What is runtime identity security?
By Identra · Updated
Runtime identity security is the practice of protecting human, machine, and AI agent identities while their access is actively being exercised: during live sessions, API calls, and agent actions. It complements posture management and controls such as IAM, PAM, and JIT by monitoring and constraining what an authenticated identity actually does after login.
Key numbers
- Stolen credentials were the most common initial access vector, involved in 22% of breaches (Verizon Data Breach Investigations Report, 2025)
- Machine identities outnumber human identities 82 to 1 in the average organization (CyberArk Identity Security Landscape, 2025)
- Breaches that start with stolen credentials take roughly 246 days on average to identify and contain (IBM Cost of a Data Breach Report, 2025)
The grant-vs-spend gap
Most identity security effort concentrates on the moment access is granted: authentication, role assignment, entitlement reviews, just-in-time elevation. Those controls decide who gets in the door. They say nothing about what happens once the door closes.
After authentication, a session, token, or API key becomes a bearer of trust that is spent action by action. A grant is a one-time decision; spending is continuous. The gap between the two is where most identity-driven breaches live, because a stolen credential or hijacked session passes every grant-time check by design.
The data reflects this. Stolen credentials were the most common way into breached organizations, involved in 22% of breaches per the Verizon 2025 Data Breach Investigations Report, and IBM's 2025 Cost of a Data Breach Report puts the average time to identify and contain a credential-initiated breach at roughly 246 days. Attackers are not breaking authentication; they are logging in and then operating unobserved.
Runtime identity security closes that gap by moving the control point from the grant to the spend: evaluating, recording, and constraining each use of access while it happens.
What does runtime identity security cover?
Runtime identity security is defined by when it acts, not by a single technology. Any control that observes or constrains an authenticated identity mid-session belongs to it. In practice that includes:
- Live session monitoring: tracking what a human, service account, or agent actually does after login, not just that it logged in
- Per-action authorization: evaluating each sensitive operation against policy and context at the moment it is attempted
- Credential and token use analysis: detecting a key or token used from a new place, at a new rate, or against new resources
- Anomaly response inside the session: step-up authentication, scope reduction, or termination without waiting for the next login
- Mid-session revocation: killing tokens, sessions, and agent runs immediately when trust changes, rather than at expiry
- AI agent action control: checking that an autonomous agent's individual actions stay within its delegated intent
Runtime identity security vs ISPM vs ITDR
Two adjacent categories are often confused with runtime identity security, and the distinction is mostly about timing.
Identity security posture management (ISPM) works on static state: it scans directories, entitlements, and configurations to find risky conditions such as unused admin accounts, stale keys, or missing MFA. It reduces the odds of a breach but does not watch access being used.
Identity threat detection and response (ITDR) works after signs of compromise: it detects attacks against identity systems and accounts, then drives investigation and response. It is closer to runtime than ISPM, and modern ITDR products can contain threats in near real time, but the discipline is oriented around detecting and responding to compromise rather than evaluating every action in the live path.
Runtime identity security sits in between and in front: it is present in the live path of access, so it can prevent or interrupt misuse per action, not just report risky configuration before the fact or reconstruct an attack after it.
| Discipline | When it acts | Question it answers |
|---|---|---|
| ISPM | Before access is used (static posture) | Which identities and entitlements are risky right now on paper? |
| ITDR | After compromise indicators appear | Is an identity or the identity infrastructure under attack, and how do we respond? |
| Runtime identity security | While access is being exercised | Is this specific action, by this identity, in this session, legitimate, and should it proceed? |
Why non-human and AI agent identities force the issue
Grant-time controls were designed for humans: a person authenticates a few times a day, can answer an MFA prompt, and has a manager who can review their access quarterly. Machine identities break every one of those assumptions, and they now outnumber humans 82 to 1 according to CyberArk's 2025 Identity Security Landscape.
A service account or workload identity authenticates thousands of times an hour, cannot respond to a challenge, and often holds standing credentials that no one rotates. Runtime is where its behavior can most meaningfully be judged, because its grant is effectively permanent.
AI agents sharpen the problem further. An agent is granted broad access up front, then decides at execution time which specific actions to take. The grant cannot enumerate those actions in advance, so the delegation is only meaningful if something checks each action as it happens. For agents, runtime is not just one layer of defense; it is where delegated intent and actual behavior can be compared directly.
