Dominic Jainy stands at the forefront of the next architectural shift in digital trust, bringing years of experience in machine learning and blockchain to the pressing challenges of modern IT infrastructure. As AI agents begin to outnumber human employees in many enterprise environments, his insights into the intersection of autonomous systems and cryptographic security are more critical than ever. In this conversation, we delve into the emergence of the “agentic enterprise” and the necessity of a unified control plane to manage identities that never sleep. We explore how the collision of rapid AI proliferation and the looming quantum threat demands a fundamental rethink of Public Key Infrastructure. Jainy highlights the shift from human-centric security to a machine-first reality where governance, real-time threat detection, and granular access control form the new perimeter of enterprise safety.
The rise of autonomous AI agents is often described as a new workforce that operates without traditional oversight. What are the specific security risks that emerge when these agents act on sensitive systems without a formal governance structure?
The most immediate danger is that AI agents have effectively become the largest workforce most enterprises never actually hired, operating with an alarming level of autonomy across sensitive infrastructure. Because they often possess broad access and minimal supervision, they create a massive, ungoverned attack surface where improper use of privileged access can go unnoticed for long periods. These agents might inadvertently violate compliance policies or engage in non-deterministic behavior that standard security protocols simply aren’t equipped to catch. Without a centralized view, organizations are left with “shadow AI” blind spots, where credentials and configured identities are scattered across various agentic platforms. This lack of visibility means that a single misconfigured agent can become a gateway for a significant breach, especially when its lifecycle isn’t automated or monitored.
We are currently seeing a collision between the proliferation of AI agents and the transition to quantum computing. How does this “double threat” change the requirements for establishing digital trust within an organization?
This collision is a defining moment for enterprise security because the technologies we’ve relied on for decades were built for a human-centric world, not an agentic one. Quantum computing poses a fundamental threat to today’s cryptographic security, forcing a complete rethink of how we maintain trust in a post-quantum environment. At the same time, the sheer scale and complexity of machine and agent identities mean that traditional authentication and authorization methods are no longer sufficient. To survive this era, enterprises must adopt a post-quantum-ready Public Key Infrastructure (PKI) and advanced certificate lifecycle management that can handle the speed of autonomous machines. It’s no longer enough to bolt on security after the fact; cryptographic depth must be the foundation of the architecture to address both the AI and quantum challenges simultaneously.
Managing an “AI Bill of Materials” or AIBOM is mentioned as a key part of securing these identities. Could you explain how maintaining such an inventory helps security teams mitigate the risks of “shadow AI”?
An AIBOM acts as a centralized source of truth, providing a detailed map of every agent, the Large Language Models they utilize, and the specific tools or credentials they have been granted. By operationalizing this inventory, security teams can finally eliminate the blind spots where “shadow AI” thrives, ensuring that no agent is operating outside of the corporate radar. It allows for a unified view of the entire environment, surfacing risk insights that would otherwise be buried in fragmented logs. This visibility is crucial for identifying configuration drift and ensuring that every agent in the estate is accounted for and properly secured. Without a comprehensive AIBOM, an enterprise is essentially flying blind, unable to prove who—or what—is accessing their most critical data assets.
Governance is a major hurdle for many firms, especially with new regulations like the EU AI Act. How can organizations practically ensure their AI agents remain compliant with these evolving global standards?
Practically speaking, organizations need to implement policy-based governance that provides continuous coverage across their entire AI agent estate, aligning with frameworks like the NIST AI RMF and the EU AI Act. This involves more than just setting rules; it requires the ability to continuously assess agent posture and detect any deviations from established security policies. By producing audit-ready compliance evidence automatically, companies can satisfy the demands of boards, regulators, and even cyber insurance carriers who are increasingly focused on SEC Cyber Disclosures. This systematic approach ensures that as regulations evolve, the governance framework can adapt without requiring a complete overhaul of the security stack. It turns compliance from a manual, reactive hurdle into a proactive, automated part of the agent’s identity lifecycle.
When it comes to controlling what an AI agent can actually do, what are the benefits of using task-based, adaptive access policies over traditional permission models?
Traditional permission models are often too broad for the non-deterministic nature of AI, which is why task-based, adaptive access is a game-changer. These fine-grained controls enforce the principle of least privilege at the agent identity level, ensuring that an agent can only access the specific tools and data required for its current function. By limiting agents to only what is necessary for a specific task, you significantly reduce the risk of over-permissioning and help prevent lateral movement during a potential breach. This approach integrates seamlessly with existing Privileged Access Management (PAM) and Identity and Access Management (IAM) tooling, providing consistent enforcement across the board. It creates a dynamic security environment where access is granted based on the immediate context of the agent’s work, rather than a static, all-access pass.
The concept of a “Guardian Agent” suggests that AI is now being used to secure other AI. How does this context-aware intelligence change the way security teams respond to anomalous agent behaviors?
The Guardian Agent serves as an AI security companion that delivers real-time, context-aware intelligence, which is essential for spotting the subtle, anomalous behaviors that human analysts might miss. When an AI-based identity threat is detected, this companion provides guided remediation that is specifically tailored to the user’s role and the particular environment where the threat exists. This shifts the security posture from a reactive “search and destroy” mission to a proactive, intelligent management process that supports risk resolution from the first moment of detection. It allows security teams to operate at the same speed as the autonomous agents they are monitoring, ensuring that remediation is swift and precise. By leveraging AI to watch AI, organizations can manage the inherent complexity of autonomous systems without overwhelming their human security staff.
Looking at the current landscape, what is your forecast for the evolution of machine identity security as we approach the end of the decade?
As we move toward the late 2020s, I expect that the distinction between human and machine identity will become almost entirely secondary to the governance of the task itself. We will see a massive consolidation of identity security where PKI and certificate lifecycle management become the invisible, foundational bedrock for every digital interaction, especially as quantum-resistant algorithms become the standard. The “agentic enterprise” will be the norm, and companies that fail to implement a single control plane for these identities will find themselves unable to compete due to the sheer volume of security vulnerabilities. We will also see a shift where AI-native architectures, like those recognized in the IDC 2026 MarketScape, become the only viable way to prove compliance and maintain trust at the speed of modern business. Ultimately, identity security will move from being a defensive necessity to a strategic enabler of innovation, allowing companies to deploy autonomous agents at an unprecedented scale with total confidence.