Identity and Access Management (IAM) has become one of the central challenges in cybersecurity, as identity theft serves as the primary entry point in many attacks. Global research indicates that a significant share of breaches originate from compromised identities - whether through stolen passwords, poorly managed permissions, or orphaned accounts. Attackers don't just breach from the outside, they hijack legitimate identities to move freely from within organizations.
Many cybersecurity incidents originate from compromised identities, exposing a fundamental weakness in how organizations manage digital identity. Common methods include phishing, credential stuffing, and accounts belonging to former employees that were never properly deactivated - orphaned accounts that remain live after the employee has left. These attacks make one thing clear: static identity management no longer cuts it. Organizations need a dynamic approach, one that includes continuous analysis of context, behavior, and risk levels, alongside structured processes and multi-layered protection.
Identity and Access Management (IAM) teams face a growing burden as the volume of users, applications, and systems keeps growing, compounded by a shortage of skilled personnel. This gap leaves Identity teams stuck in permanent firefighting mode instead of executing proactive, policy-driven programs. The proliferation of tools (for PAM, IGA, MFA, anomaly detection, etc.) adds operational complexity, making it harder to manage permissions consistently and increasing the risk of errors, tools fatigue and burnout among security teams.
The Future of IAM: AI Digital Employees
Advances in AI are enabling a shift from manual processes to autonomous mechanisms based on Agentic AI. Intelligent agents analyze context, intent, and risk level, and make decisions in accordance with organizational policy. These capabilities include real-time information analysis, detection of anomalous behavior, and controlled action-taking with Human-in-the-Loop oversight. Implementing these solutions requires precise design specifications, clearly defined operating boundaries, and support for adequate agentic governance. This represents a significant leap in an organization's ability to handle complex threats by onboarding an AI Digital Employee that frees up human teams for strategic work.
The collaboration between Deloitte and Twine Security was born out of the need to integrate autonomous AI agents alongside human employees in cybersecurity departments.
The collaboration between Deloitte and Twine Security was born out of the need to integrate autonomous AI agents alongside human employees in cybersecurity departments. These agents execute security tasks end-to-end, including autonomous orchestration, report generation, handling permission exceptions, identifying excessive permissions, and implementing mitigation actions. Twine’s AI digital employee, Alex, augments cybersecurity teams’ capabilities, handling the operational load so human experts can focus on what machines can't do.
Twine Security reports measurable reductions in workload and excessive permissions among organizations implementing autonomous capabilities. Twine's founding team identified the challenges organizations face in implementing security strategies due to overload and operational complexity. Their Agentic AI model frees teams to focus on critical work while routine operations run autonomously. Deloitte supports organizations in modernizing their identity management systems, embedding autonomous AI agents into a flexible, unified, AI-native framework that reduces risk and streamlines day-to-day work.
Closing Security, Efficiency, and Operational Gaps
The collaboration between Deloitte and Twine Security enables the development of a long-term identity management strategy built for the era of Cloud environments, tool sprawl, and AI-based threats. Combining consulting expertise with autonomous technology enables organizations to build flexible and effective frameworks while reducing risk and human error.
Lior Kalev, Partner and Head of the Cyber Center at Deloitte Israel, explains that to stay ahead of tomorrow's cyber threats, organizations need a combination of deep advisory expertise, business understanding, and advanced AI capabilities. Partnering with innovative cybersecurity companies makes it possible to implement AI-driven processes that deliver real value for customers.
The transition to Agentic AI provides the foundation for effective protection of digital identities and for building organizational resilience. This is the beginning of a new path in identity management in the cyber world.
*An original version of this article was first published in People & Computers.
