ConductorOne has extended the reach of its identity governance platform to artificial intelligence (AI) tools, agents and integrations based on the Model Context Protocol (MCP).

Additionally, the company has now integrated its namesake identity governance platform with the CrowdStrike Falcon Next-Gen Identity Security platform to provide access to threat intelligence in real time that can then be more easily correlated with governance policies.

ConductorOne CEO Alex Bovee said those AI Access Management extensions will make it possible for cybersecurity teams to extend existing governance policies to new classes of AI applications. That approach enables cybersecurity teams to address AI agent security issues without necessarily having to acquire a separate platform, he added.

In fact, a recent ConductorOne survey notes that cybersecurity and IT teams are often at the forefront of AI agent adoption. Nearly all (95%) survey respondents work for organizations that are already relying on AI agents to perform at least one IT or security task autonomously.

Additionally, 91% of respondents report that increased reliance on AI has led to increasing investments in identity access management (IAM) platforms, with 87% of respondents rating non-human identity risk as being either moderately to extremely urgent.

As such, many cybersecurity and internal IT teams now have firsthand experience with the guardrails that the rest of the organization should have in place.

Unfortunately, many end users are also adopting AI agents without permission. The extensions to the ConductorOne platform are designed to address that issue by making it simple for end users to register those tools with the ConductorOne platform using a process that takes less than 60 seconds to complete, said Bovee. Alternatively, cybersecurity teams can stipulate the access granted via the ConductorOne platform requires human review.

Once connected to the ConductorOne platform, every tool call is logged to enable compliance audits while at the same time making sure no credentials are exposed to end users, noted Bovee.

It’s not clear how proactively cybersecurity teams are going to be able to secure AI agents as the pace of adoption continues to accelerate. Many end users, for example, are downloading AI agents such as OpenClaw with little to no regard for the cybersecurity implications. The one thing that is certain is that adversaries will double down on stealing credentials that provide them access to AI agents that they will not only use to exfiltrate data but also compromise entire workflows.

Cybersecurity teams, of course, should be making sure best cybersecurity practices are followed, including making sure that humans remain in the loop of any workflow, to minimize risk as much as possible. Otherwise, it’s only a matter of time before a catastrophic incident reminds everyone the hard way why cybersecurity is more crucial than ever in the AI era.

Hopefully there will come a time soon when AI agents are simply just another type of identity to manage. Until then, however, cybersecurity teams would be well advised to prepare for the AI agent worst while continuing to hope for the best.