Are your organization’s identity and access management protocols being updated to match the pace of AI-driven cyber threats and scams frictionlessly?
Today, customers demand seamless digital experiences amid abundant options. A single flawed login, unnecessary verification step, or untrustworthy interface can result in user abandonment, often permanently, according to some customer satisfaction surveys.
Users remain highly aware of privacy and security risks, driven by frequent data breach exposures. The average user encounters such threats regularly. In Singapore, the nation’s Personal Data Protection Commission (PDPC) had issued a report revealing ransomware breaches affecting over 14,477 individuals in early 2025, stemming from exploited administrative accounts, inadequate access controls, and weak password security.
For the rest of the year, PDPC had documented similar incidents, with affected counts reaching hundreds of thousands across cases involving ransomware variants that bypassed basic protections. Other data protection agencies in the region have released similarly concerning statistics.
In the perspective of business and most other web strategies, seamless user experience (UX) and data security can constitute conflicting priorities. To address this authentication challenge gap, robust identity and access management (IAM) strategies can be implemented for both human users and AI agents.
Bridging UX and security gaps
Security and UX need not conflict as a zero-sum dynamic. Password reliance exposes vulnerabilities through cracking or reuse; excessive security frustrates users, leading to forgotten credentials or abandoned transactions.
When authentication systems fail to integrate UX and security effectively, the result is the erosion of trust. Amid rising AI-driven threats such as deepfakes and sophisticated phishing campaigns, the exploitation of human and system weaknesses widens the trust gap even further.
As agentic AI becomes more widespread, organizations will need to be vigilant about managing unique credentials, scoped permissions, and oversight for safe operation. Without these, agents risk prompt injection, over-privileged access, or unintended data exfiltration.
Harmonizing UX and security
Security integrated early in design reduces later friction from retrofitted measures. Other benefits include:
- Contextual friction will be accepted as necessary: bank customers expect added steps for large transfers to prevent unauthorized actions
- Invisible security layers enhance seamlessness, particularly in retail where extended sessions reduce cart abandonment by minimizing interruptions
- Poor UX prompts user workarounds, such as shared credentials or bypassed controls, creating exploitable security gaps for attackers
- AI-agent security demands systems distinguish trusted agents from malicious bots, applying consistent verification principles
Strategic IAM considerations
IAM now spans IT, marketing, product, security, and support functions, requiring coordinated implementation. For example, a bank app permits smooth access on familiar devices, but verifies logins originating from new locations. Similarly, IAM streamlines authentication across user journeys without constant prompts, aligning protection with context.
However, in the agentic era, IAM has to control AI agent lifecycle management, including credential issuance, permission scoping, and continuous monitoring — to align actions with user intent and prevent escalation.
IAM protocols must adapt to fast-evolving threats such as ransomware persistence, user expectations for frictionless access, and regulations such as PDPC guidelines. This secures both human and non-human identities amid growing AI adoption.
In order to serve their intended function, IAM protocols need to be agile and nimble. And with AI agents poised to become active participants in digital ecosystems, leaders need to make sure that their IAM implementations and related access management systems are updated to secure both human and non-human identities.
