• The Midas Report
  • Posts
  • 🔐 SINET Rolls Out AI Security Rules to Tackle Identity Threats

🔐 SINET Rolls Out AI Security Rules to Tackle Identity Threats

3 min read.

Author

Midas AI
July 24, 2025

SINET has released a new guide designed to help organizations manage the rapid rise of AI powered threats targeting identity systems.

The framework addresses a growing crisis, the proliferation of semi autonomous identities created by agentic AI. These can trigger access creep and expose vulnerabilities. With identity related breaches now accounting for eighty percent of cyber incidents, this guide offers a much needed roadmap to secure path forward.

What the SINET Guide Actually Does

The document lays out a unified identity and access management architecture that bridges on prem, cloud, and SaaS silos. It emphasizes a single source of truth while introducing a new maturity model to guide phased adoption.

Critically, the rules highlight how to manage AI agents as first class citizens, tracking their lifecycle, assigning precise rights, enforcing least privilege access, and ensuring timely deprovisioning. The guide also outlines interoperability standards including Model Context Protocol and agent to agent communication. These aim to make autonomous agents discoverable and manageable across different platforms.

In short, SINET is asking organizations to treat AI identities with the same rigor as human or machine identities.

Why This Matters Now

Agentic AI is multiplying machine identities overnight. Each autonomous routine, retrieval agent, or AI pipeline creates its own identity, often with broad permissions. This is overwhelming existing IAM systems and leaving cracks for attackers to exploit.

More than seventy eight percent of CISOs report that AI driven threats have significantly impacted their enterprise security posture. Prompt injection, chain of trust hijacking, lateral movement, all are on the rise as AI behaves like another user inside your perimeter. Without new guardrails, enterprises risk spiraling over permission creep and unmanaged access.

What to Watch for in Your Org

Implementation matters.

Adopting this framework requires mapping hundreds or thousands of AI agent identities across the lifecycle, from creation to retirement. That means extending audit trails and visibility into AI initiated actions.

Least privilege becomes complex when dozens of agents share resources. Continuous entitlement reviews and just in time access become essential.

And rapid response is critical. If an agent goes rogue or behaves unexpectedly there must be kill switches in play and immediate revocation workflows in place.

Why This Is a Signal for Builders and Founders

This is more than policy. It is an emerging category.

Companies building identity platforms, model registries, AI governance tools, or agent orchestration systems must now bake in differentiated agent level controls. Lifecycle management, behavioural detection, interoperability, all are now baseline expectations.

Venture teams should anticipate regulatory interest in agentic IAM architectures. Tools that incorporate Model Context Protocol, real time entitlement dashboards, and agent revocation capabilities are poised for rapid adoption in regulated sectors like finance, health, and energy.

Your First Steps

Start with agent visibility. Audit your environment for both human and non human identities in everyday AI workflows.

Map the lifecycle of each identity and assign ownership. Build entitlement reviews into your normal review cycles.

Design kill switches and automated decommissioning as policy level primitives. Track all AI agent activity in logs and tie those actions back to roles and approvals.

And follow up with adoption of relevant standards and protocol readiness for inter agent communication.

SINET has issued a warning, and it's purposeful. Identity security will define enterprise and national level safety in the AI era. Organizations that act now will gain resilience and trust.

Sources