AI Agents Beyond POCs: IAM Emerging Patterns Worth Watching

Jan 3, 2026

As software developers, we have a front-row seat to AI’s transformative potential. 84% of developers now use or plan to use AI tools, with tools like Claude Code already delivering ROI by reasoning through complex tasks autonomously. Getting them to work well is challenging enough. But scaling them across the enterprise with proper governance? That’s a whole different level of complexity.

Nearly 60% of AI leaders cite risk and compliance concerns as their primary adoption barrier. The challenge? Traditional IAM wasn’t built for systems that create intent rather than just forward it.

The Governance Gap

When agents autonomously decide which APIs to call and spawn sub-agents to handle tasks, fundamental questions arise:

Who is accountable when an agent makes a consequential decision?
How do we audit chains of delegation across multiple agents?
What prevents authority creep as agents scale?

Today’s enterprise struggles are just the beginning. As agents become more autonomous and operate across organizational boundaries, these challenges compound.

3 Key Patterns Emerging

1. Agentic On-Behalf-Of (OBO)

Dual-identity tokens (RFC 8693) that identify both human and agent, making every decision traceable.

2. Proof of Continuity

Rather than asking “who holds this authority?” at each step, asking “can this authority validly continue?” This enables delegation chains without central trust anchors—critical for cross-organizational agent workflows.

3. Trust-Spanning Frameworks

Decentralized credentials (DIDs/VCs) for establishing identity across organizational boundaries. DIF and ToIP working groups are developing protocols specifically for AI agent delegation and trust chains.

Resources I’m Finding Helpful

Slidedeck generated by NotebookLM:

I’m sharing as I’m learning. Let me know if I got anything wrong, and I hope this is valuable to you.