What’s New?

Keep up with new developments in Identity for AI.

Subscribe to get automatic updates: Identity for AI RSS feed

March 2026

March 31

Identity for AI general availability

We’re excited to announce the general availability of Identity for AI, which extends Ping Identity’s proven identity control plane to agentic architectures.

Identity for AI treats AI agents as first-class, non-human identities. This empowers your organization to safely deploy agents by ensuring they act with delegated authority, enforce least-privilege access to resources, and maintain human accountability through comprehensive auditing and human-in-the-loop (HITL) approvals.

Use the following new capabilities in Ping Identity platforms to secure AI behavior across your systems.

Agent identity

New PingOne PingOne Advanced Identity Cloud PingAM

Onboard and authorize your AI agents, enabling them to authenticate and request scoped access to enterprise tools and APIs.

First-class agent identity: Securely register, update, and disable AI agents with a new dedicated admin experience. This includes assigning agent owners and modeling which applications, groups, and users an agent is authorized to interact with.
Delegation instead of impersonation: OAuth 2.0 token exchange allows an agent to exchange a human user’s subject token for a new, downscoped token. The delegation token securely passes the identity of the human subject alongside the identity of the agent using the act (actor) and may_act claims, maintaining a secure chain of custody for downstream authorization.
Least‑privilege access at runtime: Limit an agent’s blast radius with fine-grained control over exactly which APIs and data sources the agent can access, including HITL approvals for sensitive actions.

Agent identity is made available as part of our new Identity for AI solution. Contact your account executive to find out more.

Learn more:

Agent gateway

New PingGateway

PingGateway now provides runtime security for the backend resources and MCP servers your agents need to access, without requiring your developers to build complex security logic into individual MCP servers.

Acting as a security proxy for MCP servers, the agent gateway:

Validates delegation tokens and enforces scopes and fine-grained authorization before agent requests reach backend resources.
Audits, throttles, and terminates agent traffic.
Includes specialized MCP filters.

Agent gateway is made available as part of our new Identity for AI solution. Contact your account executive to find out more.

Learn more:

MCP security gateway
McpAuditFilter: Record centralized audit trails of all agent requests
McpProtectionFilter: Bind OAuth 2.0 resource server configurations to MCP endpoints
McpValidationFilter: Validate JSON-RPC payloads and client message formats

Agent detection

Improved PingOne Protect

PingOne Protect now detects agentic automation acting on behalf of a user or system. It can:

Identify a subset of specific agent types in the risk evaluation response.
Use browser fingerprinting, behavioral telemetry, and device attributes to distinguish human traffic from agentic activity.

Agent detection is made available as part of our PingOne Protect solution. Contact your account executive to find out more.

Learn more in Bot detection.

Get started

To start securing your AI agents with Identity for AI:

Configure runtime identity to secure AI agents with PingOne and PingFederate
Integrate with AWS Bedrock and Cloudflare MCP servers
Explore additional Identity for AI resources

February 2026

February 10

Identifying agents with token exchange

New

We’ve added documentation on identifying agents with token exchange.

February 5

Secure MCP servers with PingGateway

New PingGateway

We’ve linked to a tutorial on securing MCP servers with PingGateway.

January 2026

January 16

Secure a Cloudflare MCP with Ping Identity

New PingOne PingOne Advanced Identity Cloud DaVinci PingFederate

We’ve added documentation on how to integrate a Cloudflare Workers MCP server with Ping Identity products:

Secure AWS Bedrock AgentCore Identity with Ping Identity

New PingOne PingOne Advanced Identity Cloud PingFederate

We’ve added documentation on how to integrate AWS Bedrock AgentCore Identity with Ping Identity products:

December 2025

December 22

Best practices

Improved

We’ve added a video to demonstrate best practices when implementing agentic architecture.

November 2025

November 13

MCP and A2A

Improved

We’ve added information on how MCP and A2A work together.

JWKs and JWTs

Improved PingOne Advanced Identity Cloud

We’ve included information in Authorize an AI Agent to Perform Tasks on Your Behalf on how to generate JWKs and JWTs. Learn more in Generate JWKs and step 2 of Get an auth request ID in the Advanced Identity Cloud documentation.

October 2025

October 9

Secure your AI agents with Identity for AI

New

We’re excited to announce the launch of the Identity for AI portal, Ping Identity’s dedicated resource for securing and governing the next generation of autonomous AI.

The rapid shift to agentic AI introduces countless security challenges. AI agents capable of actions such as booking flights and executing code must become trusted digital users. Our foundational Identity for AI framework integrates AI agents securely into your existing IAM ecosystem and helps you implement core best practices such as delegation, not impersonation and least privilege for every AI agent. Learn more in What Is Identity for AI?

Use this tutorial to start building trusted, secure, and compliant AI systems: Authorize an AI Agent to Perform Tasks on Your Behalf.

Check back often for new Identity for AI resources, including additional tutorials, use cases, and more.