https://www.ngallo.it/tags/agentic/Recent content in Agentic onHugoen-uknicola.gallo@nitroagility.com (Nicola Gallo)nicola.gallo@nitroagility.com (Nicola Gallo)Tue, 05 May 2026 00:00:00 +0000https://www.ngallo.it/blog/2026-05-05/trusting-ai-agents-who-is-acting/Tue, 05 May 2026 00:00:00 +0000nicola.gallo@nitroagility.com (Nicola Gallo)https://www.ngallo.it/blog/2026-05-05/trusting-ai-agents-who-is-acting/<figure class="post-banner"> <img src="https://www.ngallo.it/images/2026-05-05/taia-who/trust-ai-agents-who-is-acting.png" alt="Sample Work Pool" loading="lazy"> <figcaption>Who Is Acting?</figcaption> </figure> <p>AI agent security is usually approached as an <strong>identity problem</strong>: the question becomes <em>&ldquo;what is the agent&rsquo;s identity, and what is it allowed to do?&rdquo;</em>. This framing is inherited from decades of human-centric and client-centric authorization design, and it works reasonably well as long as the entity being authorized is stable, persistent, and accountable in its own right. AI agents are none of those things in practice, and the framing produces a steady accumulation of edge cases that <strong>identity-centric security models</strong> keep trying to patch without changing the underlying assumption.</p>