Forrester: Identiverse 2026 turned agent identity into an IAM story

Forrester's Identiverse 2026 recap, published this morning, makes the case that identity security is no longer a human-employee problem. With 75 to 85 percent of organizations already adopting AI agents, agents are now the largest single class of non-human identity inside the enterprise, and the IAM stack has to govern what agents do, not what they read.

The recap from Forrester analysts Andras Cser and Geoff Cairns, summarized in their Identiverse 2026 post, frames the shift with a quote from Ping Identity CEO Andre Durand's opening keynote: identity is moving from access to "actions, not access." An agent does not open a document and stop there. It opens a document, calls a tool, writes back to a system, and triggers a downstream workflow, and the blast radius of a misconfigured agent is measured in actions taken, not in rows read.

The 200-plus expo booths and the breakout sessions on FIDO passkeys, fraud, data and privacy, and threat detection all pointed to the same conclusion: the next phase of identity security will be defined by how well organizations govern what their agents can do. Even if the real adoption number is half the Forrester estimate, the industry is no longer arguing about whether to govern agent identity. The argument is now about how.

The Identiverse 2026 framing: actions, not access

The Forrester recap captures the conference as a turning point on the "actions, not access" framing. Andre Durand's keynote argument was that the traditional model of identity security, which treats access as a static decision made once and enforced at the perimeter, no longer fits an enterprise full of AI agents that take actions, not just consume resources. The blast radius of a misconfigured agent is measured in actions taken, not in rows read, and the IAM stack has to be redesigned around that reality.

The conference reinforced the framing in two concrete ways. First, the Forrester analysts reported that the expo floor was dominated by NHI and AI-security messaging, with every major identity vendor, including Okta, Microsoft, and Ping Identity, showing products aimed at the agent identity problem. Okta, Microsoft, and Ping Identity have already published ready-to-deploy IAM-for-AI-agent blueprints, which Forrester's recap calls overdue and solid starting points. Second, the breakout sessions spanned the same problem from every angle, including mobile driver's licenses, FIDO passkeys, fraud, data and privacy, threat detection and response, and software development practices. The breadth is the point: the industry is starting to treat agent identity as a horizontal concern that touches every other security discipline, not a vertical subcategory.

The 75 to 85 percent adoption number is the load-bearing data point. Forrester heard presenter estimates that figure during the conference, and the recap treats it as the lower bound on how much of the enterprise workforce is now non-human. AI agents are no longer an experiment. They are an identity tier, and the IAM stack has to govern them the same way it governs human employees and deterministic machine identities. AIntelligenceHub's look at how CrowdStrike framed continuous identity for AI agents covers the same shift from a different angle and is the closest recent read on the agent identity category.

Five takeaways for the agent identity stack

Forrester distilled the conference into five concrete takeaways for the IAM stack, and each one is a separate workstream for security and platform teams. The first is that AI agents require new discovery and governance methods. The current IAM tooling is built for static, human-time-horizon identities, and the new stack has to be real-time, context-aware, and build-time-intent-aware. Delegation, not impersonation, is the recommended design pattern: a user should be able to spawn an agent that acts on their behalf, with a uniquely identified identity, rather than the agent impersonating the user directly. The second is that agents need new access policy decision frameworks. Authentication is the easier part, since AI agents use OAuth 2.1 OIDC tokens to authenticate to MCP servers and other resources. Authorization is where the paradigm shift is sharpest: agents need intent-verified, boundary-constrained policies, not just RBAC. The third is that risk definition and measurement is still unclear. An agent that hoards a cart, makes a fraudulent purchase, or takes an action that upsets the human owner creates a new kind of financial and reputational risk, and the industry does not yet have a mature product solution for it. The fourth is that IAM for AI agents has to fit into the existing IAM mesh, not sit alongside it as a parallel system. Trying to cobble together a nonstandards-based IAM solution for agents creates technical debt fast, which is why the Okta, Microsoft, and Ping Identity blueprints are the right starting point even if they are not the final answer. The fifth and most uncertain takeaway is that identity standards are still in flux. Auth.md, ID-JAG, SPIFFE, AIUC-1, and the IETF RFCs around agent authentication are either not final, a work in progress, or less than twelve months old, and commercial support is scarce. Organizations are waiting for the standards to solidify before they fully commit, and that is a reasonable position to take.

The throughline is that the industry has converged on the problem but not on the solution. Authentication has converged on OAuth 2.1 OIDC for MCP server access, which Forrester's recap treats as the easier, more mature part. Authorization is where every vendor at Identiverse 2026 was showing a different product, and where the Forrester analysts saw the greatest paradigm shift away from static RBAC toward intent-verified, context-aware, boundary-constrained decisions.

What standards are still missing from agent IAM

The standards landscape is the part of the Identiverse 2026 conversation that is most likely to be different in a year. Forrester's recap lists Auth.md, ID-JAG, SPIFFE, AIUC-1, and the IETF RFCs as the candidate standards, and the recap notes that all of them are either not final, a work in progress, or less than twelve months old. SPIFFE is the most mature of the five, since it has been in production at hyperscalers for years, but the agent-specific extensions are still being worked on. Auth.md and ID-JAG are newer and less widely deployed. AIUC-1 is the AIUC consortium's effort to define a category of standards for AI agents, and the Forrester recap treats it as promising but not yet a commercial product reality.

The practical implication for platform teams is that the next twelve months will look like a period of partial standardization, with each vendor picking a different subset of the candidate standards and customers having to integrate across them. The Forrester analysts reported anecdotally that organizations are waiting for the standards to mature before they fully commit, which is the right call for any team that has to defend the IAM stack to an auditor. The risk of betting on the wrong standard early is real, and the cost of replacing an IAM-for-agents deployment that turned out to be built on a draft is higher than the cost of waiting another two quarters for a clearer picture. AIntelligenceHub's enterprise AI governance checklist is the right starting point for any team that is trying to map the current standards landscape to the controls their auditors will ask for, and it is the kind of document that needs to be updated quarterly until the standards settle.

The Identiverse 2026 recap is also a useful signal of where the major identity vendors are going to spend the next two quarters. Okta, Microsoft, and Ping Identity are already shipping IAM-for-AI-agent blueprints, and Forrester's recap treats those blueprints as the right starting point. The next round of product announcements, at Black Hat USA 2026 and the Gartner IAM Summit in the fall, will be where the standards work shows up in commercial products. The teams that read the Identiverse 2026 recap carefully and use it to update their agent identity roadmap will be the ones that ship a defensible agent IAM stack by the end of 2026, and the teams that wait for the standards to finalize will be the ones paying for the catch-up in 2027.