Identity-Aware AI Security
Fine-grained identity context — not coarse-grained network perimeters — is the primary control plane for enterprise AI security.
Claim
The central proposition being advanced.
Fine-grained, identity-aware authorization is both necessary and sufficient as the primary security control for enterprise AI systems, superseding network-perimeter controls.
Grounds
Evidence or data supporting the claim.
Enterprise AI systems (RAG pipelines, agentic workflows, LLM gateways) operate cross-network, cross-tenant, and cross-jurisdictional boundaries. Perimeter controls cannot express the principal-resource-permission triples required to govern AI agent actions at runtime.
Warrant
The reasoning that connects grounds to claim.
When an AI agent acts on behalf of a human user, the agent's actions must be bounded by the user's own authorization context — not the network zone the agent happens to occupy. This is the central invariant of identity-aware AI security.
Backing
Support for the warrant itself.
NIST SP 800-207 (Zero Trust Architecture), OpenID Connect, SPIFFE/SPIRE, OAuth 2.0 RAR (Rich Authorization Requests), and the emerging MCP authorization draft all encode this principal: identity context propagates with the token, not the network path.
Qualifier
Conditions limiting the strength of the claim.
This claim applies to production enterprise deployments where AI agents perform actions with real data and real side-effects. Sandboxed research or internal tooling with homogeneous user populations may tolerate coarser controls.
Rebuttal
Anticipated objections and counterarguments.
Critics argue that identity-aware enforcement adds latency, implementation complexity, and key-management overhead that may not be justified at early AI maturity levels. The counter is that deferred identity controls create technical debt that is orders of magnitude more expensive to retrofit.