AI isn’t breaking IAM - it’s revealing what was already broken

While enterprise security teams are rapidly operationalizing AI, identity systems are struggling to catch up with the increasing demand to secure human and non-human identities across enterprise systems.

For Yossi Barishev, who is building an IAM startup in stealth, AI is not the disruption - it is the amplifier. "AI didn't create the problem," he says. "It just made it impossible to ignore."

What AI is surfacing is something identity practitioners have known for years: IAM infrastructure is fragmented, inconsistent, and heavily dependent on manual reconciliation. Data lives across directories, HR systems, SaaS applications, and homegrown tools. Integrations are brittle, context is incomplete, and the burden of stitching it all together still sits with the practitioners themselves.

Now that systems are beginning to act on that data autonomously - AI agents, agentic identities, AI-driven provisioning - those cracks are no longer latent. They become operational risks that scale at machine speed.

The industry does not lack warning signs. Identity has quietly become the dominant attack surface.

According to research from the Identity Defined Security Alliance, roughly 90% of organizations experienced an identity-related incident in the past year, with attackers exploiting gaps between disconnected IAM, PAM, and authentication tools.

Threat intelligence from Recorded Future reinforces the picture. Researchers observed a 50% increase in stolen credentials in the second half of the year, with attackers increasingly targeting systems that provide the broadest access.

The implication is clear: attackers are not exploiting sophisticated zero-days. They are walking in through the front door - and the front door stays open because fragmented IAM stacks cannot apply consistent controls across every system that matters.

Barishev frames it as an infrastructure problem, not a tooling gap. "Identity isn't failing because we don't have enough tools," he says. "It's failing because the tools we have can't reach the systems that matter most."

Most enterprises do not operate a single identity system. They operate an accumulation of them.

Hybrid and multi-cloud environments have made this fragmentation unavoidable. IAM tools are layered on top of legacy systems, SaaS platforms, and internal applications - each with its own access model, entitlement structure, integration mechanism, and business purpose.

Even basic modernization efforts struggle. According to miniorange, 71% of enterprises cannot consistently apply modern authentication controls like SSO or MFA to legacy applications - largely because those applications predate SCIM, SAML, and standards-based integration altogether.

The result is not just complexity. It is inadequate posture. 

Attackers aim at the weakest link, and uneven coverage across IAM systems creates the exposure they exploit. The calculus is straightforward: the more of an environment a modern IAM control plane can actually reach, the fewer opportunities attackers have to compromise credentials - and, given how much of the breach landscape is tied to identity compromise, the fewer opportunities they have to turn a credential into a breach. Fragmentation is not an inconvenience. It is a direct contributor to exposure.

What keeps IAM functioning today is not modern architecture or robust infrastructure - it is elbow grease. And lots of it.

Identity teams spend a significant portion of their time looking at CSV files, manually correlating data across systems, reconciling HR records with directory data, mapping entitlements, fixing correlation issues, talking to application owners, reviewing access policies, running certifications, and cleaning identity data.

This operational burden is rarely visible in dashboards, but it is where most IAM risk accumulates.

Barishev describes this as the "human middleware" problem. "We've built systems that don't play nice with each other," he says. "So people become the glue. They're the ones translating, validating, and making the necessary adjustments."

That model does not scale. It is slow during audits, fragile during incidents, and error-prone in day-to-day operations. Most importantly, it cannot support real-time decision-making - which is exactly what AI-era security assumes is already in place.

AI does not rescue identity operations, and it does not replace them. It amplifies whatever state they are already in.

When organizations deploy AI agents, automated provisioning workflows, and agentic identities on top of a fragmented stack, every existing weakness compounds. Inconsistent entitlement models become inconsistent decisions. Stale HR-to-directory mappings become incorrect access grants. Manual reconciliation gaps become autonomous errors - at scale, and without the human pause that used to catch them.

The threat side is moving in the same direction. Identity-driven attacks are increasingly automated, with adversaries leveraging AI to scale credential abuse and impersonation tactics - turning existing IAM weaknesses into high-velocity attack paths.

Recent research into unified identity governance models points in the same direction: organizations that bring human and non-human identity context into a single operational view measurably reduce identity-related incidents and improve response times. The gap, again, is infrastructural - not conceptual.

The issue is no longer whether identity systems are imperfect. It is whether they are stable enough for anything - human, machine, or AI - to act on safely.

The obvious objection is that IAM modernization programs have been underway for a decade, and the same problems keep reappearing. That is true. What has changed is not the diagnosis but the cost of inaction.

For most of IAM's history, a fragmented stack produced friction: slow access reviews, painful audits, tickets that took weeks. That friction was tolerable because humans were in the loop. When AI systems start making access decisions at machine speed, that same friction becomes exposure - measurable in minutes, not quarters.

Barishev's perspective is that most organizations are trying to accelerate before they have stabilized. "Everyone wants autonomous, AI-first security," he says. "But autonomy requires confidence in the underlying data and infrastructure. And most teams don't have that yet."

The practical sequence matters. Before deploying AI agents on top of identity, teams need to do the unglamorous work: modernize the systems that cannot speak SCIM or SAML today, unify identity context across human and machine accounts, and reduce the reconciliation burden that silently consumes identity teams. None of it is new. All of it is now urgent.

Identity systems were never designed for an age in which access is managed across thousands of applications, in hybrid environments, by software acting on behalf of both people and machines. There is a misalignment between the tools we have and the tasks at hand.

AI did not cause that misalignment. It is simply the first technology that refuses to work around it.

This article was written in cooperation with Tom White