u/Only_Helicopter_8127

We have a meaningful returning user base that has to go through identity verification again when they come back after a gap or access a new product line. The drop-off at that step is something we have been trying to solve for a year.

Reusable digital identity keeps coming up as the answer in vendor conversations. The pitch is that a user verifies once and that credential can be reused across platforms and sessions without repeating the full document and biometric flow.

What I cannot get a clean answer on:

• If the original credential comes from a different platform, how does our compliance layer treat it and who decides if it meets our standard?
• What happens when the credential needs to be refreshed, does the friction just move to that moment instead?
• Who owns the liability if a reused credential was originally issued against a fraudulent identity?

Trying to understand if this solves the problem or relocates it.

The attack pattern is straightforward: an AI agent reads internal documents, emails, or support tickets as part of a legitimate workflow. Malicious instructions are embedded in that content then agent follows them.

We have been thinking about this as a theoretical problem but we reproduced it in our own environment last week in under an hour. The agent was pulling context from a shared doc to summarize customer feedback, someone embedded an instruction in a doc comment. The agent followed it.

The gap is that traditional security tooling inspects traffic and files, not the semantic content of what an AI agent is processing. By the time something surfaces in a log, the action has already been taken.

What does the actual defense posture look like for those that have deployed agents in production workflows? Runtime policy enforcement, output filtering, sandboxing agent capabilities, Or are most orgs operating on trust right now?