- Identity tokens are becoming critical infrastructure as AI agents dramatically expand the number of non-human identities that CSPs and enterprises must authenticate
- NIST is racing to adapt token security standards
- Quantum computing presents another looming risk
You’ve probably heard plenty about the AI tokens used to measure large language model performance, but there’s another kind of token that will be a big deal in the AI era: identity tokens used for digital authentication and authorization. Cloud and communications service providers (CSPs) and enterprises alike need to prepare for the hurdles on the horizon.
Identity tokens are cryptographically signed digital credentials — such as JSON Web Tokens, OAuth or OpenID Connect tokens — that allow users and devices to prove who they are to gain access to sensitive applications, services and data.
The U.S. National Institute of Standards & Technology (NIST) has been working to beef up identity token security in the wake of a few high-profile, token-related breaches, including the notorious SolarWinds cyberattack, which utilized forged Security Assertion Markup Language. But their job is about to get a lot harder because the number of identity token “users” is about to explode thanks to agentic AI.
“You’re going to go from dealing with a [small] subset of non-human identities to potentially a very large proliferation of non-human identities,” Ryan Galluzzo, Identity Program Lead in NIST’s Applied Cybersecurity division, told Fierce.
In that scenario, managing identity tokens at a massive scale isn’t the only hurdle. Security experts will also have to figure out how to deal with a huge number of “on behalf of” requests made by agents. F5 VP of Engineering Jimmy White recently issued a similar warning about the impact of AI agents on security.
“So, how do we deal with delegation where I’ve told an agent to go do things and that agent is going to operate somewhat autonomously and in a more probabilistic way than most previous software automation,” Galluzzo said of the challenge.
That entails understanding where the agent is going, how authorizations granted to an agent flow back to the individual who asked it to do the task in question, and figuring out whether and when to trigger a human in the loop if an agent tries to take an action beyond what’s allowed by its authorization profile.
“I don’t think tokens go away, I think they have to adapt and expand to meet new challenges,” Galluzzo said. To that end, he noted NIST is looking to initiate a project to tackle this topic in the near future.
Quantum conundrum
The rise of quantum computing is another complicating factor looming over the identity and access landscape. The threat, of course, is the commercialization of quantum computers that can crack current encryption keys easier than shelling pistachios.
This ominous milestone is commonly called “Q-Day,” and it is more likely than not to arrive by 2035.
Galluzzo said cryptography underpins “all of our security on the internet” and that won’t change. But encryption algorithms will likely change and encryption keys could get longer.
He added that a CSP or enterprise’s exposure to quantum computing really depends on what their encryption keys are used for.
Takeaways
Asked for the single biggest thing CSPs and businesses can do to protect their identity tokens, Galluzzo offered two.
First, companies across the board should protect their signing keys. That means ensuring signing keys aren’t accidentally left or copied into in an unsecured storage environment and making sure keys are fully invalidated and destroyed once they are rotated out of use.
“If you were to have a compromised signing key, it becomes much, much more challenging to both detect attacks and deal with those attacks,” he said. That’s because a compromised signing key can be used to sign token assertions so that they look legitimate.
His second tip? Make sure your systems are appropriately validating tokens before granting access to sensitive systems and data. In other words, check that identity tokens are actually signed by keys that are supposed to be used in the specific system and architecture they’re trying to access.