Identity at the Centre: Why AI Is Accelerating a New Security Imperative

By
Follow google news

Identity is now board-level security – and AI is widening the attack surface.

Identity at the Centre: Why AI Is Accelerating a New Security Imperative

Identity has officially outgrown its reputation as a back-end IT control. In fact, it’s now a boardroom conversation, an enabler of transformation, and increasingly, the new attack surface. 

That’s the message from Stephanie Barnett, Vice President of Presales and Interim GM for Asia Pacific & Japan at Okta, who joined the Identity Edge iTnews podcast to unpack how identity is shaping security, productivity, and AI readiness across the region.

“Identity has moved from being an authentication project to a strategic business layer; the most important part of any digital transformation,” Barnett said.

Overseeing Okta’s technical go-to-market across APJ, Barnett has a front-row seat to the region’s rapid shift: hybrid work at scale, accelerated cloud adoption, an explosion of APIs, and now a surge of AI agents acting autonomously in enterprise environments.

“Identity isn’t an edge conversation anymore. It’s firmly in the boardroom,” she said. “And that shift has been driven by the speed of change, particularly AI.”

From Server Room to Boardroom

Across Australia and the broader APJ region, identity has become the convergence point for security and business enablement. What used to be a technical control is now tied directly to resilience, customer trust, regulatory obligations, and operational continuity.

Barnett pointed to Australia’s Essential Eight as a clear indicator of this change.

“Identity is no longer a ‘nice to have.’ The Essential Eight places identity controls, particularly phishing-resistant MFA and privilege reduction, at the centre of modern cyber resilience,” she said.

And while organisations are aiming for higher maturity levels, many are struggling with a familiar pattern: fragmentation.

“If your workforce, customer, and machine identities are all spread across different directories and different tools, you simply can’t meet the intent of Level 3 maturity.”

AI Is Expanding the Attack Surface, Rapidly 

Certainly, the identity challenge isn’t just growing. It’s multiplying, especially with AI entering workflows faster than governance can keep up.

One of the most striking insights from Okta’s recent regional events? Forty-one per cent of organisations say no single person owns AI security risk.

“That’s a huge concern,” Barnett said. “The board knows there’s risk, 70% are aware, but only 28% are fully engaged. So the awareness is there, but accountability isn’t.”

Other gaps emerged from Okta’s polling:

  • Only 18% can detect if an AI agent behaves unexpectedly.
  • Only 10% know how to secure non-human identities today.
  • Shadow AI is now the biggest blind spot for Australian organisations.

“Security teams either think they haven’t adopted AI yet, which is usually untrue, or they’re racing ahead with AI without considering the security implications. And neither extreme is sustainable.”

Why Identity Is the New Perimeter

Indeed, the modern threat landscape has made one thing clear. It’s that attackers aren’t breaking in, they’re logging in.

“More than 80% of breaches involve stolen credentials,” Barnett said. “You can have phenomenal application or network security, but if identity isn’t secured, it’s like leaving your front door open.”

And as AI agents become embedded in workflows, identity takes on an even more foundational role.

“AI agents are like digital workers. They are highly privileged, often unsupervised, and incredibly powerful. They need identity, governance, and clear boundaries just like any employee.”

Every authentication, risk decision, device posture check, and AI action now flows through identity. That makes unified visibility, across humans, machines, APIs, and AI agents, incredibly important.

Security Only Works If People Use It

Identity sits at the intersection of security and usability, a tension familiar to every CIO and CISO.

“If you introduce too much friction, people will find a way around it,” Barnett said.

Passwordless and phishing-resistant MFA remain critical, particularly in environments where AI expects seamless, instant workflows.

“AI amplifies user expectations. Any friction becomes unacceptable. Great identity should disappear for the user, and be highly visible to the security team.”

Identity, she argued, isn’t a gate. If done well, it’s an accelerator.

Redefining ‘Good’ in Identity Strategy

With SaaS sprawl, hybrid cloud, API growth, and AI agents driving new requirements, identity platforms have had to evolve rapidly. Okta’s focus on identity security posture management (ISPM) reflects this shift.

Organisations now need full visibility across their entire identity estate, from human identities to machine accounts and AI agents, along with real-time risk scoring, posture assessments, and continuous monitoring rather than point-in-time checks. They also require strong governance over API-to-API communication, plus clear recommendations and automated remediation pathways to help security teams identify issues quickly and fix them at scale.

“Most organisations don’t know how many dormant accounts, hard-coded credentials, or ungoverned service accounts they have. ISPM gives them visibility, and the ability to fix issues in real time.”

Four Ways to Future-Proof Identity

Barnett offered four clear strategies for CISOs preparing for the next wave of identity challenges:

  1. Treat AI agents as first-class identities with governance and auditability.
  2. Unify fragmented identity systems.
  3. Adopt phishing-resistant MFA everywhere.
  4. Implement continuous monitoring with identity security posture management.

“Identity security is AI security,” she said. “An identity-first approach is the fastest way to minimise risk.”

Looking Ahead: Identity in 2026

When asked what’s next, Barnett didn’t hesitate.

  • AI agents will become mainstream digital workers.
  • Machine identities will surpass human identities.
  • Continuous trust models will replace traditional security approaches.
  • Regulatory scrutiny on AI access and governance will intensify.

“If organisations don’t have a strong security strategy for AI now, it will become problematic very quickly.”

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
aicybersecurityidentitysecurityoktapartner content

Sponsored Whitepapers

Fintech compliance made fast and secure
Fintech compliance made fast and secure
How to evaluate SIEM solutions Safeguarding your future Get a demo Download guide
How to evaluate SIEM solutions Safeguarding your future Get a demo Download guide
2025 Security operations insights: Three-quarters of security leaders need something new in SIEM
2025 Security operations insights: Three-quarters of security leaders need something new in SIEM
Sumo Logic named in the 2025 Gartner Critical Capabilities for Security Information and Event Management (SIEM)
Sumo Logic named in the 2025 Gartner Critical Capabilities for Security Information and Event Management (SIEM)
The cloud tipping point
The cloud tipping point

Events

Most Read Articles

Cyber Engineering launches at ctrl:cyber with former Shelde founders

Cyber Engineering launches at ctrl:cyber with former Shelde founders
Private 5G powers data-driven mining

Private 5G powers data-driven mining
Suntory Oceania’s $30 million IT transformation powers carbon-neutral multi beverage facility

Suntory Oceania’s $30 million IT transformation powers carbon-neutral multi beverage facility
The Cloud Conundrum

The Cloud Conundrum
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio

Log In

  |  Forgot your password?