From Intelligent Access Governance to Agentic Identity Governance
AI agents now act as identities across systems. Learn how IGA for AI and IGA with AI help you manage access, reduce risk, and automate governance.
Read this article
.svg)
AI agents now act as identities across systems. Learn how IGA for AI and IGA with AI help you manage access, reduce risk, and automate governance.
At RSAC 2026, we introduce Agentic Identity Governance to help organizations govern AI agents and use AI to manage access, risk, and identity workflows.
Trace the evolution of privileged access management, from static credential vaults to intent-driven, just-in-time access models.
AI agents now act as identities across systems. Learn how IGA for AI and IGA with AI help you manage access, reduce risk, and automate governance.
When we started BalkanID, the problem we were focused on was clear - access had become too complex, too distributed, and too hard to govern.
SaaS and cloud had fundamentally changed how organizations operate. Access was no longer centralized. Entitlements were exploding across applications. And most teams didn’t have a clear answer to a simple question: who has access to what, and should they?
We built BalkanID to solve that - using AI to bring visibility into access, reduce entitlement sprawl, and make access reviews and governance actually work in modern environments.
But even then, the idea wasn’t just to make IGA better.
The idea was to make it continuous, intelligent, and eventually autonomous - to put identity governance on autopilot.
Over the last few years, something changed that made this direction much more real.
AI moved from being an assistive layer… to becoming an operator inside systems.
Today, AI agents are querying data platforms, making changes in SaaS apps, writing code, triggering workflows. They are no longer just tools - they are acting entities inside enterprise environments.
And with that, they’ve quietly become identities.
In many cases, these agents have broad access across systems - often more than individual engineers - but without the same level of governance, visibility, or accountability. Most identity systems weren’t built for this. They were built assuming identities are human, roles are relatively stable, and reviews happen periodically.
That assumption doesn’t hold anymore.
Identity is becoming the control plane for how work gets done - across humans, systems, and now AI agents.
That’s what brings us to today.
We’re introducing Agentic Identity Governance at BalkanID - as a continuation of the direction we’ve been building toward from the beginning, now accelerated by what AI makes possible.
There are two parts to this.
The first is what we call IGA for AI.
AI agents, service accounts, API keys, tokens - these are all identities now. They need to be discovered, understood, and governed just like human users. That means knowing what they have access to, how they are interacting with systems and data, and whether that access is appropriate.
The second is IGA with AI.
If AI agents can operate systems, they can also operate identity governance itself. Access reviews don’t need to be manual workflows. Lifecycle actions don’t need to wait on tickets. Risk doesn’t need to be evaluated periodically.
AI can analyze, decide, and act - continuously.
This is something we talked about early on as “IGA on autopilot.” It felt ambitious then. Now it’s practical.
What ties this together is a slightly different way of thinking about identity governance.
Instead of starting from systems of record and trying to push policies down, we start from discovery - integrating with application APIs, activity logs, and systems directly to understand how access actually exists and is being used. From there, we build a unified view across humans, non-human identities, and AI agents, across both connected and disconnected applications.
That lets you govern from the outside in - regardless of where the identity originated or how it operates.
This becomes especially important in a world where agents can be created anywhere - inside apps, via scripts, through copilots, or external frameworks - but still end up interacting with enterprise systems.
At RSAC this year, we’ll be showing this live - AI agents running access reviews, analyzing risk, taking lifecycle actions through natural language… and also discovering and mapping other agents and their access across systems.
It’s a bit surreal to see it working end-to-end now, because this is exactly where we hoped things would go when we started.
Back then, AI was an enabler for better insights.
Today, it’s becoming the operator of the system itself.
That shift is what makes this moment different.
For us, this isn’t a new direction. It’s the same idea, now playing out in a much more powerful way.
Identity governance needs to evolve to handle both sides of this world - governing AI agents, and using AI to run governance.
IGA for AI. IGA with AI.
That’s what we’re building at BalkanID.
https://www.balkan.id/post/balkanid-introduces-agentic-identity-governance-at-rsac-2026