In Part 1, we explored how Agentic AI is beginning to transform identity security by addressing IAM’s “last mile” problem—the critical gap in managing disconnected applications, automating manual processes, and securing identity configurations.

But what makes this shift possible? What technologies underpin autonomous security decision-making, and how realistic are these capabilities today?

While Agentic AI represents a promising evolution in IAM, it is essential to separate what’s real today from what’s still theoretical. The following discussion provides a grounded, accurate view of Agentic AI’s current and potential role in identity security while acknowledging its limitations.

Let’s get down to business with dispelling some security bunk. 

Technology Behind Agentic AI in Identity Access Management (IAM)

Agentic AI introduces the possibility of a new level of adaptability to IAM by making context-aware, near-autonomous security decisions. Unlike traditional rule-based automation (RPA), these systems aim to evaluate real-time risk factors, dynamically adjust permissions, and optimize identity governance workflows.

Reinforcement Learning: A Practical AI Tool for IAM

One of the most widely studied applications of Agentic AI is reinforcement learning (RL). RL allows AI models to continuously refine their decision-making by simulating access patterns, security incidents, and attacker behaviors.

In IAM, reinforcement learning can improve risk-based authentication systems by dynamically adjusting security controls based on user behavior. For example, RL-powered AI can detect anomalous login activity and increase authentication requirements in real-time rather than relying on static multi-factor authentication (MFA) rules.

However, RL is not a silver bullet. Even with high accuracy rates, AI-driven IAM systems can still generate false positives and misclassified events, each with potential financial or legal consequences. This underscores the importance of maintaining human oversight in AI-driven security decision-making. TL;DR, we are still not close to an autonomous world but are moving in the right direction. 

Graph Neural Networks (GNNs): A Future, Not a Present Reality

IAM is built on relationships—who has access to what, how permissions evolve, and what constitutes normal behavior. GNNs offer a powerful approach to analyzing these relationships, making them a compelling potential tool for detecting privilege escalation, lateral movement, and unauthorized access chains.

However, current IAM systems are not widely implementing GNNs at scale. While GNNs have demonstrated strong performance in cybersecurity research, particularly in detecting network threats and fraud, real-world deployments in IAM remain limited. Organizations evaluating Agentic AI should view vendor messaging around GNN-based IAM solutions as pie in the sky since it’s an emerging field rather than a current standard. This will happen in the not-too-distant future, but we are still a reasonable distance away from this–let’s see how this comment ages.

Natural Language Processing (NLP): Limited but Growing Use Cases

The ability to process unstructured security data, such as IAM audit logs, access policies, and compliance reports, is a promising application of NLP. In theory, AI-powered NLP could help identity teams automate access reviews, detect policy inconsistencies, and identify risky permissions buried in security logs.

That said, NLP is not yet a core component of IAM automation. While AI-driven chatbots and virtual assistants increasingly use NLP for customer support and IT helpdesk functions, its role in proactively managing IAM security is still developing. For now, IAM teams continue to rely on structured log analysis and predefined rule-based policies rather than large-scale NLP-driven automation. As William Gibson said, “The future is already here, it is just unevenly distributed.”

Federated Learning: A Privacy-Preserving Concept, But Not Yet in IAM

Federated Learning (FL) is an emerging machine learning technique designed to improve AI models while preserving data privacy. Instead of requiring organizations to centralize sensitive information, FL allows AI models to be trained across multiple decentralized data sources—such as different enterprises or geographic regions—without exposing raw identity data. This approach has already shown promise in security-sensitive fields like biometric authentication and fraud detection, where privacy regulations demand strict control over personal data.

Despite its potential, FL has not yet seen widespread adoption in IAM. Current identity security systems prioritize on-premise and cloud-based AI models that analyze access behaviors within a single organization, rather than distributed AI training across multiple companies. For example, an AI model trained on decentralized IAM data from a tech company, a financial institution, and a healthcare provider would struggle to account for each organization’s unique access control policies, regulatory constraints, and security requirements. A high-risk access request in one company might be routine in another, making cross-industry identity modeling impractical. While federated learning could eventually support collaborative threat intelligence, its application in IAM today remains largely theoretical. Enterprises still favor centralized models that are trained on proprietary datasets tailored to their internal security environments rather than relying on generalized, cross-industry learning.

How Agentic AI is Changing IAM Operations

Despite some of the technical limitations, Agentic AI is already reshaping how organizations handle identity security, entitlement management, and compliance.

One of the most immediate impacts is in user lifecycle management. Traditional IAM processes for onboarding, role changes, and offboarding involve manual workflows, complex approval chains, and lengthy reviews.

According to Edward Wong, AI-driven IAM can automate access determinations based on role patterns, detect changes in user responsibilities, and proactively revoke unused permissions. Instead of relying solely on scheduled access reviews, AI-driven IAM continuously evaluates whether users need the permissions granted—removing unnecessary access before it becomes a security risk.

Agentic AI is also transforming access reviews and entitlement management. Instead of requiring managers to approve every user’s access manually, AI can pre-analyze access patterns, flag risky permissions, and suggest context-aware revocations. As Wong notes, this approach strengthens security and reduces the operational burden on IAM teams.

Limitations & Challenges of Agentic AI in IAM

While the benefits of Agentic AI in IAM are real, several critical challenges remain.

Reliability & Consistency

Unlike traditional IAM systems executing predefined workflows, Agentic AI systems rely on dynamic decision-making. This introduces a fundamental challenge: process inconsistency.

As security researchers point out, when AI agents execute the same task multiple times, they may generate slightly different outputs each time. This variability can create governance and compliance risks, especially in audit-heavy environments where process consistency is critical.

Implementation & Transparency Challenges

Organizations adopting Agentic AI face significant integration challenges. AI-driven IAM requires:

  • Seamless interoperability with existing IAM infrastructure
  • Robust explainability mechanisms to justify AI decisions
  • Governance frameworks to prevent over-reliance on AI automation

The risk of AI decision-making opacity remains a key concern. Without clear audit trails and human oversight, security teams may struggle to understand why AI agents approved or denied access requests—a major compliance risk in regulated industries.

Balancing Automation with Human Oversight

As Wong notes, Agentic AI should complement human expertise, not replace it. AI-driven IAM systems must be designed with built-in guardrails that ensure:

  • Humans retain final approval over high-risk access changes
  • AI-driven security policies remain explainable and auditable
  • IAM teams have control over AI decision thresholds

A hybrid human-AI governance model is likely the best approach, where AI handles routine decisions while humans oversee high-stakes security actions.

The Future of Agentic AI in IAM

Agentic AI represents a major evolution in how identity security is managed. By automating access reviews, detecting risky entitlements, and enforcing Zero Trust principles dynamically, AI-driven IAM is moving beyond static rule-based approaches.

However, the technology is not without its limitations. While reinforcement learning and role-based automation are already in use, advanced AI techniques like GNNs, NLP, and Federated Learning remain experimental in IAM. Organizations should approach Agentic AI adoption with a critical eye, ensuring that automation enhances rather than replaces human oversight.

As identity security grows more complex, AI will become a necessary tool—but not a perfect one. The future of IAM isn’t just automation—it’s smart automation, guided by human intelligence and robust governance frameworks.