C1 Adds Autonomous Worker to Automate Identity Governance Tasks
C1 (formerly known as ConductorOne) this week added an autonomous artificial intelligence (AI) agent to its identity governance platform that cybersecurity teams can assign tasks to complete.
Kevin Paige, field CISO for C1, said the C1 Autonomous Worker (C1AW) can continuously perform a wide range of tasks, ranging from scanning for gaps in compliance to removing access permissions for individuals who are no longer working for the organization.
The overall goal is to significantly reduce the amount of toil cybersecurity teams currently experience managing mundane tasks that can now be assigned to C1AW, said Paige.
Unlike a general-purpose AI agent, C1AW is a purpose-built AI agent that connects to a control plane and harness that ensures it adheres to the guardrails and policies that are embedded in the core C1 governance platform that, via application programming interfaces (APIs) and Model Context Protocol (MCP) servers, also provides the context needed to ensure accurate outcomes, noted Paige.
Every action C1AW takes is governed by the same policy engine that governs human users. Additionally, every action is attributed in C1’s audit trail, which makes it reviewable like any other access event, he added. As such, cybersecurity teams can have confidence that tasks will be completed without creating another incident that cybersecurity teams would need to manage, said Paige.
It’s not clear to what degree or how cybersecurity teams are embracing AI agents to automate tasks. Many of them have already seen how colleagues are using AI agents to automate any number of workflows. The challenge is that many of those workflows are not likely passing muster with existing governance policies.
C1 is providing cybersecurity teams with an opportunity to gain firsthand experience using an AI agent within their workflows, which should enable them to better understand the security issues and challenges that colleagues are likely to encounter, said Paige.
One way or another, AI agents will increasingly be incorporated into cybersecurity operations. Most organizations are chronically understaffed at a time when the overall attack surface only continues to expand. At the same time, adversaries are increasingly relying on AI to launch more sophisticated cyberattacks at scale. The only way cybersecurity teams will be able to successfully defend their organization is to rely more on AI to both combat threats and reduce the amount of time allocated to tedious manual tasks.
Cybersecurity teams, for example, will be able to create a natural language prompt to discover issues that previously would have required hours of investigation to otherwise complete, noted Paige.
Hopefully, AI will eventually benefit defenders a lot more than attackers. In the meantime, cybersecurity teams should start re-evaluating how best to allocate their existing limited resources in the agentic AI era. The one thing that is certain is that the lines that currently exist between various tools and platforms that cybersecurity teams rely on today are only going to become blurrier as AI agents interact with each other to thwart attacks at machine speed.
