Your AI Agent Needs Its Own ID (Not Yours)

Key Takeaways

• Right now, most AI agents operate with the full permissions of the human user who deploys them, creating a massive, silent security vulnerability.
• Gray Swan founder Zico Kolter predicts a rapid shift towards agent-native identity, where agents will use specific 'personas' with segmented access, much like separate 'work' and 'home' accounts.
• Enterprises face immense pressure to adopt powerful AI tools like OpenClaw, making tailored security solutions that manage agent permissions a business necessity.
• A new market is emerging, with AI underwriting companies beginning to assess and mitigate the risks of AI deployments, using tools like Gray Swan's Shade and Arena.

The Ticking Bomb: AI Agents With Your Keys to the Kingdom

Your AI agent isn't just a tool; it's an entity. And right now, in most deployments, that entity has the same access you do. This isn't theoretical; it's the current default. Gray Swan co-founder Zico Kolter pulls no punches, stating, “I think there so far we are still a lot in a lot of cases operating on the condition that your agent has your permissions. That is a very standard default.”▶ 52:58 This means if your agent is compromised, the attacker essentially gets your permissions across all the apps and accounts you've granted it access to. Imagine giving a junior intern your master key to every system. That's the risk you're running with undifferentiated agent access.

This oversight stems from how quickly AI tools have integrated into workflows, often bypassing established security protocols. For founders, this means the AI assistant you gave access to your email and CRM could, if exploited, become a vector for data exfiltration or internal sabotage. The implications are far more serious than a simple software bug; they concern the very identity and access management of autonomous systems.

The Inevitable Shift: Agent Personas and Granular Control

Kolter believes this dangerous default won't last. He forecasts an evolution where AI agents will operate not as extensions of a human's monolithic identity, but with distinct "personas" – segmented sets of accounts and applications. He clarifies, "I think that's the way it's going to first develop is there going to be easy ways of switching between here's a set of my accounts and apps I allow in this one agent. Here's a set of accounts apps another one." This means an agent handling customer support might only access the CRM and email, while a development agent only touches code repositories and project management tools.

This architectural shift mirrors the best practices in human identity and access management. Just as you wouldn't give every employee root access to your entire infrastructure, you shouldn't give every AI agent the keys to your entire digital life. The future demands that founders design for, and demand from their vendors, AI agents capable of operating with the principle of least privilege – only accessing what is strictly necessary for their defined task.

The Enterprise Mandate and the Rise of AI Underwriting

The push for these advanced security measures isn't just about best practices; it's a rapidly accelerating market force. Enterprises are under immense pressure to adopt powerful AI tools like OpenClaw, and with that adoption comes a mandate for robust, tailored security. Matt Fredrikson notes, “Like people are starting to get it and and I think that's great. Looking forward to all all of the amazing apps that people are going to build on on top of these models and the security that will help them stand up.”▶ 58:32

Gray Swan, for its part, is scaling to meet this demand. Kolter explicitly states their Series A funding is designed “to take a lot of the technology that we have been developing... in conjunction with both enterprise and the large labs and really scale the deployments on enterprise.”▶ 56:33 This includes defense mechanisms like Signal and automated red teaming tools like Shade and Arena. Crucially, a new industry of AI underwriting is forming. These companies will assess and mitigate the risks of a company's AI deployment, requiring tools like Shade or Arena to evaluate risk profiles. This isn't just about securing your own products; it's about making them insurable and trustworthy in a future where AI risk is a critical business metric.

What to Do With This

If you're building an AI product: Architect granular identity and permissioning for your agents now. Don't pass through a user's full authentication token. Design for agents to request specific, temporary, scoped permissions for each task, similar to how OAuth scopes work for apps. This will be a core selling point for enterprise clients and a critical defense against future threats.

If you're using AI tools in your business: Immediately audit any AI tools or agents your team uses. Map out exactly what accounts, apps, and data they can access, read, write, or delete. If the answer is “everything I can do,”▶ 15:15 you have a critical vulnerability. Create dedicated, limited-access accounts for these agents wherever possible, segmenting their reach to only what is absolutely necessary for their function.