SecurityBrief US - Technology news for CISOs & cybersecurity decision-makers
United States
Andre durand
#
Data Protection
#
Digital Transformation
#
Cloud Security

Ping launches Identity for AI with runtime controls

Tue, 24th Mar 2026
Author image
By Joseph Gabriel Lagonsin, News Editor

Ping Identity has launched Identity for AI, which is now generally available worldwide.

The release introduces a framework for managing AI agents as identities within corporate systems, with controls that apply while those agents are operating, not just when they first sign in.

The offering has three main parts: Agent IAM Core, Agent Gateway and Agent Detection. Together, they are intended to establish agent identity, apply delegated authority during operation and identify agent activity across enterprise environments.

The move reflects a wider shift in identity and access management as businesses begin deploying autonomous software agents into production systems. Traditional tools have focused on authenticating users and granting access at login. Companies now face new questions about how software agents behave after access is granted, and how those actions can be limited, monitored and linked back to accountable users or teams.

Under Ping's model, organisations define what an AI agent is allowed to do through delegated and scoped permissions, rather than by extending a human user's credentials to software. This approach is intended to support both systems acting on behalf of users and more autonomous workflows, while keeping human accountability in place.

"AI agents are not features. They are actors in the enterprise that require identity, authority, and accountability," said Andre Durand, CEO and Founder, Ping Identity.

"Identity is foundational. Agents acting autonomously at agentic scale and speed against systems of record will require continuous verification and enforcement at every decision," Durand said.

Runtime control

At the centre of the release is the idea that identity systems for AI agents need to operate at runtime. In practice, that means authorisation decisions are made continuously as an agent attempts to carry out an action, taking account of context and risk signals instead of relying only on permissions granted at the start of a session.

According to Ping, Agent IAM Core lets enterprises onboard, manage, authenticate and authorise AI agents as a separate identity type. Access can then be mapped according to delegated entitlements and policy rules.

Agent Gateway is positioned as the control layer between agents and enterprise services. Ping says it standardises how agents interact with systems, applies fine-grained authorisation, and centralises monitoring and audit trails for agent activity.

Agent Detection, delivered through PingOne Protect, is intended to detect AI agents at runtime and assess risk. It identifies external and personal AI agents through bot authentication protocols and behavioural signals, then feeds those signals into authorisation decisions.

The product also supports the Model Context Protocol, or MCP, an emerging framework intended to govern how AI systems connect to tools and data sources. Ping says its gateway can secure MCP-based integrations without requiring existing services to be rewritten.

Partner views

Ping also cited support from ecosystem partners working in identity, cyber security and cloud infrastructure.

"Agent autonomy is only as safe as the identity and access controls behind it. AI agents should be treated like first-class digital identities: authenticate them, authorise what they can do, and audit what they touch to close governance gaps across the identity lifecycle," said Chad Veldhuizen, Alliance Leader for Ping Identity and Managing Director, Deloitte & Touche LLP.

Cloudflare likewise pointed to governance and monitoring as central issues as AI agents are deployed more widely within organisations.

"AI agents introduce a new class of risk. It's not just about access, it's about having the security controls and oversight in place to understand what those agents do once they're deployed. A holistic view of agent activity and strong guardrails to enforce least privilege and protect sensitive data is critical in the AI era," said Kyle Krum, Senior Director of Product Management, Cloudflare.

Broader shift

Vendors across identity and cyber security are adapting products to address non-human identities, machine credentials and software agents. As businesses test AI systems that can retrieve data, trigger workflows and make limited decisions, identity providers are positioning themselves beyond single sign-on and access management and into policy enforcement, monitoring and governance of machine actions.

Ping's launch shows how that market is developing around the idea that AI agents should be handled as a formal class of enterprise identity. That includes ownership, credentials, policy assignment, least-privilege controls, monitoring and auditability, rather than treating agents as extensions of a human account or a shared service credential.

The system is intended to give enterprises central policy enforcement for non-human identities while supporting autonomous workflows with audit trails. It is designed to bring human and non-human identities under one architectural model, with runtime controls governing what agents do across connected systems.

Related stories
OpenAI launches Trusted Access for Cyber with major names
Anthropic launches Claude Opus 4.7 with stronger coding
Cyber insurance now common among North American SMBs
CIQ launches Linux compliance platform ahead of deadlines
Emerson & OPSWAT strike global reseller deal for OT patching

Top stories

Team Cymru launches Total Insights Feeds for threat data
FIRST conference highlights AI & CVE disclosure push
Protegrity launches AI Team Edition for secure inferencing
Autonomize launches healthcare AI platform version 3
CERN joins OpenSearch foundation as associate member