Webinar Description
Key Takeaways
- Explores securing actions performed by AI agents, digital wallets and automated workflows rather than focusing solely on user authentication
- Examines FIDO passkeys, hardware-backed signing and just-in-time credential access as mechanisms for high-assurance security
- Addresses delegation, attribution and auditing challenges when AI agents act on behalf of users
- Relevant for security leaders, identity architects and developers working with AI-driven automation
- Hosted by Yubico in collaboration with SIROS Foundation and 1Password
Introduction
“Beyond the Login: Securing Trusted Actions and AI Workflows with Passkeys” is a virtual event examining how organisations can extend security controls beyond initial authentication to encompass the actions performed by users, AI agents and automated systems. Hosted by Yubico in collaboration with SIROS Foundation and 1Password, the session targets security leaders, identity architects and developers grappling with the complexities of AI-driven workflows and digital credential management. The timing reflects growing industry concern that traditional identity and access management frameworks were not designed for environments where autonomous agents perform sensitive operations on behalf of human users.
About This Event
This virtual panel discussion brings together perspectives from three organisations working at the intersection of authentication, identity infrastructure and credential management. The webinar format allows for technical depth while remaining accessible to both executive and practitioner audiences. Rather than focusing narrowly on product capabilities, the session positions itself as an exploration of emerging architectural patterns for securing automated workflows as standards and platform capabilities continue to mature.
Shifting Security Focus from Authentication to Action
The central premise of this event challenges a fundamental assumption in identity security: that verifying who someone is at login provides sufficient assurance for subsequent actions. In environments where AI agents execute multi-step workflows, make decisions and interact with external systems, the moment of authentication becomes increasingly disconnected from the moment of action. An agent authenticated hours earlier may perform sensitive operations long after the initial credential verification, raising questions about whether that authorisation remains valid and appropriate.
This shift requires security models that can evaluate and authorise individual actions rather than relying solely on session-based trust. The event explores how cryptographic proofs, hardware-backed signing and just-in-time credential access can provide continuous assurance throughout a workflow rather than front-loading all trust decisions at the point of login.
FIDO Passkeys and Hardware-Backed Security
FIDO passkeys represent a significant evolution in authentication technology, eliminating shared secrets and providing phishing-resistant verification through public key cryptography. The event examines how passkey infrastructure can extend beyond simple login scenarios to support action-level authorisation. When combined with hardware security modules such as the YubiKey 5.8, organisations gain cryptographic assurance that specific actions were authorised by specific keys at specific times.
Hardware-backed signing addresses a persistent challenge in distributed systems: proving that an action originated from a trusted source rather than a compromised software component. By anchoring signing operations to physical hardware, organisations create audit trails with stronger non-repudiation properties. This becomes particularly valuable when AI agents perform actions that may later require attribution or investigation.
Securing AI Agent Workflows
AI agents present novel security challenges that existing identity frameworks struggle to address. Unlike human users who authenticate interactively and perform discrete actions, AI agents may operate continuously, chain multiple operations together and make autonomous decisions about which systems to access. Traditional federation models assume human involvement at key decision points, an assumption that breaks down when agents operate independently.
The event explores approaches for granting AI agents access that is both just-in-time and tightly scoped to specific tasks. Rather than providing broad permissions that persist indefinitely, these models issue short-lived credentials for particular operations, reducing the blast radius if an agent is compromised or behaves unexpectedly. This pattern aligns with zero trust principles while acknowledging the practical reality that AI agents need sufficient access to perform useful work.
Delegation and attribution emerge as critical concerns in this context. When an AI agent acts on behalf of a user, organisations need clear mechanisms for tracking which human authorised which action, even when the agent made intermediate decisions autonomously. Without robust attribution, audit trails become unreliable and accountability becomes difficult to establish.
Digital Wallet Infrastructure and Compound Identity
Digital wallets are evolving from simple credential storage into active participants in identity and authorisation workflows. The event examines how wallet infrastructure can support compound identity scenarios where multiple credentials, attestations and proofs combine to authorise specific actions. This approach moves beyond binary authentication decisions toward richer authorisation models that consider context, purpose and scope.
Cryptographic proofs enable selective disclosure, allowing entities to demonstrate specific attributes without revealing unnecessary information. An AI agent might prove it is authorised to access a particular resource without exposing the full scope of its permissions or the identity of the human who delegated authority. These privacy-preserving techniques become increasingly important as automated systems interact across organisational boundaries.
Limitations of Current Identity Models
Existing identity and federation standards were designed primarily for human users accessing web applications through browsers. These models assume interactive authentication, relatively long session durations and human judgment at decision points. AI agents and automated workflows challenge each of these assumptions, exposing gaps in current standards and implementations.
Federation protocols like SAML and OIDC excel at establishing identity across organisational boundaries but provide limited mechanisms for delegating specific capabilities or constraining the scope of delegated access. The event discusses how emerging approaches might address these limitations while maintaining interoperability with existing infrastructure.
Who Should Attend
This event is designed for practitioners and decision-makers responsible for securing environments where AI and automation play significant roles. Security leaders evaluating how AI adoption affects their risk posture will find relevant strategic context. Identity architects designing systems that must accommodate both human users and AI agents will encounter practical architectural considerations. Developers building AI-powered applications will gain insight into emerging patterns for credential management and action authorisation.
The content assumes familiarity with identity and access management concepts, making it most valuable for those with existing expertise in authentication, federation or application security. Organisations in sectors with stringent compliance requirements, including financial services and healthcare, may find particular relevance given the emphasis on attribution and audit capabilities.
Industry Context
The rapid deployment of AI agents across enterprise environments has outpaced the development of security frameworks designed specifically for autonomous systems. Organisations are adapting existing identity infrastructure to accommodate AI workloads, often discovering that assumptions embedded in those systems create unexpected vulnerabilities or operational friction. The industry is actively developing new standards and best practices, but consensus remains elusive on many fundamental questions about how AI agents should be identified, authorised and audited.
Meanwhile, passkey adoption continues to accelerate as major platform vendors integrate FIDO standards into operating systems and browsers. This expanding infrastructure creates opportunities to apply passkey-based security to new use cases beyond traditional user authentication, including the action-level authorisation scenarios explored in this event.

