Key Takeaways:
- 8.3% of all new accounts were suspected of digital fraud in 2025
- Agentic AI blurs the lines between legitimate interactions and malicious behavior
- The connection between CIAM and IAM is more urgent than ever
- Modern fraud shows up through inconsistencies across signals
- Identity infrastructure is now a central trust dependency — and point-in-time checks aren’t enough on their own
- What fraud and identity leaders should do next
Financial risk, fraud, authentication, identity and customer experience leaders are expected to do three things at once: reduce friction, strengthen trust and catch more sophisticated attacks earlier in the journey. The problem is many of the signals organizations once relied on no longer tell the full story. AI can now log in, browse, click and transact in ways that look legitimate. That means identity systems built around checkpoint-style verification are under growing pressure.
This is why the identity conversation is shifting. Historically, customer identity and access management (CIAM) focused on customer registration and authentication. Identity and access management (IAM) focused on workforce access, governance and compliance.
But now, both depend on answering the same foundational question: How confidently can an organization establish trust before it grants access, credentials or privileges? The gap no longer lies only in what happens after identity is established. The bigger issue is proving who or what is entering the environment in the first place. That matters more now because remote onboarding, account creation fraud and deepfakes are all increasing risk at the front of the journey.
Why does Agentic AI change the identity challenge?
Agentic AI changes identity because it blurs the line between legitimate activity and malicious behavior. We’re facing a new reality: Identity interactions are becoming less purely user-driven and more agent-driven. In that world, a system may encounter AI agents acting on behalf of users, automated workflows completing sensitive actions, and hybrid attacks that combine AI, automation and human coordination.
That matters because attackers no longer need to appear obviously fraudulent. They may use real credentials, real devices and convincingly human behavior. In those moments, single-based controls may seem to pass, and traditional identity checks can confirm something looks normal without confirming the interaction is trustworthy. The challenge is no longer just detecting bots — it’s detecting intent.
For leaders, that changes the role of identity. Identity must evolve from gate at login or onboarding to become a continuous trust layer that evaluates whether an interaction still makes sense as it unfolds.
What does Agentic AI mean for CIAM and IAM teams?
Agentic AI does not make CIAM and IAM less relevant. It makes the connection between them more urgent. CIAM teams are being asked to reduce friction at account creation while improving confidence. IAM teams are being asked to secure workforce access in a world of remote hiring, remote onboarding and increasingly digital credential issuance. In both cases, the trust decision is moving earlier in the journey.
8.3% of all new accounts were suspected of digital fraud in 2025
That shift is especially important because remote onboarding has changed the risk profile of identity. What once depended on in-person processes now often depends on digital signals alone. Synthetic identities and deepfake-driven deception are no longer just consumer fraud concerns — they’re showing up in workforce contexts as well. That makes the point of onboarding more consequential for both fraud and access teams.
Weak trust at onboarding creates downstream problems that are far more expensive to correct later.
Why are traditional identity controls missing modern fraud?
Many organizations already collect large amounts of identity and fraud data. The problem isn’t always a lack of signals. It’s that signals are too often evaluated in isolation rather than as part of a unified trust decision.
Fraud doesn’t always break a single signal. More often, fraud shows up through inconsistencies across signals. For instance:
- A device may appear clean
- Credentials may be valid
- Behavior may appear human
- Location may seem plausible
Yet the interaction may still be risky when the full context is considered together.
That’s why Agentic AI is such an important lens for this discussion. It highlights the next phase of identity isn’t about adding one more check. It’s about understanding relationships across devices, networks, sessions, behaviors and identities over time. This is a shift from signals to context — where trust depends less on whether one signal passes and more on whether the overall pattern holds together.
The broader identity imperative being discussed in the industry reinforce the same lesson from another angle: non-human identity, deepfake workforce risk, identity-based attacks and the growing importance of phishing-resistant authentication. Together, those themes point to the same conclusion: Identity infrastructure is now a central trust dependency — and point-in-time checks aren’t enough on their own.
How a trust layer should function
A trust layer doesn’t need to start with a full platform redesign. It starts with a clearer operating model for orchestrating how trust is established at onboarding and maintained afterward. In an agentic environment, a trust layer should do four things well across the lifecycle.
Establish trust at the start
Organizations still need strong identity proofing at onboarding, especially in remote customer and workforce journeys. That includes validating documents where required, assessing whether the identity behind the data is legitimate and looking for signs of synthetic identity risk.
Use context, not isolated checks
Signals become more valuable when they’re correlated. Device, network, session and behavioral context can reveal contradictions a single control may miss. Fraud is exposed by inconsistency across signals rather than by one obviously bad indicator.
Reassess trust continuously
Identity shouldn’t end once a person or account is approved. Trust should be re-evaluated through login, session activity, account recovery and other high-risk moments. This is where Agentic AI meaningfully changes the model. The identity system needs to become continuous, adaptive and responsive to change.
Learn from outcomes
A stronger trust model doesn’t just score and decide; it improves over time. It’s a loop that collects, correlates, scores, decides and learns. That learning dynamic is what makes the approach more resilient to sophisticated, fast-changing attacks.
What fraud and identity leaders should do to implement a trust layer
The practical goal is not to add more friction everywhere. It’s to make trust more precise so organizations can intervene earlier when something doesn’t make sense and move faster when it does.
Three actions can help teams move in that direction quickly.
- Find where trust is only established once
Review onboarding, login, account recovery and other high-risk moments to identify where a single approval still carries too much weight. - Map the signals that matter before and after access is granted
Include identity proofing, synthetic identity indicators, device context, channel integrity and behavioral changes. - Align fraud, identity and authentication teams around one trust model
Even if CIAM and IAM remain separate operationally, the underlying trust logic should be more consistent across the lifecycle.
Agentic AI isn’t introducing a new class of attacks — it’s making a broader weakness harder to ignore. As more interactions look legitimate on the surface, identity must do more than verify access. It must function as a continuous trust layer. That’s the shift organizations need to design for now.
Learn how TransUnion supports stronger identity trust across onboarding, authentication and fraud prevention.
