Every Agent Needs
Its Own Identity.
Agents are shipping to production now.
The security model hasn't caught up.
Most agents today run on static API keys, shared service accounts, and inherited permissions never designed for autonomous systems. They query databases, call internal APIs, and touch production around the clock — accumulating privileges as they go.
When something breaks, there's often no audit trail, no way to attribute the action to a specific identity, and no clear path to containment.
CISO Ejona Preçi joins Dan Barahona to work through the question security leaders are wrestling with right now: how do you enable agentic AI without exponentially expanding the attack surface? They'll dig into why legacy PAM and IAM tooling doesn't map onto agent workflows, what it means to give every agent its own traceable identity, and how least-privilege and just-in-time access change the picture when privileges don't persist after the task is done.
The guardrails worth putting in place before the next deployment — not after the first incident.
Ejona Preçi
Ejona is a global CISO and a leading voice in cybersecurity and AI governance. She has been honored as Cybersecurity Woman of the Year 2024, Global 40 Under 40, and one of the Top 20 Women in Cybersecurity 2025. She advises boards and security leaders on how to operationalize AI safely — without slowing the business down.