Back to Insights
AI GovernanceThoughts2025-10

Beyond the Demo: The Real Challenges of AI Agents

It often amazes me how the topics that seem the most 'boring'—authentication, authorization, identity lifecycle—are actually the most exciting. These concepts are precisely what will determine whether the coming world of AI agents in our organizations and governments will truly happen.

I believe we will soon see agents everywhere: a personal agent that knows you and your work, delegating tasks to various tool-specific agents, each connected to a different system. While this vision promises to massively improve productivity, especially in the public sector, it also raises new and complex challenges that we must address before moving beyond shiny demos.

To make this agentic future a reality, we must ask the right questions about the underlying governance and security framework:

  • Zero Trust: In a world where personal agents delegate to many tool-specific agents, how do we enforce dynamic verification for every single read/write operation against context, scope, and identity?
  • Granularity & Least Privilege: If one agent asks another to act, who defines the granular authorization policy? Is it the user’s role, the tool agent’s function, the data record, or a combination?
  • Delegation & Revocation: Since agents are persistent digital identities, how do we instantly revoke or downgrade their scope when a user leaves or a security event occurs? What provides a central Agent Identity Layer to manage this in real time?

Solving these foundational problems is the critical, unseen work behind the next wave of AI-driven productivity. They are the keys to unlocking a future where agents can operate securely and effectively at scale.

Adapted from a post originally published on LinkedIn.