Omdia, a global analyst and advisory leader, recently released a report called “How Extended Access Management (XAM) closes the gaps in security.” In it, they describe how existing tools have failed to address the most serious security challenges: application sprawl, device sprawl, and identity sprawl.
Each of these challenge areas has become riskier and more pervasive in recent years; app sprawl has grown with the proliferation of easily accessible SaaS, and device sprawl has increased with unsanctioned BYOD usage. But no challenge area has been transformed to the same degree as identity sprawl with the arrival of AI agents.
“Agentic AI systems can perform complex tasks autonomously, but this capability requires expansive access, which introduces complexity and risk. AI agents need to integrate with numerous applications, requiring access to API keys, passwords, and sensitive business data – often without proper governance. Agents can create dozens of “non-human identities” whenever authentication is needed, and existing IAM tools were not designed to safely provision, de-provision and govern them.” - Omdia.
Omdia recommends five strategies for organizations that want to address the challenges of securing access:
In our previous blogs in this series, we’ve covered Omdia’s first four strategies:
- Accelerating the path to passwordless
- Securing devices beyond MDM
- Securing shadow IT and shadow AI
- Simplifying compliance and cyber insurance
In this post, we’ll explore the final strategy: Securing agentic AI.
Why securing AI agents is a critical priority
AI-based applications, such as ChatGPT, have been commonplace since 2023, but AI agents – semi-autonomous bots that can facilitate interactions between multiple tools – are relatively new to the scene.
Agentic AI promises to unleash the full potential of machine learning, enabling it to execute complex tasks with minimal human oversight. However, to operate effectively, AI agents require high-level access to applications and data.
As Omdia’s report describes:
“In many ways, AI agents mimic human interactions with enterprise applications: making decisions, requesting data, and triggering workflows, just as an employee would. However, this also means AI agents face the same security and access challenges as humans, requiring identity verification, permissions management, and secure credential storage to prevent unauthorized access or data leaks. Yet AI agents also have distinct needs that make them difficult to manage using traditional approaches to access management: they can operate continuously, require broad-based permissions to function, and are not capable of certain forms of authentication, like biometrics.” - Omdia.
To give agents access, many developers have resorted to unsafe workarounds, such as hardcoding credentials. However, this is a highly risky approach for several reasons. For one thing, AI-based applications have a known tendency to expose data, so they should never be given plaintext credentials. Furthermore, granting agents unrestricted access to sensitive data and applications increases the risk that they may perform unauthorized actions with no clear audit trail.
Omdia describes a potential real-world example of how these risks could play out:
“An AI-powered expense management system may need access to corporate banking data, payroll records, and approval workflows, just as a finance employee would. If these AI agents are not properly secured, they could inadvertently leak sensitive financial data, approve fraudulent transactions, or expose high-value credentials to cyber threats. For an economic buyer, this represents a direct financial risk; an unsecured AI agent managing critical business functions could mean millions of dollars in fraud, regulatory fines, and reputational damage.” - Omdia.
How 1Password Extended Access Management secures agentic AI
Companies that want to leverage the potential of AI without compromising security must grant AI agents access that is time-bound, auditable, and secure. They need tools that can help security teams monitor AI activity, assist IT teams in governing access, and enable developers to build connections between AI agents and applications. Existing IAM tools simply lack the capabilities to provide these services.
1Password Extended Access Management is a platform designed to secure every sign-in, to every app, from every device, including for AI agents.
As our blog on the subject explains, our platform delivers multiple benefits to security leaders, IT teams, and developers. These include:
- Preventing AI-driven credential leaks with secure authentication controls.
- Gaining visibility into AI agent authentication to reduce security risks and insider threats.
- Eliminating hardcoded AI credentials and ensuring AI agents authenticate securely without bypassing MFA.
- Simplifying AI agent authentication with secure, centrally managed credentials.
- Supporting developers in building secure AI workflows without compromising speed or flexibility.
With tools like 1Password SDKs for agentic AI and 1Password Service Accounts, organizations can give AI agents the access they need while still practicing the principle of least privilege.
As Omdia concludes:
“Omdia believes that 1Password Extended Access Management provides AI agent security to accelerate the development, adoption, and management of AI agents and apps in the modern enterprise.”
To learn more, read the full report here.
Elaine Atwell
Manager, Content
