Webinar Description
Key Takeaways
- Explores the concept of Runtime Identity, a paradigm shift from login-time verification to continuous, action-based trust assessment
- Addresses security vulnerabilities inherent in traditional session-based authentication models
- Examines identity management challenges posed by autonomous AI agents operating within enterprise environments
- Targets enterprise security leaders, identity specialists and IT decision-makers in regulated industries
- Presented by Ping Identity CEO Andre Durand as an executive-level thought leadership session
Introduction
The virtual event “Actions, Not Access: The Shift to Runtime Identity” presents a fundamental rethinking of how enterprises approach digital identity verification. Hosted by Ping Identity with CEO Andre Durand delivering the presentation, the session targets security professionals, identity specialists and enterprise architects grappling with the limitations of conventional authentication models. At its core, the event examines why verifying user identity at login—and then trusting that session indefinitely—creates significant security gaps in environments where AI agents operate autonomously and cyber attackers increasingly exploit legitimate credentials rather than breaking through perimeter defences.
The timing reflects broader industry concerns about identity-based attacks, which have become the dominant vector for enterprise breaches. As organisations accelerate their adoption of agentic AI systems capable of taking autonomous actions, the question of when and how to verify trust becomes considerably more complex than traditional identity and access management frameworks were designed to address.
About This Event
The webinar is structured as an executive-level thought leadership presentation, with multiple session times available to accommodate global audiences. Recordings will be accessible for those unable to attend live sessions. The format prioritises conceptual depth over product demonstration, positioning the discussion as an educational exploration of emerging identity management principles rather than a technical walkthrough.
Andre Durand’s involvement as presenter signals the strategic importance Ping Identity places on the Runtime Identity concept. As a long-standing figure in the identity management space, Durand brings historical perspective on how the discipline has evolved from simple directory services through federated identity to the current inflection point driven by AI and persistent threat actors.
The Limitations of Login-Time Trust
Traditional identity verification operates on a straightforward premise: authenticate the user at login, establish a session, and trust subsequent actions within that session until it expires or the user logs out. This model emerged when human users performed discrete tasks at workstations, network perimeters were clearly defined, and the primary threat model assumed attackers would attempt to breach authentication rather than operate within it.
Contemporary enterprise environments have rendered these assumptions increasingly problematic. Users interact continuously across multiple applications and services. Sessions persist for extended periods. Most critically, attackers have adapted their techniques to focus on credential theft, session hijacking and privilege escalation—methods that allow them to operate as authenticated users rather than external intruders. Security teams face the uncomfortable reality that a significant proportion of breaches now involve adversaries who have logged in with valid credentials, making them indistinguishable from legitimate users under traditional verification models.
Autonomous Agents and the Trust Verification Challenge
The emergence of AI agents capable of autonomous action introduces additional complexity that the event addresses directly. Unlike human users who perform tasks sequentially with natural pauses, AI agents can execute numerous actions in rapid succession, access multiple systems simultaneously, and operate continuously without the behavioural patterns that security teams have historically used to identify anomalous activity.
When an AI agent acts on behalf of a user or organisation, questions arise that traditional identity frameworks struggle to answer. Should the agent inherit the full permissions of the user who deployed it? How should trust be evaluated when the agent’s actions diverge from typical human behaviour? What happens when an agent’s credentials are compromised, potentially allowing an attacker to operate at machine speed across enterprise systems?
The concept of the “agentic enterprise”—organisations where AI agents perform substantial operational functions—requires identity systems capable of evaluating trust contextually and continuously rather than relying on initial authentication as a proxy for ongoing legitimacy.
Runtime Identity as a Continuous Trust Model
The Runtime Identity framework presented in the event reconceptualises identity verification as an ongoing process rather than a discrete event. Under this model, trust is not established once and assumed thereafter; instead, each action triggers an evaluation that considers contextual factors, behavioural patterns, risk indicators and policy requirements before permitting execution.
This approach positions identity infrastructure as what the event terms a “trust broker”—an intermediary that continuously mediates between users, agents and resources based on real-time risk assessment. The shift carries significant architectural implications, requiring identity systems to operate with minimal latency while processing substantially more verification events than traditional login-focused models.
The practical benefits extend beyond security improvement. Organisations implementing continuous verification can potentially enable more permissive access policies for low-risk actions while applying stricter controls dynamically when risk indicators elevate. This granularity allows security teams to balance protection against operational friction more precisely than binary allow-or-deny models permit.
Industry Context and Regulatory Considerations
The shift toward continuous identity verification aligns with broader regulatory and compliance trends affecting enterprises in finance, healthcare, technology and other regulated sectors. Frameworks increasingly emphasise ongoing monitoring, least-privilege access and the ability to demonstrate that security controls operate continuously rather than at point-in-time checkpoints.
Zero trust architecture principles, which have gained substantial traction across industries, share conceptual foundations with Runtime Identity. Both reject implicit trust based on network location or prior authentication, instead requiring continuous verification. Runtime Identity extends these principles specifically to the identity layer, addressing how trust decisions should be made at the moment of action rather than delegated to session-based assumptions.
Who Should Attend
The event is designed for security and IT leaders responsible for identity strategy, including Chief Information Security Officers, Chief Information Officers, IT Directors and Security Architects. Identity and access management specialists seeking to understand emerging paradigms will find the conceptual framework directly relevant to their discipline. Enterprise architects evaluating how identity infrastructure must evolve to support AI-driven operations represent another core audience segment.
Executives and decision-makers in organisations operating within regulated industries or facing elevated threat profiles may find particular value in understanding how continuous identity verification addresses compliance requirements and risk management objectives simultaneously. The presentation’s executive-level positioning suggests accessibility for attendees seeking strategic understanding rather than implementation-level technical detail.
Conclusion
As enterprises deploy autonomous AI agents and face adversaries who increasingly operate within authenticated sessions, the foundational assumptions of traditional identity management warrant re-examination. The Runtime Identity concept offers a framework for thinking about trust as continuous and contextual rather than binary and static. For security leaders navigating the intersection of AI adoption and persistent cyber threats, the principles explored in this event address questions that will likely define identity architecture decisions for the coming years.

