Between Two COOs
AI Agents Need Logins Too: Identity, Security, and the Future of AI | Greg Keller, CTO, JumpCloud
Why It Matters
As AI agents become capable of manipulating policies and obtaining admin privileges, organizations must extend traditional identity controls to these non‑human actors. Understanding the convergence of AI and IAM helps leaders safeguard their infrastructure while leveraging AI for efficiency, making the episode crucial for any CTO, CISO, or COO navigating digital transformation.
Key Takeaways
- •AI agents can become insider threats via misused API keys
- •JumpCloud unifies identity across heterogeneous cloud and on‑prem environments
- •CTO balances technology vision, risk mitigation, and rapid product delivery
- •Synthetic AI identities need strict access controls and token management
Pulse Analysis
In the episode Greg Keller warns that AI agents are already acting as insider threats, not by hacking but by exploiting poorly managed API keys and misreading policies. When an AI system receives broad scopes, it can hallucinate actions that grant admin privileges, turning a helpful bot into a security liability. Keller stresses that traditional credential models are insufficient for autonomous agents and that token‑based authentication, with expiration and revocation controls, is essential to keep AI‑driven processes safe. Enterprises must audit AI permissions regularly to close these gaps.
Keller explains JumpCloud’s mission to replace fragmented identity solutions with a single, cloud‑native directory that works across Windows, macOS, Linux, and dozens of SaaS applications. Unlike legacy Microsoft Active Directory or single‑sign‑on‑only vendors such as Okta, JumpCloud manages both user identities and device access, providing consistent policies regardless of where resources reside. He also describes the CTO’s role as setting technical direction, anticipating future stack changes, and ensuring engineering delivers secure, scalable features without falling into chase‑mode product cycles. This unified approach reduces admin overhead and improves compliance reporting.
The conversation turns to AI‑enabled workflows, where synthetic identities—non‑human agents that consume APIs—must be governed with the same rigor as human users. Keller urges COOs and CISOs to align on AI adoption, measuring utilization, funding tools, and enforcing token‑based controls to prevent over‑privileged bots. By treating AI agents as first‑class identities, organizations can unlock efficiency gains while avoiding accidental data exposure. Keller predicts that as more services expose programmable interfaces, managing AI access will become a core component of modern security strategies. Continuous monitoring and adaptive policies will keep pace with evolving threats.
Episode Description
Get 90 days of Fellow free at Fellow.ai/coo
In this episode, Michael Koenig speaks with Greg Keller, co-founder and CTO of JumpCloud, about identity access management and why it’s becoming one of the most important operational systems in the age of AI.
Greg explains how traditional identity systems were designed for office-based companies running Microsoft infrastructure and why that model broke as companies moved to SaaS, cloud infrastructure, and remote work.
The discussion then turns to the next big shift: the rise of AI agents and synthetic identities inside organizations.
As companies deploy more AI tools, the number of machine identities may soon outnumber human employees. Managing what those systems can access will become a critical security and operational challenge.
Topics Covered
What a CTO actually does
Greg explains the different types of CTO roles and how technology leaders help companies anticipate where the market is headed.
Identity Access Management explained simply
IAM answers three core questions inside every company:
Who are you?
What can you access?
How is that access managed?
Why the old IT model broke
Traditional identity systems were built for on-premise offices and Microsoft infrastructure. Modern companies now operate across:
SaaS applications
cloud infrastructure
remote work environments
multiple operating systems
How JumpCloud approaches identity
JumpCloud was built to manage identity across devices, applications, and infrastructure regardless of platform.
Where Okta fits in the ecosystem
Okta helped modernize browser-based authentication through Single Sign-On, while JumpCloud focuses on broader identity infrastructure.
AI, Security, and Synthetic Identities
Why COOs should push AI adoption
Greg argues AI adoption is no longer optional. Companies must encourage teams to improve productivity and efficiency using AI.
The rise of synthetic identities
AI agents, bots, APIs, and service accounts are becoming new actors inside companies that require identity governance.
Bots may soon outnumber employees
Organizations will soon manage more machine identities than human ones.
AI as a potential insider threat
AI systems can become security risks if they are granted excessive permissions or misinterpret policies.
The API key governance problem
Many AI integrations rely on API keys, which are often poorly managed and can create hidden security risks.
Key Takeaway
As companies adopt AI, identity access management becomes the control layer that determines what both humans and machines are allowed to do inside the organization.
Links:
Michael on LinkedIn: https://linkedin.com/in/michael-koenig514
Greg on LinkedIn: https://www.linkedin.com/in/gregorykeller/
JumpCloud: https://jumpcloud.com/
Between Two COO’s: https://betweentwocoos.com
Episode Link: https://betweentwocoos.com/ai-agents-identity-access-greg-keller
Comments
Want to join the conversation?
Loading comments...