Co-authored with Naveen Kaul, IBM Consulting, partner and global IAM leader, IBM
Across industries, organizations are entering a new era of productivity powered by AI agents – systems capable of analyzing data, executing workflows and making decisions at unprecedented speed. From financial operations to software development and enterprise knowledge management, AI is becoming a digital workforce that can operate alongside humans. But as automation accelerates, these threats expose a dangerous possibility that an AI agent operating with valid credentials could execute high-risk actions at machine speed, without meaningful human oversight.
This brings an important question for leaders across technology, finance and risk: How do we ensure automation moves at machine speed without compromising trust, governance or accountability?
The answer lies in a new model of Human-in-the-Loop authorization – one that allows AI to act autonomously in most cases, but requires cryptographically verified human approval when the stakes are high. We’re excited to partner with IBM and Auth0, forming a powerful partnership to secure agentic applications and harness the power of AI while ensuring trust and governance for high-risk actions. Together, we ensure that products are secure by design so teams can move AI agents from pilot to production with confidence – solving the ‘autonomy vs. accountability’ gap through Asynchronous Authorization, using Human-in-the-Loop approvals to bridge that final mile of trust.
AI agents as ‘Digital Workers’: The power and risk of agentic AI
AI agents are no longer limited to answering questions – they can take action across enterprise systems. Imagine the possibilities this brings organizations:
- Developers using AI agents to write, review and deploy code across large software environments
- Treasury teams using AI to analyze liquidity and initiate financial transfers across global accounts
- Legal and compliance teams accessing sensitive internal documents through AI-powered workflows
- Procurement systems automatically approving vendors and executing payments
- Security teams using AI to orchestrate incident response across multiple systems
These capabilities promise dramatic improvements in speed, productivity and decision-making – but they also introduce a new challenge. AI agents are becoming what security leaders call “digital workers.” They operate with legitimate credentials, interact with sensitive systems and increasingly have the authority to execute real actions.
This raises a fundamental governance question: How do organizations prove that the right human intervened or authorized critical decisions made by AI?
Speed without trust becomes a liability
The cyber threat landscape showcases the growing security pressure facing organizations adopting AI-driven workflows:
- 87% of organizations reported that the risk associated with AI vulnerabilities has increased
- 85% of security professionals feel that traditional detection approaches are obsolete
- 77% of organizations lack foundational data and AI security practices
The risks that automation brings to specific groups is widespread, impacting individuals across an organization. As we consider these risks, there are a few important implications:
- In financial systems, that could mean increased fraud with unauthorized transfers.
- In development environments, it could mean untested code entering production Or, if a developer uses agents to write and deploy code at scale, risks include the accidental deletion of a production environment.
- In enterprise knowledge systems, it could mean extraction of sensitive data.
Traditional identity systems were never designed for this model because they assume a simple flow:
Human authenticates and authorized → system grants access → action occurs
But when AI agents act autonomously, the identity layer must answer a more complex question: Who authorized the action, and can we prove it?
| IBM Institute for Business Value — The Scale of the Problem “AI agents are set to revolutionize enterprise productivity, but the very benefits of AI agents can also present a challenge. When these autonomous systems aren’t properly governed or secured, they can carry steep consequences.” — Ritika Gunnar, general manager, data and AI, IBM (June 2025) |
The ‘Human-in-the-Loop’ model: A powerful new architecture for trusted AI
The solution is not to slow down AI or require humans to approve every action. Instead, organizations must identify specific categories of actions where human authorization is required. For example:
- Financial transfers above a defined threshold
- Transactions involving new counterparties
- Access to highly sensitive documents or intellectual property
- Deployment of production code in critical systems
- Security actions that could affect system availability
In these cases, human authorization becomes a structural control – not a workflow preference. And it must be enforced cryptographically, not simply recorded in logs after the fact.
This is where the collaboration between IBM, Auth0 and Yubico establishes a powerful model for governing agentic AI systems. Together, these technologies create a workflow that combines AI speed with human accountability. This capability unlocks countless new enterprise use cases and frees up a wide range of personas who can achieve superhuman levels of productivity and efficiency without undermining the integrity of a process and outcome.
- IBM brings AI Intelligence to the forefront and drives efficient workflows
- IBM’s WatsonX AI agents analyze data, reason through tasks, and propose actions within enterprise workflows. Each action flows through a policy-driven consent engine that evaluates whether additional authorization is required. For routine operations, the AI proceeds automatically and for high-risk actions, the system escalates.
- IBM’s WatsonX AI agents analyze data, reason through tasks, and propose actions within enterprise workflows. Each action flows through a policy-driven consent engine that evaluates whether additional authorization is required. For routine operations, the AI proceeds automatically and for high-risk actions, the system escalates.
- Auth0 enables identity orchestration for better decisions and outcomes
- When escalation occurs, Auth0’s identity orchestration layer initiates a secure approval flow using the Client-Initiated Backchannel Authentication (CIBA) standard. This process sends a secure, out-of-band request directly to the authorized human decision maker. The request includes rich authorization details, such as “Approve $500,000 transfer to Vendor X.” The decision maker can review the request and approve or reject the action.
- When escalation occurs, Auth0’s identity orchestration layer initiates a secure approval flow using the Client-Initiated Backchannel Authentication (CIBA) standard. This process sends a secure, out-of-band request directly to the authorized human decision maker. The request includes rich authorization details, such as “Approve $500,000 transfer to Vendor X.” The decision maker can review the request and approve or reject the action.
- Yubico delivers the hardware-backed root of trust, ensuring the right human is in the loop
- For the high-value, high-risk or high assurance actions, authorizations would require a trusted and authenticated human to authorize a workflow using a hardware-backed root of trust – the YubiKey. The authorized user must physically tap the key, creating cryptographic proof of presence, ensuring that:
- The approving individual is physically present
- The authorization cannot be replayed or remotely manipulated
- The approval is tied to a specific verified identity
- For the high-value, high-risk or high assurance actions, authorizations would require a trusted and authenticated human to authorize a workflow using a hardware-backed root of trust – the YubiKey. The authorized user must physically tap the key, creating cryptographic proof of presence, ensuring that:
In effect, the YubiKey becomes the final human controlled point protecting critical enterprise actions.
This creates strong guarantees for regulatory compliance, risk management, financial accountability and business continuity. Most importantly, it provides non-repudiation – the clear proof that a specific, verified human authorized the action.
Building the autonomous future securely and responsibly
The next wave of enterprise productivity will be driven by AI agents capable of acting and not just advising. They will write code, execute transactions, approve workflows and orchestrate decisions across complex systems.
And the real question facing leaders will no longer be: “Can we automate this?”
It is now: “How do we govern automation responsibly?”
By combining IBM’s AI orchestration, Auth0’s identity flows and Yubico’s hardware-backed security keys, organizations can enable AI-powered automation while ensuring that the right human remains in control and authorizes critical decisions. The result is a new foundation for the autonomous enterprise – AI operating at machine speed, secured by human trust.
If you’re attending RSAC, don’t miss our session in person or on-demand on Tuesday, March 24 at 5:00pm in the North Expo Briefing Center. Yubico and IBM will explore how to build trusted identity, achieve cyber resilience, and ensure business continuity with an efficient, secure passwordless strategy in the modern cyber age of AI-powered threats.
