Why distinguishing humans, machines, and authority is becoming one of identity’s hardest challenges.

For most of the internet’s history, identity systems have needed to manage a mix of human users and automated actors. Service accounts, scripts, integration pipelines, and bots have long interacted with digital infrastructure alongside people.

What made this manageable was that those actors usually behaved in predictable ways. Automated systems performed defined tasks, while human users interacted through interfaces designed for people. Identity systems could distinguish between them well enough to enforce policy and detect misuse.

AI is blurring that boundary.

Large language models (LLMs) can now interact with services, generate convincing communications, automate workflows, and operate software tools with increasing sophistication. Some of these systems act under direct human supervision. Others operate with varying degrees of autonomy, executing tasks that would previously have required manual intervention.

As these capabilities expand, organizations are discovering that the challenge is no longer simply authenticating users. The challenge is determining what kind of actor is interacting with a system and whether that interaction should be trusted.

That question is quickly becoming one of the most important issues identity teams face.

When authenticity becomes harder to establish

Identity infrastructure has traditionally focused on verifying credentials and enforcing access controls. If a credential is valid and the appropriate authorization policies are satisfied, the system grants access to the requested resource.

In a world that includes AI mediation, a request to a service may originate from a human user, a traditional automated process, an AI agent acting on behalf of a user, or a malicious system generating synthetic activity at scale. In many cases, those actors authenticate successfully and interact with systems using legitimate interfaces.

The difference lies not in whether the credential is valid, but in what the credential represents and how the activity should be interpreted.

As a result, organizations increasingly rely on additional signals to determine whether an interaction should be trusted. Device posture, behavioral patterns, contextual data, and provenance information all play a role in helping systems understand the nature of an interaction.

AI raises the stakes for these signals because automated systems can mimic legitimate behavior with increasing sophistication.

The growing importance of provenance

One area receiving increased attention is the question of provenance: understanding where digital content or activity originated.

When AI systems generate content, initiate transactions, or interact with services, organizations must still maintain accountability. Someone authorized the system. Someone defined its scope of action. And someone is responsible if something goes wrong.

Without mechanisms to establish provenance, distinguishing legitimate activity from manipulation becomes significantly harder.

Identity systems are beginning to intersect more closely with technologies designed to verify the authenticity of digital artifacts, including cryptographic signatures and emerging content authenticity frameworks.

These tools are not solely about verifying the identity of a user. They are about establishing confidence in the origin and integrity of digital interactions.

The risk of invisible actors

AI also introduces new forms of fraud and abuse that can be difficult to detect through traditional controls. Synthetic identities can be created at scale, while deepfake technologies can produce convincing audio or video impersonations. Automated systems are generating activity that appears indistinguishable from legitimate user behavior.

These developments expand the attack surface for identity systems. They also force organizations to rethink how identity signals are used to detect fraud and establish trust.

The challenge goes beyond the technical to include policy, governance, and ethical considerations about how automated decision systems operate and whom they may impact.

Sessions to watch for

Several Identiverse sessions this year explore different aspects of how AI is reshaping identity systems and the ways organizations establish trust in digital environments.

Some sessions focus on the growing challenge of synthetic identity and AI-driven fraud.

• Deepfakes, Synthetic IDs, and “Invisible” Takeovers
• Deep fakes and injection attacks – Assurance and defense strategies

These discussions examine how attackers are using AI technologies to create convincing impersonations and automated attacks, and how identity systems must evolve to detect and mitigate those threats.

Other sessions examine the question of authenticity and digital provenance.

• Authenticity for a Brave New World: Using C2PA to Verify Digital Content

This session explores emerging approaches to verifying the origin and integrity of digital media—an increasingly important capability as AI-generated content becomes harder to distinguish from human-created material.

Several sessions also examine the architectural and governance implications of AI interacting with enterprise systems.

• Let’s Argue About AI Agent Identities
• Securing the AI Era: The Critical Need for Strong Identity Foundations
• Shadow AI Agents and Local LLMs: How Unmanaged AI Is Expanding the Attack Surface

These discussions explore how organizations may manage AI actors operating within enterprise environments, as well as the risks introduced by unsanctioned or poorly governed AI deployments.

Finally, identity professionals are also grappling with how AI-driven systems themselves make decisions about identity.

• Bias Is a Bug: Identity AI, Accuracy, and Harm

This session explores how machine learning systems used in identity verification and risk analysis can introduce bias or inaccuracies, and why those issues must be addressed as identity systems incorporate more AI-driven decision-making.

Together, these sessions highlight how quickly the identity conversation is expanding. Authentication remains foundational, but the broader challenge now involves establishing trust, authenticity, and accountability in environments where humans and machines increasingly operate side by side.

Identity’s expanding role

Identity has always been more than a login screen.

It sits at the intersection of security, fraud prevention, governance, and user experience. As digital ecosystems grow more interconnected, identity systems quietly determine how trust is established across organizations, platforms, and applications.

As automated actors become more capable—and more common—identity systems will increasingly determine how organizations distinguish between legitimate automation and malicious activity, how the origin of digital interactions is verified, and how accountability is maintained when software acts on behalf of people.

Those questions are still evolving; the future of identity will depend not only on verifying who someone is, but on understanding what type of actor is participating in a digital interaction and how much trust that interaction deserves.

For identity professionals, that shift opens a new and fascinating set of challenges. Let’s talk about them at Identiverse 2026!