28
Years of experience
Our numbers speak for themselves
+100
Active certifications
76
Projects launched in 2025
17
Country
cutlery
+40
IAM/PAM/IGA Certified Experts
Governance of AI Agent Identities
Identify, classify, and manage AI agents as fully-fledged digital identities.
-
Mapping of AI agents used within the organization, including official, experimental, or unreported agents
-
A governance model specifying the owner, scope, risk level, and purpose of each agent
-
Rules for creating, validating, modifying, and removing identities associated with AI agents
-
Aligning AI agent governance with IAM, IGA, PAM, cloud security, and machine identity policies
Access Control and Permissions for AI Agents
Secure the access granted to AI agents to limit excessive privileges, uncontrolled use, and unauthorized actions.
-
Access models based on least privilege, context, agent role, and the criticality level of actions
-
Granular permissions for applications, APIs, data, internal tools, and cloud environments
-
Control of sensitive actions through human approval, temporary access, conditional rules, or validation mechanisms
-
Reduced risk of privilege escalation, lateral movement, or indirect access via agent chains
Management of secrets, tokens, and AI credentials
Protect the secrets used by AI agents to prevent leaks, unauthorized access, and hidden dependencies on credentials.
-
Secure encapsulation of API keys, OAuth tokens, certificates, technical accounts, and secrets used by AI agents
-
Policies on rotation, expiration, revocation, and restrictions on the scope of use of credentials
-
Removal of sensitive information from prompts, logs, configuration files, or code repositories
-
Strict separation of credentials by agent, environment, application, risk level, and business use
Monitoring, traceability, and auditing of AI actions
Knowing exactly what an AI agent did, with what permissions, on what data, and for what reason.
-
Comprehensive logging of actions performed by AI agents: access, queries, API calls, modifications, decisions, and executions
-
Correlation of AI events with existing SIEM, SOC, ITSM, PAM, IAM tools, and monitoring platforms
-
Checks to detect abnormal behavior, destructive actions, or unauthorized access
-
Audit evidence that traces accountability among the user, the agent, the tool, the target system, and the action performed
Securing agency workflows
Secure the autonomous action chains executed by AI agents, particularly when they interact with multiple systems.
-
Analysis of agent-based workflows to identify decision points, sensitive actions, and critical dependencies
-
Safeguards for high-impact actions: deletion, configuration changes, access to production, data transfer
-
Monitoring the tools available to AI agents to limit unnecessary or dangerous capabilities
-
"Human-in-the-loop" scenarios to require human validation before critical operations
Compliance, Risk, and AI Control Framework
Establish a measurable control framework to ensure the secure use of AI agents and meet audit requirements.
-
Risk assessment of AI agents based on their intended uses, the data they process, the systems they access, and their level of autonomy
-
Internal policies governing the use, access, responsibilities, and operational limits of AI agents
-
Compliance dashboards related to agents, their permissions, actions, exceptions, and incidents
-
Alignment of controls with AI security and risk management frameworks, including the NIST AI RMF approaches
What we do today
65%
AUTOMATED LEVEL 1 REQUESTS
4 hours → 15 minutes
USER SUPPORT AGREEMENT
100%
AUDITABLE DECISIONS
RESULTS ACHIEVED
• 65% of Level 1 requests are processed automatically without human intervention
• Average SLA reduced from 4 hours to 15 minutes for automated requests
• 100% of decisions are auditable with full traceability of the chain of responsibility
• IAM teams freed up to focus on high-value-added projects
• AI governance framework validated by compliance teams and submitted to the regulator
IDENT1TY APPROACH
• Mapping of Level 1 request types that can be automated and definition of compliance safeguards
• Design of an AI agent with automatic escalation to a human operator for sensitive or ambiguous cases
• Integration of the agent into the existing ITSM with full logging of each decision for auditing purposes
• Establishment of a documented AI governance framework aligned with DORA and ACPR requirements
• Pilot phase covering 20% of applications, with gradual validation prior to full implementation
10-year projected turnover rates for intermediate management
AI Agents · Universal Banking
AI agent for identity service desk support
Automated processing of Level 1 access requests under human supervision, with compliance safeguards.
6,000 requests per month
ITSM · IGA · AI · DORA
6 months
• Value-added tasks are constantly pushed aside by the flood of repetitive tickets
• SLAs of several hours for trivial requests — a major source of frustration for users
• ACPR and DORA compliance risk associated with automation without a governed framework
• The need to maintain human oversight of sensitive decisions
Implement end-to-end cryptographic governance, IEC 62443
POINTS OF FRICTION
BACKGROUND & ISSUES
The identity service desk was handling a high volume of repetitive requests, leaving IAM teams with little time for high-value tasks.
The security department wanted to test an AI agent capable of handling Level 1 tasks without compromising compliance or replacing human oversight on sensitive decisions.
Our technology partners
Use cases
45%
REVOCABLE RIGHTS
-40%
TIME MANAGER BY MAGAZINE
100%
EXPLAINABLE RECOMMENDATIONS
RESULTS ACHIEVED
• A 45% increase in the number of at-risk claims correctly revoked in the first campaign using scoring
• 40% reduction in time spent managing each review campaign thanks to contextual recommendations
• 100% of recommendations are explainable and traceable, and validated by internal control
• Campaign completion rates rose from 68% to 94% thanks to a simplified interface
• A model undergoing continuous improvement, with the accuracy of recommendations increasing with each campaign
IDENT1TY APPROACH
• Development of a scoring engine that leverages usage logs, the age of rights, and peer comparisons
• Integration of recommendations directly into the existing IGA review interface, without changing the tool
• Each recommendation is accompanied by an explanation that is clear to the manager and traceable for audit purposes
• The manager remains the decision-maker; the agent makes suggestions; the person approves or rejects them
• Gradual learning of the model based on decisions validated by managers
AI Agents · Insurance — Joint Group
AI-powered decision-making agent for access reviews
Contextual recommendations and risk scoring to transform IGA campaigns into qualitative reviews.
9,000 employees · 250 applications
IGA · AI · Scoring · Compliance
5 months
• Managers who lack the time or context to analyze each claim individually
• Usage logs, rights history, peer comparisons — signals available but not utilized
• Strong requirement for explainability in internal control
• Don’t impose an automatic decision; instead, help people make better decisions
POINTS OF FRICTION
BACKGROUND & ISSUES
Access review campaigns were plagued by a phenomenon of indiscriminate mass approval. Managers, faced with the task of approving hundreds of access requests, proceeded without conducting any real analysis.
The challenge was to restore the purpose of the reviews without overburdening them, by using available data to focus their attention on cases that were truly at risk.
Another case, another challenge.
Why do most AI projects fail?
AI agents that access your critical systems
AI agents interact with your sensitive data, APIs, and infrastructure. Without proper governance, each agent is an open door.
Invisible and unmonitored machine identities
Unlike humans, AI agents don't have ID badges. Their access privileges are rarely documented and never revoked.
Strict regulations
NIS2, DORA, the AI Act—regulators require full traceability of automated access. Without AI governance, compliance is impossible.