“People love the idea that an agent can go out, learn how to do something, and just do it,” Jeff Hickman, Head of Customer Engineering, Ory, said. “But that means we need to rethink authorization from the ground up. It’s not just about who can log in; it’s about who can act, on whose behalf, and under what circumstances.” In the latest episode of The Security Strategist Podcast, Ory’s Head of Customer Engineering, Jeff Hickman, speaks to host Richard Stiennon, the Chief Research Analyst at IT-Harvest. They discuss a pressing challenge for businesses adopting AI: managing permissions and identity as autonomous agents start making their own decisions. They particularly explore the implications of AI agents acting autonomously, the need for fine-grained authorization, and the importance of human oversight. The conversation also touches on the skills required for effective management of AI permissions and the key concerns for CISOs in this rapidly changing environment. The fear that AI agents can go rogue or exceed their bounds is very real. They are not just tools anymore; instead, they can now negotiate data, trigger actions, also process payments. Without the right authorisation model, Hickman warns that organizations will encounter both security gaps and operational chaos. Explore how Ory helps global businesses build fine-grained, scalable, and future-ready identity systems for humans and machines. Visit Ory.com. Takeaways AI agents are increasingly autonomous and can operate outside defined boundaries. Permissions for AI agents must evolve beyond traditional models like OAuth. The scale of AI agents will significantly impact identity infrastructure. Fine-grained authorization is essential for managing AI agent access. Human oversight is crucial in ensuring AI agents operate within acceptable limits. Organizations need to define clear guardrails for AI agent behaviour. The role of traditional IAM professionals will change with AI integration. Understanding AI behaviour patterns will become a necessary skill. CISOs should prioritise the prompt identification of risks in AI security. A new class of professionals will emerge to manage AI interactions. Chapters 00:00 Introduction to AI Agents and Permissions 02:47 Challenges in AI Agent Authorization 05:59 The Scale Problem of AI Agents 09:01 Fine-Grained Authorization for AI Agents 12:07 The Role of Human Oversight in AI 14:56 Evolving Responsibilities in AI Permissions 17:56 Skills Needed for Effective AI Management 20:46 Key Concerns for CISOs Regarding AI Agents

Can Your Observability Stack Handle 24/7 Agentic Query Volume?
21 views

Agentic AI is changing Cybersecurity in 2026
22 views

Coding Agents are an identity problem in 2026
20 views

Claude Mythos and the future of cybersecurity
29 views

AI Hype vs Reality: What Security Leaders Are Getting Wrong
23 views

Why Most Enterprise AI Investments Fail to Deliver ROI
25 views