How runtime identity security works in practice
Implementations vary, but runtime programs share a few mechanics: an inline or near-inline vantage point on identity activity (proxies, agents, eBPF sensors, identity provider and cloud log streams), deterministic policy alongside a behavioral baseline per identity, and an enforcement path that can act inside the session. Behavioral anomaly detection is one signal among several; attestation, provenance, endpoint, process, and network evidence carry weight alongside it.
Continuous access evaluation is the connective tissue. Instead of trusting a token until it expires, the system re-evaluates trust as signals change: a new source IP, an unusual resource, a burst of privileged calls, a revoked delegation. When trust drops, the response is proportional, from logging, to step-up, to scope reduction, to killing the session or the agent run.
One honest caveat: runtime identity security is an emerging term, not a settled analyst category, and the framing in this entry is the one Identra proposes. Vendors and analysts slice the space differently: PAM suites can include live session monitoring and control, some ITDR products contain threats in real time, and zero trust architectures evaluate access per request. When evaluating claims, the useful test is simple: can the control see and stop an individual action by an already-authenticated identity? If not, it is a posture or provisioning control wearing runtime language.
What does a runtime failure look like?
A hypothetical example, assembled from patterns that recur across real incidents. A platform team runs a CI pipeline that deploys to the cloud using a long-lived provider key. The key was created three years ago, works perfectly, and appears in a build log that the pipeline uploads to a shared artifact store. That log is the leak: secret sprawl means the key now lives somewhere no vault governs, and eventually someone outside the organization reads it.
Now walk the attacker's path through the existing control stack. Authentication: the key is valid, so every call succeeds. MFA: API keys cannot be challenged. Posture: the ISPM scan flagged the key as aged months ago, but the rotation ticket is still in a backlog. ITDR: there is no failed login, no password spray, no suspicious console session, because there is no login at all. The attacker simply starts making API calls with a credential that is supposed to be making API calls.
The behavior, though, is nothing like the pipeline's. The key has only ever called deployment APIs from one CI network range, on weekday build schedules. Now it is enumerating storage buckets it has never touched, from a hosting provider it has never used, at a sustained rate no build job produces. Then come snapshot exports. Every one of those calls is individually authorized, and collectively they are an exfiltration.
A runtime control point changes the outcome at the first divergence, not the last. The initial call to a never-before-used API from a never-before-seen network is enough to drop trust: quarantine the key to its historical scope, alert with the full action trail, and force re-issuance through the pipeline's normal path. The blast radius shrinks from an unnoticed months-long compromise, the kind reflected in the 246-day figure above, to a few denied calls and a rotation. Nothing about the grant had to be wrong for the spend to be catastrophic; that is the whole argument for watching the spend.
How do you implement runtime identity security?
Runtime programs fail when they start with detection everywhere and enforcement nowhere. A workable sequence starts narrow, proves the enforcement path, and widens from there.
- Inventory and rank by blast radius: enumerate human, non-human, and agent identities, then rank by what each could do if misused. CIEM output and cloud entitlement data are good inputs; the top of the list, not the whole list, is your starting scope
- Establish a vantage point: collect identity provider events, cloud audit logs, API gateway traffic, and where needed inline sensors, into one stream keyed by identity. If you cannot attribute an action to a specific identity, you cannot enforce against it
- Baseline before you judge: let each in-scope identity accumulate a behavioral profile, including the APIs it calls, the networks it calls from, its rate and rhythm. Machines baseline fast because they are regular; humans take longer and need looser bands
- Prove revocation works before you need it: verify, in a drill, that you can actually kill a session, invalidate a token, and halt an agent run mid-execution. Ephemeral credentials make this dramatically easier, because short-lived trust expires on its own
- Write proportional policy: map signal severity to response, from log, to step-up, to scope reduction, to termination. Policies that only know how to block get disabled after their first false positive
- Run monitor-only first, then enforce on the highest-confidence signals: first-use-of-new-API by a machine identity is a safe early enforcement trigger; unusual working hours for a human is not
- Extend to agents last but deliberately: wire per-action checks into agent tool calls through guardrails and the MCP layer, so each action an agent takes is evaluated against its delegated intent, not just its credential
Common mistakes in runtime identity programs
Most runtime initiatives that stall share a handful of recognizable failure modes, and almost all of them reduce to building detection while calling it enforcement.
