Forrester: Agentic AI Is Now a Top IAM Trend

In its March 2025 report "The Top Trends Shaping Identity and Access Management in 2025" (RES182132, by Geoff Cairns and Andras Cser), Forrester names the rise of agentic AI as one of the trends defining the discipline for the year. The analysis positions autonomous agents in a distinct place: between machine and human identities, combining the high volume of machine identities with a degree of autonomy and real-world impact closer to human users.

The report's framing is the part worth sitting with. Agentic AI is not described as a faster service account or a smarter bot. It is described as an identity class with its own properties, and the report is direct that legacy IAM tooling cannot govern these identities effectively. The tools were built for human users, extended to service accounts as an afterthought, and are now being asked to handle entities that read, decide, and act on their own.

Our reading of this is an architecture reading, not a tooling one. The industry has spent two decades treating non-human identity as the human model with the human bits removed: no MFA, no interactive login, a longer credential lifetime. That worked, barely, for predictable service accounts. It does not work for an entity that spawns its own credentials, makes its own access decisions, and operates continuously without a person in the loop.

The implication for identity architecture is that agentic AI has to be a first-class identity type in the design, with its own lifecycle, its own scope model, its own behavioural baseline, and its own kill switch. Retrofitting agent governance onto a human-shaped IAM platform is the same mistake the industry made with service accounts, repeated at a volume and autonomy that will not forgive it. Forrester naming this a top trend is the signal to design for it now, while the agent population is small enough to govern.