In the rapidly shifting landscape of enterprise technology, the intersection of identity security and artificial intelligence has become the new frontline for innovation. As digital labor begins to permeate the corporate world, the traditional boundaries of cybersecurity are being redrawn to accommodate autonomous agents that operate at machine speed. Maryanne Baines, an authority in cloud technology and enterprise infrastructure, joins us to discuss how the industry is navigating the “SaaS-pocalypse” fears and why identity access is the $80 billion plumbing that will underpin the future of the agentic enterprise.
The rise of AI coding tools has led to fears of a “SaaS-pocalypse” and declining market valuations for major tech firms. How do you differentiate between a product built by a bot and one hardened by years of security scaling, and what specific technical hurdles prevent LLMs from replicating complex platforms?
While the industry is feeling a sense of paranoia over “vibe coders” using LLMs to spin up applications overnight, there is a massive gulf between a functional interface and a hardened enterprise platform. A bot can generate code that looks right, but it lacks the historical context of years spent patching vulnerabilities and ensuring a system can scale to meet the demands of 20,000 global customers. Major tech stocks have seen double-digit percentage drops recently due to these fears, yet the reality is that reliability and security are built through iterative hardening that an LLM cannot yet simulate. We focus on the fact that true resilience comes from the “plumbing” of the software—the invisible, robust architecture that handles complex edge cases and heavy loads without breaking.
The shift toward digital labor is expected to quadruple the identity access market to $80 billion. What are the specific security risks when AI agents operate in sensitive organizational areas, and how does your infrastructure ensure these autonomous entities don’t exceed their authorization or create new vulnerabilities?
The expansion of the market from $20 billion to $80 billion reflects the high stakes of moving from human-centric access to a world populated by digital labor. The primary risk is these systems “running amok” without proper visibility, which is why organizations are currently hesitant to deploy them widely in sensitive areas. To mitigate this, we treat AI agents as distinct identities that require the same—if not more—rigorous oversight as a human employee. Our infrastructure provides the necessary visibility to ensure that an agent’s permissions are restricted to its specific task, preventing it from pivoting into unauthorized systems. It is about creating a secure environment where the agent can be productive without becoming a backdoor for a breach.
Monetization strategies for digital labor are moving toward per-connection or per-agent-per-human models. How do these billing structures influence enterprise adoption rates, and what practical steps should companies take to manage the costs and visibility of a rapidly expanding fleet of autonomous agents?
Adoption is heavily influenced by how predictably a company can scale its digital workforce, which is why we utilize two distinct billing models: one based on the number of agents assigned to a human and another based on the number of system connections. These structures help enterprises quantify the value of digital labor, essentially treating agents as a new tier of the workforce that requires its own budget line. To manage this expanding fleet, companies need to implement centralized governance tools that track exactly what each agent is doing and what systems it is touching. This visibility is the only way to prevent “agent sprawl,” where costs and security risks grow unchecked because the organization has lost count of its autonomous entities.
Recent identity theft campaigns and helpdesk scams demonstrate that social engineering remains a critical threat to enterprise security. How are you evolving threat protection to counter these Scattered-Spider style tactics, and what metrics should security teams track to determine if their posture is truly resilient?
The “easy button” for modern criminals is no longer just brute force; it is the sophisticated social engineering and helpdesk scams we’ve seen targeting major organizations lately. We are evolving our threat protection by integrating Identity Threat Protection and Device Access tools that move beyond static passwords toward continuous authentication. Security teams should be tracking metrics like the percentage of “new bookings” for advanced governance tools—which recently reached 30% for us—to gauge how well they are adopting modern defenses. Resilience is measured by how quickly a system can identify an anomalous login attempt, even if the credentials appear valid, and shut down access before data is leaked.
New governance and privileged access tools now represent a significant portion of new bookings as organizations prepare for an agentic future. What are the core components of “fine-grained authorization” for AI, and how do you implement these controls without slowing down the speed of automated workflows?
Fine-grained authorization is the surgical precision of access control, ensuring an AI agent can read a specific file without having permission to delete the entire database. It involves a combination of Privileged Access and Identity Governance that creates a high-definition map of what is allowed and what is not. We implement these controls by embedding them directly into the “plumbing” of the enterprise so that authorization checks happen in milliseconds, preserving the speed of the automated workflow. This allows developers to build fast with LLMs while the security layer acts as a safety rail that operates at the same machine speed as the agents themselves.
What is your forecast for the identity access market?
My forecast is that the identity access market is on a trajectory to become the most critical pillar of the entire cybersecurity industry, likely exceeding even the current $80 billion projections as the “agentic enterprise” becomes the standard. We are looking at a future where identity is the primary fabric stitching together human labor and digital labor, and as revenue grows—ours was up 12 percent to $2.9 billion this past year—we see that the demand for these “plumbing” services is only accelerating. Within the next few years, I expect that managing digital identities will represent the largest share of IT security budgets because, without a secure way to verify who or what is performing a task, the efficiency gains of AI simply cannot be realized safely.
