As companies rush to embrace AI-native ways of working, identity security is going through one of the biggest shifts it’s seen in years. At Encora, that change isn’t something they’re waiting to react to—it’s already happening, driven by the realization that the old rules built around human users just don’t cut it when autonomous AI agents and machine identities start running large parts of the business.
Earlier this year, Encora kicked off what they’re calling “Encora 2.0.” It’s more than a tech upgrade; it’s a full 
That forward-thinking mindset comes from seeing how much faster everything moves now. Economic pressures, tighter deadlines, and AI-powered development have shortened the window for adaptation dramatically.
“The pace of change today is nothing like what we saw even four or five years back,” Agarwal notes. “We can’t sit around waiting for disruption to force our hand—we have to keep aligning with our customers’ goals and the wider industry trends in real time.”
A big part of Encora’s strategy has been shifting away from one-off vendor deals toward genuine, long-term partnerships—especially in security.“Security for us isn’t about buying the latest tool,” Agarwal explains. “It’s about building relationships that last. When you’ve got that depth, both sides know each other’s roadmaps, limitations, and possibilities.”
That approach has shaped how Encora works with CyberArk as they’ve expanded their identity security program far beyond basic privileged access management.
From CyberArk’s side, Encora stands out for its maturity. “Encora is a perfect example of a customer that has 
Vaidya points out that Encora’s path reflects the broader industry trend. “They started with privileged access, moved into endpoint privilege controls and secrets management, and now they’re tackling AI-related identity challenges. That level of maturity lets them stitch multiple capabilities together into something that feels like a true platform—even while much of the industry is still figuring it out.”
Higher Board Awareness, Tighter Timelines
Cyber risk is firmly on the board agenda these days, but greater awareness hasn’t translated into more patience.
“Boards today get cyber risk—they understand breach costs and even cyber insurance,” Agarwal says. “But their expectations around speed have gone through the roof.”Security teams are now expected to enable rapid growth without adding unacceptable risk, and identity controls have become central to striking that balance.
“Boards aren’t debating whether security matters anymore,” Vaidya adds. “They’re asking how quickly it can be delivered without slowing the business.”
Getting Ready for Agentic AI
Encora’s own recent launch of an AI agentic framework has made these identity questions even more urgent. Autonomous agents bring a completely different risk profile—one where traditional human authentication methods fall apart.
“Classic MFA simply doesn’t work for machines,” Agarwal points out. “Certificates and secrets management become far more practical.”By using certificates to authenticate AI agents inside tightly controlled environments, Encora brings the risk down to something observable and manageable.“It never goes to zero, of course,” he says, “but it becomes something we can see and fix quickly.”
For CyberArk, Encora’s method reinforces a key lesson: AI security depends on a solid identity foundation underneath.“What Encora has done particularly well is extend their existing identity controls into these new AI environments instead of treating AI as a separate silo,” Vaidya observes. “That puts them ahead of many organizations still running isolated experiments.”
Certificate lifecycle management is getting fresh attention, especially as validity periods keep shrinking.“Certificates aren’t just for websites anymore,” Agarwal says. “They’re turning into core identity assets for endpoints, agents, and services.”
Manual handling can’t keep up with the scale AI demands, so Encora is moving toward fully automated, zero-touch PKI processes.“We need issuance, renewal, and revocation to happen without anyone touching it,” he explains.Vaidya sees this as a natural next step from earlier identity practices. “Permanent access doesn’t scale in highly automated setups. Certificates effectively become the keys that agents carry.”
Identity as the Control Plane for AI
Looking forward, both leaders agree on one starting point: you can’t govern what you can’t see.“Discovery and visibility have to come first,” Agarwal emphasizes. “If you don’t know who—or what—is accessing your systems, governance is impossible.”As AI agents multiply, identity is becoming the main control layer for autonomous operations.
“Agents don’t act like people—they run constantly, at massive scale, across multiple environments,” Vaidya says. “Companies that already have strong identity foundations will find the transition much smoother.”
Encora’s experience shows that preparing for AI security isn’t about inventing entirely new defenses. It’s about taking proven identity principles and extending them confidently into an increasingly autonomous future, that is heavily influenced by AI.