2025 was the year AI went mainstream. Across industries, autonomous agents began shaping decisions and managing workflows at an unprecedented scale. Yet as AI gained speed, most organisations were still defending themselves with static, human-centric tools designed for a simpler threat landscape.
Forrester’s 2025 IAM outlook for APAC notes that machine identities have become the region’s fastest-growing and most vulnerable attack surface, accelerated by cloud-native architectures and the adoption of generative and agentic AI. As enterprises accelerate AI adoption, the challenge ahead is no longer whether they can innovate but whether they can do so securely.
In 2026 and beyond, we enter a new era that we define as adaptive identity, an evolution of identity security designed for the realities of AI. Identity management will no longer act as a passive gatekeeper. It will become a living, adaptive layer that continuously learns, decides, and acts across every human, machine, and AI interaction.
Why identity security must evolve
For decades, identity systems were built around predictable, human-driven patterns: employees with fixed roles, periodic reviews, manual approvals, and static policies that changed only when people changed roles.
AI agents can make thousands of decisions a minute. Machine identities now outnumber human users across most enterprises. Yet many organisations still rely on scheduled certifications, rigid role models, and siloed tools that offer limited visibility into how identities interact across systems.
See also: Asia Pacific’s AI scale-up will put cyber resilience to the test
Static frameworks cannot detect when an AI agent begins accessing new datasets, when a machine account inherits excessive privileges, or when a digital identity behaves differently outside of expected norms. They leave organisations governing dynamic, autonomous systems with tools built for fixed, human-centric workflows.
Adaptive identity unifies identity, data and security to continuously evaluate and govern every identity. Instead of enforcing security after the fact, Adaptive Identity embeds governance directly into the flow of work, ensuring that access aligns with intent and real-world risk at all times, delivering identity security that is unified, intelligent and adaptive by design.
A growing gap in governance
See also: Why traditional identity checks are falling short in Asia Pacific’s digital economy
AI adoption is growing faster than governance. Our research shows 82% of companies now utilise AI agents but many still lack clear accountability for their AI agents, including who owns them, what data they access, and how their actions are audited.
At the same time, data sovereignty laws are tightening across Asia. In Indonesia, the Personal Data Protection (PDP) Law requires businesses to localise sensitive data and strengthen cross-border protection. In Vietnam, the upcoming AI Law highlights digital sovereignty and local AI infrastructure management.
By 2028, AI agents are expected to make about 15% of business decisions globally, yet fewer than four in ten organisations govern non-human identities effectively. Without adaptive governance, enterprises risk data exposure, compliance breaches, and stalled innovation.
Building the intelligent control layer for trusted AI
Traditional tools such as Privileged Access Management (PAM) or Cloud Infrastructure Entitlement Management (CIEM), each address fragments of the problem, but they cannot govern the full spectrum of human, machine, and AI identities. Adaptive identity centralises this intelligence to provide a unified control layer that enables real-time prevention, detection, and response.
This approach governs AI agents through clear accountability and lifecycle management, reduces standing privilege by enforcing just-in-time and context-based access, and provides deep visibility through identity graphs that expose relationships and anomalies across human and non-human identities. With real-time threat signals informing access decisions, adaptive identity becomes an intelligent defence layer that scales with the pace of innovation.
Breaking down the barriers
To stay ahead of the latest tech trends, click here for DigitalEdge Section
While the vision is clear, execution requires both mindset and collaboration. Many still view identity as an IT function rather than a business enabler. Fragmented ownership between security, compliance, and IT slows progress, while short-term budget pressures often delay investment in advanced identity security platforms.
To prepare for this new era, enterprises should begin by mapping every identity, human and non-human, and automating discovery, certification, and access control. Continuous governance must also align with evolving regional compliance standards as AI becomes deeply embedded in operations. Breaking down silos is equally critical. Adaptive Identity thrives on collaboration, where every function – from IT to compliance to the C-suite – operates from a single source of truth.
As we move into 2026 and beyond, enterprises that adopt adaptive identity will lead with confidence, innovation, and trust. It is the way forward that will define the next era of enterprise security: security that moves as fast as the enterprise it protects.
Eric Kong is the GVP for Asean at SailPoint.