The first is treating an alert queue as a control. Routing anomalies to a SIEM dashboard that a human reviews the next morning is detection with a runtime data source, not runtime security. The defining test from earlier in this entry applies: if nothing in the path can stop the action, the action was never controlled.
The second is baselining only humans. Human sessions are the familiar surface, but service accounts and workloads are both the majority of the population and the better-behaved subjects: their regularity makes anomalies sharp and enforcement safe. Programs that start with humans inherit the noisiest baselines and the highest false-positive risk, then lose organizational patience before reaching the identities where runtime works best.
The third is trusting expiry as revocation. A bearer token is honored until it expires, and a stolen one does not care that you noticed the theft, which is the core mechanic behind token theft. If your only revocation lever is waiting out a TTL measured in hours, you have a runtime observation capability attached to a grant-time enforcement model.
The fourth is stopping at the human who launched the agent. Watching the employee's session while their agent makes hundreds of tool calls under delegated authority misses the layer where excessive agency actually plays out, and where a confused deputy quietly launders an attacker's intent through legitimate credentials. The agent's actions, not the launcher's session, are the runtime surface that matters.
The mechanics of mid-session revocation
Revocation sounds like a button, but in most architectures it is the hardest part of runtime identity security, because bearer tokens were designed to be validated locally and trusted until expiry. A resource server checking a signed token's signature and expiry never asks the issuer whether trust still holds, so by default there is no channel through which a mid-session decision can travel.
Practical implementations close that channel in one of three ways. The first is shortening the window: issue ephemeral credentials with lifetimes of minutes, so revocation converges with expiry and standing trust approaches zero. The second is introspection: resource servers or gateways check token status against the issuer on sensitive calls, trading latency for the ability to honor a kill decision immediately. The third is signal push, the continuous access evaluation pattern, where the identity provider notifies resource providers of trust changes such as revocation, network change, or risk elevation, and sessions are re-evaluated in near real time rather than at the next token refresh.
Chokepoints make all three easier. A proxy, gateway, or broker that sits in the request path can enforce a revocation decision without every downstream service needing to participate, which is why runtime architectures gravitate toward the same inline positions that zero trust network designs use. The trade-off is honest: inline components add latency and become availability dependencies, and every organization has to decide which actions justify that cost. The useful discipline is to reserve inline evaluation for the actions whose misuse is irreversible, such as data export, privilege change, credential issuance, and destructive operations, and let cheaper asynchronous evaluation cover the rest.
How Identra thinks about it
The industry has spent two decades perfecting the front door while breaches moved inside the house. Grants, vaults, and posture scans all matter, but they share a blind spot: they stop looking exactly when trust starts being spent. As non-human identities dominate the population and AI agents begin taking consequential actions no human enumerated in advance, the moment of action becomes the only control point that scales. Runtime should be the default plane of identity enforcement, with grant-time and posture controls feeding it, not the other way around.
Go deeper: The Non-Human Majority
Frequently asked questions
What is the difference between runtime identity security and ITDR?
ITDR spots attacks against identity systems and accounts after compromise indicators appear, then drives investigation and response; modern ITDR products can also contain threats in near real time. Runtime identity security sits in the live path of access, evaluating individual actions by already-authenticated identities as they happen, so it can interrupt misuse per action rather than reconstructing an attack from alerts and forensics afterward.
Why is authentication not enough to secure identities?
Authentication is a one-time decision at the door, but a session, token, or API key spends trust continuously afterward. Stolen credentials pass every login check by design, which is why they featured in 22% of breaches and take roughly 246 days to identify and contain. What happens after login is where most identity-driven breaches actually live.
How does runtime identity security apply to AI agents?
An agent receives broad access up front but decides at execution time which specific actions to take, so no grant can enumerate its behavior in advance. Runtime controls compare each tool call and credential use against the agent's delegated intent, and can reduce scope or kill the run when behavior diverges. For agents, runtime is where intent and action meet.
What is continuous access evaluation?
Continuous access evaluation re-checks trust throughout a session instead of trusting a token until it expires. As signals change, such as a new source IP, an unusual resource, a burst of privileged calls, or a revoked delegation, the system responds proportionally: logging, step-up authentication, scope reduction, or immediate termination of the session, token, or agent run.
