At SREday NYC 2026, the ShipTalk podcast welcomed Zachary Gruenberg, Solution Engineer and Machine Identity SME at Palo Alto Networks, for a conversation about one of the fastest growing challenges in modern infrastructure: machine identity management.
Throughout the conference, much of the discussion centered on AI agents automating operational tasks—from incident response to infrastructure management. But every automated agent interacting with systems still requires credentials and access permissions.
In the episode, ShipTalk host Dewan Ahmed, Principal Developer Advocate at Harness, spoke with Zachary about how the rapid rise of AI-driven automation is creating an explosion of machine identities—and why managing them is quickly becoming a major security concern for SRE and platform teams.
🎧 Listen to the Full Episode
The Explosion of Machine Identities
In the past, identity management primarily focused on human users logging into systems.
Today, the landscape looks very different.
Modern infrastructure environments include a growing number of non-human identities such as:
- service accounts
- automation scripts
- CI/CD pipelines
- microservices communicating with each other
- AI agents performing operational tasks
Each of these components requires credentials in order to interact with infrastructure, APIs, and other services.
As organizations deploy more automation and AI-driven workflows, the number of machine identities can quickly outnumber human users by several orders of magnitude.
For SRE teams, this creates a new challenge: tracking which systems have access to what resources—and ensuring those permissions remain secure.
Building Security That Scales with Automation
One of the most common problems Zachary sees is that teams prioritize functionality when deploying new automation systems.
When engineers introduce AI agents or automated workflows, identity management is often treated as an afterthought.
That approach can lead to:
- overly permissive service accounts
- long-lived credentials
- unclear ownership of machine identities
- difficulty auditing access across systems
To address this, Zachary encourages organizations to treat machine identity as a core component of their security architecture, rather than a secondary concern.
This often includes practices such as:
- implementing short-lived credentials
- centralizing identity management across services
- applying the principle of least privilege to machine accounts
- automating identity lifecycle management alongside infrastructure automation
When these controls are built into the platform early, security can scale alongside automation instead of becoming a bottleneck.
The Most Common Machine Identity Blind Spot
Despite the growing awareness of identity security, Zachary frequently encounters one recurring issue.
Many teams simply lose track of the machine identities they have created.
Over time, environments accumulate service accounts, API keys, tokens, and automation credentials that remain active long after the systems that created them are gone.
This “identity sprawl” can create significant risk, particularly in environments where automated systems are interacting with critical infrastructure.
The challenge becomes even greater as AI agents begin performing more complex operational tasks.
Ensuring that these agents have the right level of access—and no more—requires visibility into every identity operating within the system.
Security in an Autonomous Infrastructure World
As organizations adopt AI-driven automation across operations, the importance of identity security will only increase.
Each new automation tool or AI workflow adds another layer of machine identities interacting with infrastructure.
For SRE and platform teams, this means reliability engineering and security practices are becoming increasingly interconnected.
Strong machine identity management ensures that automation systems can operate safely while protecting the infrastructure they interact with.
Final Thoughts
Zachary Gruenberg’s message is a timely reminder that the growth of AI agents and automation does not eliminate the need for strong security foundations.
If anything, it makes them even more critical.
As organizations move toward more autonomous systems, understanding who—or what—has access to critical infrastructure will remain one of the most important challenges for reliability and security teams alike.
🎧 Listen to the Full Episode
Subscribe to the ShipTalk Podcast
Enjoy conversations like this with engineers, platform builders, and reliability leaders from across the industry.
Follow ShipTalk on your favorite podcast platform and stay tuned for more stories from the people building the systems that power modern technology. 🎙️🚀
All this author’s posts
Dewan Ahmed is a Principal Developer Advocate at Harness, a company that aims to enable every software engineering team in the world to deliver code reliably, efficiently and quickly to their users. Before joining Harness, he worked at IBM, Red Hat, and Aiven as a developer, QA lead, consultant, and developer advocate. For the last fifteen years, Dewan has worked to solve DevOps and infrastructure problems for small startups, large enterprises, and governments. Starting his public speaking at a toastmaster in 2016, he has been speaking at tech conferences and meetups for the last ten years. His work is fueled by a passion for open-source and a deep respect for the tech community. Dewan writes about app/data infrastructure, developer advocacy, and his thoughts around a career in tech on his personal blog. Outside of work, he’s an advocate for underrepresented groups in tech and offers pro bono career coaching as his way of giving back.
