AI identity and access security focuses on protecting models, agents, and the services they connect to from credential abuse, lateral movement, model‑level exploits (e.g., prompt injection, data exfiltration, model stealing) and identity‑based attacks. The shift to agentic and multi‑agent deployments — across cloud ML platforms, contact centers, and enterprise automation — has expanded the attack surface and made traditional IAM insufficient: teams now need fine‑grained model access controls, ephemeral credentials, behavioral observability, and cross‑service policy enforcement. This category brings together platform and governance capabilities. Infrastructure and observability vendors such as Xilos aim to provide 100% visibility into connected services and agentic activity, while enterprise governance platforms like Monitaur centralize policy, monitoring, validation and vendor oversight (notably for regulated industries and insurance use cases). Cloud ML platforms (Vertex AI) and model providers (Cohere, Mistral AI) supply the underlying models and managed services that must be protected through private deployment options, access controls, and data‑handling guarantees. Agent platforms and virtual assistant products (IBM watsonx Assistant, Kore.ai, StackAI) introduce orchestration, multi‑agent workflows and no‑/low‑code tooling; these capabilities must include audit trails, role‑based access, and runtime guardrails. Industry‑specific solutions such as Observe.AI illustrate how voice agents and real‑time assists require both conversation security and identity controls. As of mid‑2026, organizations are prioritizing integrated stacks that combine least‑privilege access, credential rotation, runtime observability, policy enforcement and vendor governance to reduce model‑level risk and meet regulatory and insurance requirements. The result is an emerging discipline at the intersection of IAM, ML Ops and security engineering focused on preventing identity attacks on AI systems.