Twenty-five years ago, video on the internet was a novelty...and a disaster.
Streams stalled. Resolution was poor. Servers collapsed under load. Engineers debated whether video would ever work at internet scale. The problem wasn’t just bandwidth; it was architecture. Early systems treated video like a file download, not a continuous, global, real-time service.
Today, autonomous and agentic AI systems are putting identity infrastructure through a similar reckoning.
The buffering wheel is back...this time in authentication and authorization.
The Early Internet Video Problem
In the late 1990s and early 2000s, video streaming failed for predictable reasons:
- Centralized servers couldn’t handle demand
- Protocols weren’t designed for continuous delivery
- Latency destroyed the user experience
- Scaling required brute force, not intelligence
The breakthrough didn’t come from “faster servers.” It came from rethinking the architecture:
- Stateless delivery
- CDNs and edge distribution
- Adaptive bitrate streaming
- Caching, locality, and failure tolerance
Video succeeded when the industry stopped treating it like a special case and started treating it like infrastructure.
Agentic AI Is Repeating the Pattern
Agentic AI systems are now exposing similar fault lines in identity. Traditional identity systems were designed for:
- Humans logging in occasionally
- Long-lived sessions
- Relatively small numbers of actors
- Coarse authorization decisions
Agentic agents flip every one of those assumptions.
They authenticate continuously, act autonomously, operate at machine speed, and scale into the millions or billions of identities. Each agent may make thousands of authenticated and authorized requests per second; often on behalf of humans, services, or other agents.
Identity is no longer a login problem. It’s a high-throughput control plane problem.
Why Today’s Identity Systems Buffer and Stall
Many identity platforms still behave like early video servers:
- Centralized decision points
- Stateful sessions as the default
- Synchronous authorization checks
- Overloaded introspection endpoints
- Identity logic embedded in applications
At agent scale, these systems don’t degrade gracefully—they fail catastrophically. Latency increases. Tokens pile up. Authorization becomes the bottleneck. Security teams respond by loosening controls, extending token lifetimes, or bypassing checks entirely.
That’s the identity equivalent of lowering the resolution and hoping no one notices.
In a recent survey conducted with EMA and Ory, we uncovered how participants feel about their existing IAM stack from four dimentions:
- 61% report that their current IAM solutions are not ready for AI Agents from resilency perspective
- 49% state that their current IAM solutions are not ready for AI agents from a compliance perspective
- 62% report that their current IAM solutions are not ready for AI agents from a scale perspective
- 59% state that their current IAM solution are not ready for AI agents from a security perspective
Access all the survey results - https://www.ory.com/resources/whitepapers/agentic-ai-identity-security-readiness
The Architectural Shift Identity Needs
Streaming scaled when delivery became:
- Distributed
- Stateless where possible
- Edge-friendly
- Designed for failure
Agent identity requires the same shift.
Identity Must Become Edge-Native
Agents cannot afford round-trip calls to a central identity service for every decision. Authentication and authorization must be verifiable locally, close to the workload.
Trust Must Be Short-Lived and Cheap to Verify
Long-lived credentials don’t scale and don’t fail safely. Identity at agent scale requires short-lived, cryptographically verifiable tokens that can be validated without shared state.
Authorization Must Be Decoupled and Predictable
Authorization can’t live inside application logic or ad-hoc scripts. It must be externalized, policy-driven, and evaluated consistently across environments.
From Human Identity to Workload Identity to Agent Identity
Just as streaming evolved from:
“Can we play a video?” to “Can we deliver billions of streams globally, reliably, and securely?”
Identity is evolving from:
“Can a user log in?” to “Can millions of autonomous actors authenticate and act safely, continuously, and at scale?”
Agentic systems are not edge cases. They are the next dominant workload. And like video, identity systems that are not built for this future will be bypassed, weakened, or replaced.
The Risk of Getting This Wrong
When identity becomes the bottleneck, organizations face an impossible choice:
- Enforce security and sacrifice scale
- Scale agents and sacrifice security
This is exactly where early streaming platforms failed—until the architecture caught up with demand.
Identity as Infrastructure (Again)
The platforms that ultimately enabled streaming success didn’t market “video features.” They built delivery infrastructure.
Likewise, the identity systems that succeed in the agentic era will not be those optimized for login screens. They will be those designed as:
- Distributed control planes
- Zero-trust by default
- Cloud- and edge-native
- Built for machines first, humans included
Final Thought
The history of the internet is full of moments where a new workload exposed architectural limits. Video streaming was one. Agentic AI is another.
Back then, the solution wasn’t to tweak the old systems—it was to replace the assumptions entirely.
Identity is at that moment again.
If we treat agent authentication and authorization like a scaled-up version of human login, we will get buffering wheels, dropped frames, and security shortcuts.
If we treat identity like streaming infrastructure—designed for scale, distribution, and failure—we unlock what agentic systems actually promise.
The question is no longer whether agentic agents will scale. It's whether identity will.
—-------------------------------------------------------------
Learn more about how Ory can handle agentic - https://www.ory.com/agentic-artificial-intelligence-ai-agents
Read More on Agentic -
