Skip navigation
Industry News

Introducing Duo Agentic Identity

Headshot of Matt Caulfield, VP of Product Management
Matt Caulfield
6 minute read

The pace of innovation with agentic AI is genuinely staggering, and if you're a security leader trying to keep up, you are not alone in feeling like the ground is shifting beneath your feet. Every week there is news about new model updates, tooling, and capabilities for agentic AI.

Somewhere in your environment right now, an AI agent is almost certainly operating without a proper identity, a defined owner, or any meaningful access controls. Developers are already connecting agents to production systems without looping in IT.

This is exactly why we built Duo Agentic Identity.

AI agents aren't productivity tools. They're autonomous actors that query databases, trigger workflows, send communications, and make decisions—capable of operating at machine speed and without human oversight. That's enormously powerful. It's also a security challenge your existing tools were never designed to handle.

Every agent is effectively some level of privileged identity with access far beyond what normal users have." - CISO, Technology sector

Existing identity tools weren't designed for this

Agentic AI breaks the core assumptions of your current identity stack.

  1. Identities operate at human speed and they are static. A human identity is defined at onboarding and updated infrequently. Agent identities are the opposite. They spin up at machine speed and are continuously evolving, shaped by changing tasks, new workflows, and model updates.

  2. Credentials are issued centrally and managed deliberately. Agents often inherit credentials from the LLM contexts they operate in, reuse tokens scoped for their human principals, or self-provision access through flows designed for human login. The credential chain is murky at best, brittle and insecure at worst.

  3. Access permissions can be relatively broad and long-standing. Coarse-grained access is more permissible when humans (who in most cases exhibit good judgement) are behind the wheel.

Non-human identity (NHI) governance tools exist, but they were designed for service accounts and API keys—static, predictable entities. They weren't built for the per-action, per-session enforcement that agentic AI demands.

The result is a widening gap between how fast organizations are adopting agents and how well those agents are governed. We need to fill that gap.

You don't have to navigate this alone

Most security teams are already stretched thin; organizations must manage human identity programs while trying to make sense of a rapidly evolving agentic landscape.

That's why Duo Agentic Identity is designed to meet you where you are. Whether you're just beginning to inventory your agents or already running them in production, we've built a path forward that doesn't require you to have everything figured out before you start.

What this moment requires is a platform that finds agent activity, governs agent identities end-to-end, and enforces least-privilege authorization at the level of individual actions—built on the identity and network foundation you already have.

Three capabilities built for what practitioners actually need

See every agent. Including the ones you didn't know existed.

"The first thing for us is discoverability. That's 100% the number one requirement." - Security Architect, Travel sector

Visibility into agentic activity is foundational. Most organizations already have agents running that no one in IT approved, owns, or can account for.

Duo Agentic Identity extends Cisco Identity Intelligence to provide a dynamic inventory of active AI agents across your environment. Unlike periodic scans, this is a continuous check; the moment an agent starts operating, it appears in your identity inventory.

Critically, because Duo Agentic Identity is built on the Cisco platform—which spans both identity and network—the solution can surface agents that have never formally registered with your identity provider (IdP). Traditional identity tools see what authenticates against them. Cisco sees what communicates across your infrastructure. That makes true shadow agent detection possible, and it's an architectural advantage of our approach.

Give every agent an identity. Hold someone accountable for It.

"Agent identities need to be first-class non-human identities, with tight controls around privileges and what they have access to." - CISO, Healthcare sector

Every agent operating in your enterprise needs a proper identity lifecycle: onboarded with clear accountability, monitored during operation, and governed throughout its existence.

Duo Agentic Identity builds on Duo Directory to provide a foundational directory where agents are registered as distinct identity objects—not service accounts, not proxies of their human operators. This development doubles down on our native support of OAuth 2.1 and Model Context Protocol (MCP) to ensure that agents can effectively run with Duo. Each agent is mapped to a human owner, assigned to groups for policy enforcement, authenticated at access and fully logged from the moment it is onboarded.

The result: Every action is traceable to a sponsor. And when an agent's work is done, lifecycle visibility gives your team the confidence to know that access has been removed.

Enforce least privilege at every tool call.

"Access policies for agents need to be least privileged." - CISO, Retail sector

Overprivileged agents are among the highest-risk conditions in any agentic deployment. And in an agentic context, least privilege needs to be a per-action constraint, evaluated at the level of each individual tool call.

Duo Agentic Identity enforces this control through an MCP gateway—a control point between your AI agents and the tools and systems they interact with. MCP is emerging as a standard interface through which agents discover and invoke enterprise tools. Rather than relying on each tool server to enforce access controls correctly, the gateway intercepts every request, evaluates it against Duo's fine-grained authorization engine, and permits or blocks the action before it reaches the target system.

Policies map specific agent identities and groups to specific tool calls, all while enabling granular control over scope, conditions, and permitted operations.

Fusing identity and the network for agentic control

The agentic identity market is filling with specialized tools. Solutions may extend existing NHI governance, ZTNA functionality, or Privileged Access Management (PAM) features. Each addresses real problems. None addresses the full scope.

The reason is architectural. Governing agentic identity effectively requires visibility at two layers simultaneously: the identity layer, where credentials are issued and agents are authorized, and the network layer, where agent communication and enforcement actually occur. Most tools operate at one or the other.

Cisco operates at both layers, and that convergence is what makes it possible to surface shadow agents, enforce policy consistently, and govern across a wide breadth of agentic deployments.

Trust is how you unlock the potential

The promise of agentic AI is real: faster operations, smarter automation, and capabilities that can genuinely transform how your teams work. But that value is only safe when it's built on a foundation of trust between humans and the agents acting on their behalf.

The organizations that will manage agentic AI risk effectively are the ones establishing governance frameworks now, before agents proliferate to the point where retroactive governance becomes a remediation project.

Duo Agentic Identity is here to help you build that foundation—at your pace, and with the confidence that you're not going it alone.

Learn more about Duo Agentic Identity here.