions, you do not have governance. You have a guessing game.

Newcore’s $66 million raise puts a blunt point on it. Agents are moving from chat tools to active workers inside Slack, Jira, Salesforce, and cloud systems. That changes the security model fast. And it is happening before most IT teams have the policies, logs, or permissions structure to keep up.

What matters most about AI agent identity

  • Agents need their own identities. Shared service accounts blur accountability.
  • Permissions must be narrow. An agent should only touch the systems it needs.
  • Logs are non-negotiable. You need a clean trail for every action.
  • Human approval still matters. High-risk actions should not run on autopilot.
  • Identity is now a product feature. Buyers will ask about it early.

Why AI agent identity is different from normal automation

Traditional automation runs on scripts, bots, and service accounts. Those are useful, but they are blunt tools. An AI agent can reason, choose among options, and chain actions across systems. That makes it closer to an employee than a cron job.

Look at it like kitchen staff. A dishwasher, a prep cook, and a line chef all work in the same restaurant, but they do not get the same keys, knife access, or authority to change the menu. Why would you let an AI agent do that?

The difference is not academic. If an agent can send emails, move funds, or edit records, then identity becomes the control plane. Not a side issue. Not a future issue.

What Newcore is betting on

Newcore is pitching a system that gives AI agents identities, permission boundaries, and auditability. That is a practical bet. Enterprise buyers do not just want smart agents. They want agents they can trust inside compliance-heavy systems.

“If an AI agent is going to act like an employee, then it needs employee-grade identity controls.”

The timing makes sense. Companies are already testing agents in support, sales ops, and internal workflows. But every new system expands the attack surface. If an agent is compromised, over-permissioned, or misconfigured, the blast radius can be ugly.

How to think about AI agent identity in practice

  1. Assign a unique identity to each agent. Do not share credentials across teams or projects.
  2. Set role-based access from day one. Give the agent only the tools and records it needs.
  3. Require approval for risky steps. Money movement, policy changes, and customer-facing actions should trigger review.
  4. Keep immutable logs. Store prompts, tool calls, timestamps, and final actions.
  5. Rotate keys and tokens. Treat agents like any other privileged system.

That may sound basic. It is. And basic controls are where many agent rollouts fail. Teams get excited about the demo, then bolt on security later. That order is backwards.

Why buyers should care before the pilot starts

Procurement teams are already getting sharper about AI security. CISOs want to know whether an agent can be traced, revoked, or limited in scope. Legal teams want data handling rules. Audit teams want evidence. Without AI agent identity, every one of those conversations gets messy.

There is also a budget angle. A company that adopts agent identity early can standardize permissions across tools instead of patching each workflow by hand. That saves time and reduces drift. It also makes it easier to retire agents that are no longer needed.

Here is the hard truth. If you cannot revoke an agent cleanly, you do not really control it.

What this means for the market

Newcore’s raise signals a new layer in the AI stack. Model quality still matters, but identity, access control, and audit systems are becoming the plumbing that enterprises will pay for. That is where the durable money may be.

The vendors that win will not be the loudest. They will be the ones that make agents boring in the best way. Traceable. Limited. Revocable. That is how AI gets out of the demo stage and into production.

Where the next fight will be

The next debate is not whether agents can do useful work. They already can. The real question is whether companies will let them act with real authority before the identity layer is ready. My bet is that the winners will be the teams that treat AI agent identity as core infrastructure, not an afterthought. Who wants to explain a breach caused by a bot nobody could name?