loading='lazy' ValidSoft and Reality Defender Form Strategic Alliance to Combat Voice Deepfake Threats in Digital Communications
Get a Demo
  • Blog
  • All
  • The Current Enterprise Identity Model Cannot Support Agentic AI
Icon December 04, 2025

The Current Enterprise Identity Model Cannot Support Agentic AI

Agentic AI
AI Agent
AI Voice Security
Enterprise Identity
enterprise security
IAM

Agentic AI has outpaced the limits of enterprise identity, creating a security reality traditional IAM was never designed to handle.

A single compromised AI agent Salesloft’s Drift chatbot became the entry point for one of the most far-reaching supply-chain intrusions of the year.

Attackers did not need to break into systems or bypass MFA. They did not deploy malware or use advanced persistence. Instead, they stole OAuth tokens issued to Drift’s AI agent and used them exactly as they were intended to be used. Through those legitimate credentials, the attackers quietly accessed Salesforce instances across more than 700 companies, including Palo Alto Networks, Cloudflare and Zscaler.

For ten days, the activity remained undetected. Everything the attackers did looked like normal agent behaviour because this is precisely how agentic AI operates today: high-frequency API calls, bulk exports executed at unusual hours, and privileged access that spans multiple SaaS systems. The behaviours that would be red flags for a human user are ordinary for an AI agent, which made this intrusion effectively invisible.

Palo Alto’s Unit 42 later confirmed that the attackers exfiltrated sensitive Salesforce object data, scanned support case content for credentials, and deleted their own SOQL queries to erase evidence. Cloudflare eventually disclosed that customers who had shared logs, passwords, or tokens via support cases should assume these were compromised. The breach was not just extensive it was structurally inevitable.

This incident revealed a systemic problem: enterprise identity was not designed for autonomous agents operating across trust boundaries.

Machine Identities Have Become the Largest Attack Surface

The Drift incident did not happen in isolation. It coincided with a dramatic expansion in machine identity volume. According to industry research, organisations now manage roughly 144 non-human identities for every single human employee a 56% increase in just twelve months. OAuth tokens, service accounts, API keys, and increasingly, AI agents, have become the fastest-growing identity category.

Yet these identities are frequently unmanaged, unmonitored, and implicitly trusted. IBM’s 2025 breach report found that 97% of organisations compromised via AI lacked formal access controls for their agents. Identity teams are facing an exponential rise in entities that behave in ways no human would operating 24/7, moving data across systems automatically, spawning sub-agents, and acting with wide-ranging delegated privileges.

The Drift breach exposed what happens when even one of those identities is compromised.

The Collision Between Agentic AI and Enterprise Identity Architecture

Okta’s analysis of the incident highlights the deeper architectural flaw: identity systems validate credentials only within their own trust domain. Salesforce trusts Drift’s OAuth token. Cloudflare trusts it independently. Google Workspace trusts it independently. More than 700 organisations validated the same compromised token in complete isolation.

There is no shared revocation mechanism. No cross-domain signaling. No cryptographic proof of who delegated the token in the first place. And no portable policy that travels with an agent as it moves between systems.

Revocation underscored this gap. Drift rotated its credentials on August 20. Some customers including Cloudflare did not learn of the breach until August 23. Those three days represented a complete loss of visibility: the agent appeared legitimate to every environment it touched.

This is the reality of today’s identity framework: federation allows agents to cross domains, but it cannot enforce trust once they do.

Why This Breach Marks a Turning Point

The fundamental issue is that identity systems were built for people. Humans log in occasionally, operate within one domain at a time, and follow predictable behavioural patterns. AI agents do none of these things. They operate at machine speed, with machine-level privilege, across many platforms simultaneously, and with no built-in method for proving who authorised their actions or whether they remain trustworthy.

In this environment, a stolen OAuth token is not a single compromised credential it is a master key that grants parallel access to every organisation that trusts the agent.

The Drift breach is therefore not just an attack. It is a preview of what the next decade of AI-driven compromise looks like unless identity evolves.

Identity Has Changed. ValidSoft Sets the New Standard

IAM providers and standards bodies are now proposing new frameworks for agent identity delegation proof, portable constraints, coordinated revocation, and cryptographic identity chaining. These are promising developments, but they require industry-wide adoption, new protocols, and long-term restructuring of identity architecture.

Enterprises cannot wait for that transformation to complete, because agentic AI is already embedded across critical workflows.

ValidSoft fills the gap that traditional IAM cannot close: continuous, real-time verification of both human and non-human actors. Instead of relying on static trust tokens, sessions, or one-time authentication ValidSoft evaluates identity from the perspective of behaviour, context, voice, interaction patterns, and risk signals. This means that even if a token is valid, the system can identify when the entity behind it is not.

Where OAuth tokens carry privilege without memory, ValidSoft supplies the memory.
Where agents cross domains without constraints, ValidSoft provides persistent behavioural oversight.
Where revocation is delayed, ValidSoft detects anomalies at the moment the action occurs.

This verification layer is essential in a world where agents do not merely access one system they operate across many, at speeds that far exceed human monitoring capacity.

The Future of Identity Is Continuous Verification

The Drift incident demonstrated that attackers no longer need to compromise people. They can compromise the machines people trust. As organisations continue to deploy autonomous agents across sales operations, support workflows, analytics platforms, and internal systems, the number of entities capable of being exploited grows exponentially.

Zero Trust for humans is no longer sufficient.
Zero Trust must extend to machines especially those capable of acting autonomously.

Enterprises need verification that persists beyond a login, beyond a token, and beyond any single identity provider. They need a model that recognises the behaviour of an agent, monitors its actions in real time, and challenges anything inconsistent with its established patterns.

This is the role ValidSoft plays in the modern identity ecosystem: providing the continuous verification layer that agentic AI demands and the enterprise has been missing.

AI will not slow down. Attackers will not slow down. The only thing that can keep pace is identity that verifies at the speed of machines.

Recent news
Call Checker Apps vs Caller Impersonation: Are Banks Solving the Right Problem?
Icon February 05, 2026
Trusting AI voices: What happens when you can’t believe what you hear anymore?
Icon February 03, 2026
Why Point-in-Time MFA Is Obsolete in the AI Voice Era and What Replaces It?
Icon January 29, 2026