How Curity is Changing AI Agent Security with Runtime Controls
74By 2026, enterprise developers are rapidly deploying sophisticated AI agents that operate with increasing independence and speed. Securing these agents has become a major challenge. Traditional tools for identity and access management (IAM) weren’t built for such complex, fast-moving systems. As the number of AI agents grows—both approved ones and those created secretly—the risk of security gaps increases. Companies are now searching for new ways to protect these powerful tools, with some big players like Okta and Microsoft stepping in. But a smaller firm from Sweden, Curity, believes the best solution lies in a different approach.
Why Traditional IAM Falls Short for AI Agents
Traditional IAM systems are designed around the idea that applications are accessed by humans or simple machine identities. These systems rely on one-time authentication, where permissions are granted upfront. But AI agents don’t fit this model. They perform long chains of actions at lightning speed, making their access unpredictable and complex. Locking them down too tightly can break their functionality, while giving them free rein can leave security holes. This mismatch creates a pressing need for a new security approach tailored to the unique nature of AI agents.
Organizations are starting to realize that older methods don’t cut it anymore. The rapid growth of both authorized and shadow AI agents adds to the challenge. Without proper security, these agents could become attack vectors or lead to governance issues. This has led to calls for more flexible, real-time control mechanisms that can keep pace with AI’s speed and complexity.
Curity’s Runtime Authorization: A New Approach
Curity, a smaller player from Sweden, offers a fresh take. Instead of trying to secure AI agents with static permissions, they see agents as a special kind of application. Like regular apps, agents call APIs and communicate with servers, but they do so at a much faster and more dynamic rate. Curity’s solution, called Access Intelligence, builds on its existing identity platform called Identity Server.
The key idea is to treat access as a real-time decision. Curity extends OAuth tokens, which are usually just permission slips, to carry more detailed info about the agent’s purpose and intent. When an agent starts a new task, it gets a fresh token that specifies what it’s allowed to do. If the task is high risk—like transferring money—the system can even require human approval before proceeding. This way, permissions are granted on-the-fly, adapting to each specific action.
This approach allows for much more granular control. Each request generates a new token, which acts like a dynamic permit. If needed, human oversight can be integrated into the process, making it suitable for sensitive operations. The goal is to keep agents both functional and secure at the same time, avoiding the pitfalls of static permissions that can either hinder performance or create vulnerabilities.
Current Methods and the Future of AI Agent Security
Today, there are a few main ways to secure AI agents. Some rely on inline tools like API gateways and web application firewalls, which monitor traffic in real-time. Others use out-of-band systems that analyze agent behavior after the fact to infer intent. However, these approaches are often inadequate for the speed and complexity of modern AI agents.
Inline tools can be too rigid or slow to keep up with fast-moving agents, while post-hoc analysis may be too late to prevent security issues. Curity’s runtime authorization aims to bridge this gap by making security decisions dynamically, as the agent operates. This method promises more precise control, reducing the chances of security breaches while allowing AI systems to function smoothly.
As AI continues to evolve, so will the tools needed to keep it safe. Curity’s innovative approach highlights the importance of real-time, flexible security that can adapt to the unique demands of autonomous AI agents. It’s a step toward more resilient and trustworthy AI deployments in enterprise environments.
What do you think?
It is nice to know your opinion. Leave a comment.