Ping Identity for AI covers autonomous agents
Enterprises deploying autonomous AI agents have a governance problem that traditional identity and access management was never designed to solve - and identity vendor Ping Identity is targeting that gap with a new product suite aimed at controlling what AI agents do at the moment they act.
Ping Identity has announced General Availability of Identity for AI, comprising three components: Agent IAM Core, Agent Gateway, and Agent Detection.
Agent IAM Core onboards, authenticates, and authorises AI agents as a distinct identity type with defined ownership and policy.
Agent Gateway provides a runtime enforcement layer for agent-to-system interactions, centralises monitoring and audit, and supports the Model Context Protocol (MCP) - an emerging integration standard that allows AI agents to connect directly to applications and data sources without a human intermediary.
Agent Detection, delivered via PingOne Protect, uses behavioural signals and bot authentication protocols to identify AI agents in operation and feed risk signals into authorisation decisions.
The product addresses a structural limitation in traditional IAM architecture. Conventional access management governs who can log in and what they can access at that point, but does not enforce controls over what authenticated agents do thereafter.
Identity for AI replaces agent impersonation of human credentials with delegated, scoped tokens, applying least-privilege enforcement at each individual action rather than at the point of authentication. Human accountability is retained under the model, with approval workflows supported for both on-behalf-of-user and fully autonomous flows.
MCP support is a significant element for enterprises evaluating AI agent infrastructure. The protocol allows AI agents to retrieve data, trigger workflows, and act inside enterprise systems at machine speed without routing work through a human. Security researchers have flagged poorly governed MCP connections as high-value attack paths, noting that compromised MCP tokens could allow threat actors to operate within critical systems with minimal visibility. Ping's Agent Gateway is positioned to standardise enforcement across MCP-based integrations without requiring organisations to rewrite existing services.
“AI agents are not features. They are actors in the enterprise that require identity, authority, and accountability,” said Andre Durand, CEO and Founder of Ping Identity.
“Identity is foundational. Agents acting autonomously at agentic scale and speed against systems of record will require continuous verification and enforcement at every decision.”
Ping is not alone in targeting this space. Microsoft announced its Agent 365 platform - described as a control plane for AI agents incorporating Microsoft Defender, Entra, and Purview capabilities - for General Availability on 1 May 2026.
Entro Security launched Agentic Governance and Administration (AGA) at RSA Conference 2026, and Veza has introduced Access Agents targeting AI identity governance.
A Cloud Security Alliance and Oasis Security report found that 78% of organisations lack formal policies for creating or removing AI identities, and 92% are not confident their existing IAM platforms can handle AI agents.