Identity Crisis: IAM's Wild Ride in the AI Jungle
Sarah
BSides Seattle 2026 · Day 2 · Track 1
The identity community is building under fire. With the ratio of non-human identities (NHI) to humans reaching 144:1 in H1 2025 (up from 92:1 just a year earlier) and 44% year-over-year growth, traditional identity frameworks are crumbling under the weight of agentic AI. In this talk, the speaker walked through the three most important emerging standards for securing non-human and agent identities: **SPIFFE** for workload authentication, **Client ID Metadata Documents** for dynamic OAuth client registration, and **Cedar** for mathematically provable authorization policies.
AI review
An exceptionally well-structured identity standards deep dive that maps three emerging technologies — SPIFFE, Client ID Metadata Documents, and Cedar — to the concrete problem of authenticating and authorizing AI agents at scale. The Cedar formal verification angle is the strongest contribution: mathematically provable authorization policies external to the agent are fundamentally superior to probabilistic prompt-based guardrails. The Claudrey Hepburn experiment provides a live research platform for testing these ideas in practice, and the speaker's honest assessment of unsolved problems…