Identity at the edge

Each year, Identity Management Day (IMD) serves as a global reminder that managing digital identities is more than a technical requirement; it is a cornerstone of modern trust. Now in its sixth year, IMD continues to emphasise how identity itself is evolving, stretching beyond human users to encompass machines, automated agents, and even AI-generated personas.

In 2026, identity management is not just about who you are; it is about what represents you, who acts on your behalf, and how these digital stand-ins are verified, monitored, and secured. This year’s theme, ‘Finding Identity: The search for you, me, and the machines’, highlights the importance of understanding and preparing for this evolving and ever-changing landscape, including the modern workforce.

The expanding definition of identity

Originally, identity management focused on human users: verifying employees, managing access rights, and keeping phishing at bay. But the explosion of machine identities (from APIs and IoT devices to bots and AI agents) has transformed that landscape.

Consider this: for every human identity in a large enterprise, there may now be hundreds or thousands of non-human ones, appropriately called Non-Human Identities (NHIs). Each API key, service account, and automated pipeline represents a potential attack vector if not properly secured. As AI systems gain more autonomy, the concept of identity becomes even more fluid and complex. Such autonomous AI systems are called ‘agentic’, and have capabilities to act independently on behalf of humans or organisations.

In this new paradigm, orchestration is key: organisations must manage not only who can access what, but also how those entities (human or non-human) interact, delegate and authenticate.

Phishing evolution gains massive momentum

Microsoft reported that in 2025, AI-automated phishing emails achieved more than a 50% click-through rate. This is significantly higher than standard phishing attacks, so enterprises must adapt to AI-powered adversarial attacks by fighting AI with AI. Almost every organisation has reportedly leveraged AI and LLM processes to enhance their overall identity security strategies; however, this comes with even more risk. Shadow AI and the use of these tools leaves organisations a larger attack surface than traditionally known.

Deepfakes, synthetic identities and AI risk

The rise of AI has created powerful tools for deception alongside innovation. Deepfakes and synthetic identities can mimic real people, voices, and even corporate communications with alarming accuracy. The line between genuine identity and digital fabrication is blurring.

For organisations, this means the following:

• Increased social engineering threats: Attackers can impersonate executives or trusted partners using realistic audio or video.
• Authentication challenges: Traditional trust signals like voices, photos, signatures become less reliable.
• Legal and reputational risks: A single successful synthetic identity attack can trigger regulatory violations or erode customer confidence.
   

Identity Management Day 2026 underscores that trust must now be verified continuously and not just assumed. Verification mechanisms must evolve to detect behavioural, contextual and cryptographic proof of authenticity.

Beyond access: From management to orchestration

Identity used to be about access. Today, it is about interaction and orchestration, where ensuring that complex systems of people, devices, and agents can collaborate safely.

Forward-looking organisations are investing in the following:

• Unified identity platforms: These integrate human and machine identities under one governance model.
• AI-driven anomaly detection: These identify unusual identity behaviour in real time.
• Zero Trust architectures: Concepts where no user or system is inherently trusted, regardless of location or role.
   

Best practices for modern identity stewardship include:

• Thinking holistically: Manage identity across all vectors, from the human, machine, agentic, to synthetic.
• Automating lifecycle management: Provision, rotate, and revoke access automatically for both people and machines.
• Adopting continuous verification: Trust is not static. Behaviour-based authentication can detect identity drift or compromise.
• Educating and simulating: Regularly train teams on emerging identity risks, including deepfake scenarios.
• Collaborating and standardising: Engage with identity management frameworks and communities to align with evolving best practices.
   

The road ahead

As IMD celebrates its sixth year, its mission has never been more urgent. Identity is not just about credentials; it is about credibility in a world filled with digital doubles and algorithmic actors. Organisations that can manage identity effectively across this spectrum — from human, to machine, to agentic — will be the ones that maintain trust in an increasingly synthetic digital age.

Image credit: iStock.com/dem10