Agentic AI Changes the Rules of Security

As AI becomes embedded across software, agents, and connected devices, security is no longer a question of protecting individual systems. It is a question of speed, identity, and control at machine scale.

We spoke with Jasson Casey, CEO and Co‑Founder of Beyond Identity, to explore how AI is reshaping the economics of cyber security, why identity has quietly become the dominant failure point, and what changes when autonomous agents and IoT systems operate faster than humans can intervene.

He says that the conversation has moved beyond traditional device security into a deeper structural problem: most modern attacks succeed not because systems are poorly built, but because credentials can move.

Why does AI make cyber-attacks more dangerous?

When AI enters the security conversation, it is often framed as making attacks more sophisticated. Casey takes the view that what matters most is not sophistication, but speed.

He traces cyber-attacks back to their early days, when adversaries needed deep technical knowledge to build tools, perform reconnaissance, and penetrate systems. Over time, open‑source software and shared tooling lowered that barrier – a trend which AI accelerates.

Casey explains that AI allows both experienced and inexperienced attackers to compress the attack cycle dramatically. Tasks that once required teams of analysts (mapping an organisation, identifying key individuals, analysing software behaviour) can now be partially automated or delegated to agents. For highly skilled attackers, AI provides leverage. For less skilled ones, it provides access to capabilities they previously lacked.

The result is both more attacks, and attacks that move faster than traditional detection and response models are designed to handle.

Learn more about agentic AI here.

What causes most security incidents?

As the conversation turns to root causes, Casey challenges another familiar assumption. Many breach reports describe failures in ‘identity and access management’. In his view, that description still stops one layer too high.

What those failures have in common, he says, is movable credentials.

A password is data. A token is data. Even a biometric, at a technical level, is data. If a credential exists as data, it can be copied. If it can be copied, it can be stolen. Casey points to years of incident reporting that consistently show most breaches tracing back to identity and access failures, then reframes that pattern as a symptom rather than a cause.

The underlying problem, he argues, is that most authentication systems are still built on secrets that move independently of the human, device, or service they are meant to represent.

What are ‘immovable’ credentials?

To make the idea tangible, Casey reaches for an everyday example: chip and PIN.

Before chip‑based cards, credit card authentication relied on data encoded on a magnetic stripe. That data could be skimmed, copied, and replayed. Chip and PIN changed this model by performing a cryptographic operation inside a secure chip instead of sharing the data itself. The signing key never leaves the hardware.

Casey describes this as the difference between handing over a pen and asking something to sign on your behalf. In the older model, the pen itself could be stolen. In the newer one, the request goes to the signer, which remains locked away.

He notes that the same principle underpins mobile payments. The secure hardware inside a smartphone performs the cryptographic signing, with a PIN or biometric used locally to authorise the action. Stealing the credential remotely becomes impractical. Physical theft is still possible, but it does not scale in the way online credential theft does.

Why IoT security failures scale differently

The implications become sharper when talking about IoT devices.

Casey explains that many connected devices still rely on shared or embedded credentials, often reused across large fleets. When those credentials are discovered, the impact is no longer limited to a single device.

He gives the example of a consumer robotic vacuum that a security researcher reverse‑engineered with the help of an AI agent. The researcher was able to identify how the device authenticated control commands and, because the same credential was reused, take control of thousands of devices worldwide. AI did not create the vulnerability, but it dramatically reduced the time and effort required to exploit it.

More broadly, Casey points out that IoT failures often have second‑order effects. When devices control power, movement, or physical processes, coordinated manipulation at scale can have real‑world consequences. In these environments, weak identity models do not just create technical risk. They create systemic risk.

What changes when agents enter the system?

As software agents become more capable and autonomous, security teams face a different kind of problem.

An agent is, in effect, an input loop. It receives an input, calls a model, uses tools, acts on the result, and repeats. More advanced agents can browse the web, read and write files, interact with systems, and communicate with other agents.

The challenge is not that agents are malicious by default. It is that their behaviour cannot be fully predicted by inspection. Casey links this back to long‑standing problems in computer science: in many cases, you cannot know what a program will do without running it.

Because of this, he suggests that trying to tightly control agent behaviour is often less effective than controlling what data flows into and out of the agent. Knowing which agents exist, what data they can access, which tools they can call, and where their outputs can go becomes central to security in an agentic environment.

This is where AI governance and visibility into ‘shadow AI’ usage start to matter more than model‑level controls.

In our previous podcast with Barry Libert, we discuss at length what happens when AI Agents enter the picture. Watch the full episode here.

Why data‑flow control matters more than model control

Casey is clear that organisations cannot realistically analyse or constrain every agent’s internal logic. Instead, he frames governance as a data problem.

The practical questions are straightforward but difficult. Which agents are operating in the environment, what systems they can see, which external models or services they communicate with, and how sensitive data might leak as a result. By focusing on access, boundaries, and monitoring, organisations can reduce risk without assuming perfect predictability.

Here, security shifts away from trying to tame intelligence itself and toward designing systems where intelligence cannot misuse data, even when it behaves in unexpected ways.

Where do humans still fit in?

Despite the power of AI, Casey is careful to demystify it. Large language models, he says, are probabilistic systems. They are trained on human‑generated material and are very good at producing plausible answers. That does not make them reliable arbiters of truth.

In areas where outcomes matter, successful teams will pair probabilistic reasoning with deterministic verification. Humans play a critical role in framing problems, questioning assumptions, and deciding what must be verified rather than guessed.

Rather than eliminating people, AI changes which behaviours are valuable. Routine execution without context becomes less defensible. Systems thinking, judgement, and the ability to decompose problems into verifiable components become more important.

What this means for security leaders in AI and IoT

As AI, agents, and IoT converge, the challenge is not intelligence at the edge, but trust at the foundation.

Security models designed for slower, human‑paced systems struggle when attacks move faster, credentials scale across fleets, and autonomous agents interact across boundaries. In that environment, identity becomes the limiting factor.

For leaders operating across AI and IoT, there’s an implication that if credentials can move, risk will scale, and if they cannot, much of that risk collapses.

To listen to the conversation in full, watch the latest episode of the IoT & AI Leaders Podcast here.