In today’s rapidly evolving digital landscape, cybersecurity is not just about defending existing systems—it must also keep pace with rapid innovation and transformation.

Artificial intelligence (AI) is a powerful accelerator in this environment, accelerating both capabilities and challenges. In doing so, it is fundamentally redefining control mechanisms.

In this context, identity and access management (IAM) has become a critical foundation. It enables organizations to secure environments, strengthen trust and meet regulatory requirements across increasingly complex ecosystems.

AI does more than just optimize what already exists.

It is transforming how identities—both human and non-human—are created, used and governed. As a result, organizations are faced with a whole new set of challenges in control, governance and security.

AI: An accelerator for IAM

The rise of AI is fundamentally transforming identity and access management (IAM) practices.

AI makes it possible to analyze user behaviour in real time, detect anomalies, identify high-risk access and automate certain decisions—strengthening organizations’ ability to prevent security incidents.

It also enhances access governance by streamlining access reviews, identifying excessive privileged access and enabling more dynamic controls aligned with actual usage.

The emergence of a new type of identity

This evolution is driving a rapid increase in non-human identities (NHI).

These include service accounts, API keys, autonomous intelligent agents, AI-based identities and automated process accounts that access data and systems without direct human involvement.

AI is proving invaluable in managing and securing these entities. Like human users, AI can learn the typical behaviour of machine identities and closely monitor for anomalies.

It also supports the management and lifecycle of machine credentials by providing a comprehensive inventory, tracking their usage and anticipating potentially vulnerable keys.

Protecting identities against deepfakes

One of the emerging challenges posed by generative AI is the rise of deepfakes, which can convincingly mimic a person’s face or voice to deceive authentication systems.

This technology enables malicious actors to bypass facial or voice recognition using highly realistic synthetic content.

To address this, organizations are deploying AI-based solutions capable of detecting authentic human traits, such as micro-expressions or subtle variations in voice.

These solutions incorporate mechanisms like dynamic tests—for example, randomized phrases or video selfies—to strengthen protection against such attacks. This shift reflects an ongoing battle between adversarial and defensive AI in the protection of digital identities.

Rethinking governance in the age of AI

The growing integration of AI-based agents—whether assistants, automation tools or autonomous systems—is introducing new forms of digital identity. These must be governed to the same standards as human identities.

This is a particularly critical issue for information security leaders. Organizations must ensure that AI systems comply with regulatory requirements, protect sensitive data and incorporate robust control mechanisms.

These security measures must be built into systems from the outset.

AI and zero trust

The zero trust model is based on a simple principle: every access request must be verified, whether it originates from inside or outside the organization. This approach results in a high volume of access decisions.

This is where AI becomes essential.

When integrated into zero trust architectures, AI can analyze contextual access data in real time—something that would be difficult to achieve using manual processes or static rules.

Conclusion: Accelerating without losing control

In the age of AI, cybersecurity is entering a new phase of acceleration that is reshaping control mechanisms.

Integrating AI-related considerations into identity and access management strategies enables smarter, more adaptive control that is better aligned with the demands of a constantly evolving digital environment.