The “What” - Adopting Proactive AI Identity Security

As generative AI becomes more embedded in modern applications, it challenges many long-held assumptions about identity security.

One of the critical shifts comes from how these systems handle permissions—not just for incoming requests but for the increasingly dynamic access control requirements initiated by AI identities.

This article is the second installment in the series: “The Challenges of Generative AI in Identity and Access Management (IAM)”, where we attempt to answer some major questions about AI identity security:

• The “Who” - Understanding AI Identity in IAM

• The “What” - Adopting Proactive Identity Security

• The “Where” - Managing AI Permissions (Coming Soon)

• The “When” - Dynamic AI Access Control for a Changing Timeline (Coming Soon)

In my previous article in this series, “The “Who”—Understanding AI Identity in IAM,” I answered the first question of who is trying to gain access to our application.

Having tackled the issue of recognizing and categorizing our identities, we should now focus on deciding what these entities are trying to do in our system.

Let’s first talk about why this question matters so much -

Ingress Traffic vs. Egress Traffic

For years, authorization questions in applications have been tackled using a single approach - focusing on inbound (ingress) traffic. The deeper we moved deeper into internal software and services, the less we worried about permissions.

Requests are typically authorized at the API gateway level, and then some level of permissions is enforced for calls between internal services. This model worked well enough—until now.

With AI agents integrated into our applications, these can now perform actions we may not have explicitly anticipated. Unlike traditional microservices, which we design with clearly defined operations and security checks, AI agents are more unpredictable. They can trigger operations dynamically or even create new workflows during execution.

This means we need an efficient way to authorize outbound (egress) traffic.

Handling Egress Traffic

Tools like Lunar.Dev are the perfect solution in this context.

Lunar Dev is an open-source API gateway designed specifically for egress traffic. It acts as a proxy server for all outbound or internal requests, allowing us to implement authorization checks at this stage. By connecting Lunar Dev to an authorization service, we can:

• Fetch real-time policy and data information.
• Apply consistent enforcement across both internal and external API calls.
• Ensure smarter, safer implementations of AI agents.

This makes it possible to maintain control even over operations triggered by unpredictable agents within the system.

Integration with an Authorization Service

Lunar provides us with a great way to control the egress traffic and manage the API calls that all the AI agents are making, such as sending messages or reading files.

Yet, a fine-grained authorization solution that will help Lunar make relevant decisions based on the egress traffic is still needed.

To achieve that, you can use a fine-grained authorization service like Permit.io, or the open-source combination of Open Policy Agent and OPAL. These will let you create policies that control both inbound and outbound traffic.

Using an authorization service can help you manage authorization and fine-grained policies for both ingress and egress traffic, while other tools can be used to enforce the streamlining of policies.

Adopting Proactive Access Control

Another challenge with AI agents is their dynamic permission requirements. Unlike traditional software, these agents might realize mid-execution that they require additional access, such as to a specific table or new set of columns in a database.

This is an opportune time to adopt proactive access control.

In the earlier days of computing, we relied on Mandatory Access Control (MAC), which meant that developers entirely predefined permissions.

Then, we shifted into Discretionary Access Control (DAC), which allowed users to define permissions themselves. This is how most systems today handle authorization.

Today however, we must shift to a new form - Proactive Access Control, where open APIs enable tools to request access to new resources dynamically.

Proactive access control allows AI agents to request additional permissions dynamically. If an agent encounters a limitation—like being restricted to certain columns of a database—it should be able to say, “I need access to more columns to complete this task.” Instead of outright blocking these requests, we need a system that evaluates them dynamically and adapts permissions as needed.

Rethinking Authorization: Beyond Ingress

To properly address the question of what, we must rethink how we handle egress traffic alongside ingress traffic. If we’re implementing AI agents in our applications, assuming all permissions can be controlled solely based on inbound requests is no longer realistic.

The better approach -

• Streamlining Permissions: Establish clear relationships between inbound and outbound requests, ensuring consistency in enforcement.
• Decentralizing Enforcement: Use separate engines for outbound and inbound traffic, but integrate them into a unified permissions model.
• Anticipating Needs: Design systems that can adapt dynamically to AI agents’ evolving requirements without compromising security.

This proactive, dynamic approach enables us to manage permissions effectively while maintaining the flexibility that AI systems require.

Permit.io or open-source tools such as OPA and OPAL allow you to take a proactive approach to identity security, ensuring your systems remain secure without sacrificing flexibility.

You can try Permit.io’s free community tier to test how that works yourself.

With the question of “What” addressed, we can turn to the next critical question: Where are these identities trying to go? For the answer to this question, stay tuned for our next article in the series: “Where Can They Go? Managing Permissions for AI Identities”

Until then, if you have questions or want to learn more about IAM, Join our Slack community, where hundreds of developers are building and implementing authorization.