I’m Aviad. I’m the CTO and cofounder of Frontegg. Frontegg is a customer identity and access management platform. We help our customers with challenges around authentication, authorization, and access control for their customers.
The industry is kind of changing. Everything that happens mainly with the rise of AI changed the entire landscape that we’ve been engaged with up until even a few years ago, we were dealing with users and challenges around users.
Now with the world of AI, you know, what is a user? When we are employees, we are sharing stuff on Google Drive, etcetera. We define access levels and access controls. How do we do it with agents?
For example, I just highlighted to one of the CISOs that I’ve been talking with. You hire a new employee. You open an email box. That will be the identity of the employee. You know, we have cell phones. We have phone numbers. This is our identity.
What is the identity of an agent? Right? It’s like an autonomous entity within our organization.
We are not discussing enough about the identity of an agent. AI agents interact with each other. We don’t have any access levels over which agent can interact with an agent, what data can they share with users.
Because the technology is mature enough to deal with users, but now there’s a new shift of technology and the security layer needs to adjust to that. So when we talk about other hyping on AI, everything with regards of how we deal with threats and how we deal with remediation of threats.
But eventually in security, the remediation cannot be one hundred percent autonomous. If you don’t use tools like ChatGPT or anything like that, you basically live in the previous century now. And this rapid pace poses a lot of security challenges and a lot of security risk for that kind of companies because data can be leaked anywhere. And rapid pace means adoption of new tools and adoptions of new technologies.
And that means that the security goes out of the hands of that security leader. So that rapid pace is great for the success of a company, but it’s also very challenging for the security leaders. We launched an AI agent called Dorian. Dorian is an AI agent for CIAM Security, Customer Identity and Access Management Security.
When we launched it, we decided that we are not building yesterday’s products. We are building tomorrow’s products. So we built a completely redesigned agent that you can just, you know, say, okay, I want to protect. I want to introduce any possible travel on that IDP and it will do it for you.
You don’t have to go and point and click anywhere. And that agent leaves and keeps, you know, monitoring your CIAM and keeps everything around it. So even when we are building products, we are adopting how products are being built today as part of the product roadmap that we have. We need to adjust to this world of agents communicating with another agent instead of humans communicating with another human.
So a machine communicating with another machine. Do they act on behalf of a user or do they act as autonomous or a mix of both? And the actions that they do on behalf of the user, how will they interact? You think about technology that was relevant six months ago, which might not be relevant today because the world has changed and the world might even change even more.
So there are two types of behaviors. One, the first one is an agent acting on behalf of a user. The user will consent to the agent to act on his behalf. And basically based on that, the permission that the user will give an agent will be the permissions that the agent has. When an agent is completely autonomous, that is different because you’re setting up an entity within an organization, and then you have to provide this entity some kind of permissions.
But these permissions probably need to be fine when you want to say to an agent, okay, you can look at invoices, but only for the last six months that are tagged agent ready. That’s not something that you can do from a user perspective on a simple consent.
So that introduces so many challenges around what an agent can do and how. The computing power is so different now, and there’s a very interesting game of how fast an AI agent can reach a password or breach password, or hack into a user account using a breached password.
And that’s crazy because computing power is now cheaper, and the agents and the AI are becoming much smarter. Things are alive now. And you need to take it into consideration when you build security for your application.
The Complete Guide to SaaS Multi-Tenant Architecture
