The shift to identity-first security and why it matters

In this Help Net Security interview, Arun Shrestha, CEO at BeyondID, discusses how AI is transforming secure access management for both attackers and defenders. He discusses the shift toward identity-first security, and the role of contextual and continuous authentication in neutralizing AI-driven intrusions.

Shrestha also offers strategic guidance for CISOs managing the adoption of AI responsibly while maintaining security and compliance.

We’re seeing both attackers and defenders leverage AI. From your vantage point, how has AI fundamentally changed the playing field for secure access management?

AI has dramatically altered secure access management by empowering both attackers and defenders. Bad actors now have access to powerful tools that weren’t previously available, leveraging AI-driven compute power to gather intelligence at scale. Instead of relying solely on traditional social engineering, they can rapidly analyze vast amounts of data to craft highly targeted phishing attacks – email, phone, and even deepfake video – to steal credentials.

On the defensive side, AI has transformed anomaly detection. Previously, security teams had to sift through mountains of access logs, relying on human expertise to identify threats. It’s like finding a needle in a haystack. This process is slow and prone to missing critical signals. Now, AI models can be trained to recognize unusual access patterns in real time, significantly reducing noise and enabling organizations to respond faster to potential breaches. As threats evolve, AI is essential to staying ahead in the security arms race.

Can you break down what “identity-first” means practically and why it’s especially critical in this era of AI-driven threats?

Identity-first security means prioritizing identity as the foundation of access control, rather than relying on traditional network perimeters like firewalls and VPNs. With work happening from anywhere, on any device, the old perimeter-based security model is obsolete. People are the perimeter now. Whether human or machine, identity determines who or what is authorized to access critical services.

This approach is especially critical in the era of AI-driven threats. As AI accelerates cyberattacks, from advanced phishing to automated credential theft, organizations need a zero-trust framework that continuously verifies identity at every step. Identity is the backbone of zero trust, influencing all security pillars, from access controls to threat detection. Additionally, as devices proliferate rapidly, each with its own identity, AI-driven identity management becomes essential to keeping pace. By embedding AI into identity-first security, organizations can strengthen authentication, detect anomalies faster, and build a more resilient defense against evolving threats.

How does contextual and continuous authentication change the equation for preventing AI-powered intrusions? Could you share examples of how that plays out in a real-world scenario?

Contextual and continuous authentication shift the approach to preventing AI-powered intrusions by ensuring access decisions are dynamic and adaptive. Traditional authentication relies on a one-time login, but continuous authentication constantly verifies whether a request remains valid. If an AI-driven attack uses a stolen password or compromised device, continuous monitoring can detect anomalies, like logins from two locations simultaneously, and quarantine the session.

Contextual authentication strengthens this by analyzing patterns such as location, time of access, and device behavior. For instance, if an employee typically logs in from New York between 9 a.m. and 5 p.m. but suddenly attempts access from another country at midnight, the system flags the attempt and holds it for further verification. Additionally, attackers bypassing logins using stolen tokens can be thwarted by requiring new authentication tokens for each service request. By combining these strategies, organizations can neutralize AI-powered threats in real time, preventing unauthorized access before damage occurs.

How can defenders ensure that AI used in access management is not only fast but also explainable, ethical, and resilient to adversarial manipulation?

To ensure AI in access management is not only fast but also explainable, ethical, and resilient to adversarial manipulation, defenders must prioritize transparency, fairness, and security. AI-driven decisions, such as denying access, must be explainable to maintain user trust and compliance. Without clear justification, defenders can expect frustration, inefficiency, and loss of trust.

Ethical safeguards are also crucial. AI models can inherit biases, particularly in contextual authentication, so human oversight is necessary. A structured escalation path helps address false positives, ensuring legitimate users aren’t unfairly blocked.

Finally, AI must be resilient to manipulation. Bad actors can use AI to spoof location data, such as appearing to log in from a trusted region while actually operating elsewhere. To counter this, defenders must analyze multiple signals beyond IP, checking for anomalies in device behavior and network patterns. Encryption during transit further prevents AI-driven tampering, strengthening security against increasingly sophisticated attacks.

What strategic advice would you give CISOs being pushed to adopt AI faster than their security culture and policies may be ready for?

CISOs must balance innovation with security. AI isn’t a silver bullet; it requires a shift in strategy, similar to past transformations like cloud adoption. Many companies try to bolt AI onto legacy systems, but AI-driven applications will soon be built differently, requiring security by design from the start.

Rather than resisting AI out of fear, CISOs should adopt a “Yes, and…” approach, embracing AI while ensuring it aligns with risk governance frameworks like NIST, HIPAA, and FedRAMP. This means upskilling teams, embedding security into AI development, and making security part of the organization’s DNA rather than an afterthought.

CISOs must act as both strategists and skeptics, guiding leadership on responsible AI adoption. By framing security as an enabler rather than a blocker, they can help their organizations innovate safely and sustainably.