Rethinking Enterprise AI Security the Teleport Way

As AI agents move from experiments to always-on actors inside enterprise systems, they’re quietly rewriting the rules of security.

These agents don’t behave like people. They operate continuously, make independent decisions and can traverse vast parts of an organisation’s infrastructure in seconds.

That reality exposes a deep mismatch between how enterprises secure access today and what autonomous systems actually require.

Human-centric controls like multi factor authentication and long-lived credentials begin to crumble under non-deterministic, machine-scale behaviour.

What emerges is not just a tooling gap, but an identity problem – one that forces security teams to rethink zero trust, verification and observability from the ground up.

Here, Ev Kontsevoy, CEO at Teleport, unpacks why legacy models fail and what an AI-native approach should look like.

How does enterprise security change when the “user” is an autonomous AI agent instead of a human?

Agents are definitively not human, but they’re not service accounts or scripts either.

They’re something in-between; namely, an AI agent doesn’t just authenticate once and then log out. It operates nonstop and, unlike humans or other machines, it behaves in non-deterministic ways. It could independently decide to traverse many systems in a very short amount of time across an enterprise’s infrastructure.

What this means is that security can no longer rely on human-centric controls like MFA prompts, approvals or static role assumptions.

Identity has to instead be rooted in zero-trust principles that already exist in cybersecurity – short-lived authentication, continuous verification and deep observability – and apply to AI as it would humans. 

Why do traditional enterprise security models fail to protect AI agents effectively?

Fundamentally, agents add a whole new layer of complexity that reveals how brittle the tech industry’s approach to cybersecurity is.

The tools aren’t to blame, because it’s a failure of identity. My co-founder calls it an agentic identity crisis and I don’t think he’s wrong.

The tech industry is fruitlessly grafting AI onto identity systems that weren’t designed for autonomous actors that operate with machine-like, continuous behaviour.

All this does is compound risk faster than teams can respond. Retrofitting AI into legacy identity systems is often prohibitively expensive and operationally disruptive. It simply doesn’t scale. 

What risks do organisations face if they secure AI using conventional application security practices?

We’re already seeing the consequences of legacy identity models being applied to agentic systems.

Agents are being deployed with broad, static privileges and turning into high-value targets as a result; shadow MCP servers and unmanaged tool endpoints are leaking secrets; LLM usage is growing without budgets, guardrails or auditability; and agents are being deployed ad-hoc, inconsistently and with least-effort security.

And when a breach goes down, security teams cannot reliably trace actions to agents whose unpredictable off-the-rails behaviour might be responsible for the breach. 

Why is identity management a critical weak point in most enterprise AI security setups today?

It is a weak point because identity is far too fragmented today.

There are countless bespoke tools for managing the identities of lots of different individual technologies. Even AI itself exists in many different forms and this makes securing them with traditional IAM and PAM tools near-impossible at scale.

Legacy, fragmented identity systems, including passwords, API keys, static service accounts, long-lived secrets and PAM solutions, were already under pressure at cloud scale. The introduction of agents pushes these tools beyond their limits, causing them to break down as agent deployments grow.

As useful as AI agents are, they also exponentially increase risk if identity does not have a strong implementation and has controls governing how it interacts with other identities.

An attacker could easily trick an AI agent by impersonating a user that this agent regularly interacts with to extract data. They could even impersonate a database and ask the agent to populate the database with company secrets. 

If identity stays fragmented – anonymous and credential-based – then AI will just amplify every weakness that is already there. 

What security challenges do enterprises encounter when deploying AI systems in production environments?

I think enterprises are quickly coming around to the fact that existing identity approaches aren’t enough for securing agentic systems at scale.

Our recent survey of over 200 security and infrastructure professionals found that 69% said widespread AI adoption will need significant changes to how identity is managed. Only 2% disagreed.

On a more anecdotal level, I’ve been hearing tensions mounting at other companies, where executive teams want to operationalise agents fast to improve productivity but security and platforms teams are left holding the bag of managing the risks that come from autonomous, unpredictable, always-on systems – systems that don’t necessarily need to check in with humans.

It’s creating a wide chasm between deployment urgency and security readiness that is unacceptable today.

What does an AI-native security model look like and how does it differ from retrofitting legacy security controls?

I would urge anyone deploying and scaling agents to focus first on eradicating anonymity, that is don’t allow users, resources, agents to operate as anonymous or shared credentials.

The security industry cannot afford more identity siloes and certainly not for AI. What I would urge them to do instead is to build a unified identity layer into their infrastructure that treats all workloads, AI agents, machines and humans exactly the same, as first-class digital actors under a single model. 

Obviously, I believe Teleport is the best answer to that problem but the specific implementation matters less than getting the model right. When you’ve built that layer, it needs to be rooted in the same zero-trust principles that already exist in cybersecurity.

Agents and all other identities must be cryptographically secured, rooted in strong, hardware-backed trust and access needs to be granted dynamically with no standing privileges.

If you remove static credentials and long-lived secrets, you shrink the blast radius by a lot while avoiding unauthorised access, but you also obtain real-time visibility into agentic behaviour across infrastructure. 

All of this must be standards-based, which is why we have now launched our Teleport Agentic Identity Framework.

We want to give the tech community a standards-driven set of designs, SDKs and reference implementations for deploying AI agents safely. The framework is designed to evolve over time with the broader community as AI matures, capturing shared best practices, security primitives and practical deployment patterns.

We want to capture shared best practices, standards-based security primitives and practical reference implementations.

I think we’re launching it at a good time. The world is moving beyond AI experimentation. I strongly believe that the way companies manage identity will determine whether their AI deployment accelerates or becomes a liability.