The Invisible Crisis of Digital Identity: How Prudhvi Ananthula Is Rethinking Security for the AI Era

Every major cyberattack begins with an identity.
AI-generated summary, reviewed by editors
Not always a person. Increasingly, it is a machine account, an application, an API key, a privileged service account, or an automated process operating quietly behind the scenes. As organizations embrace cloud computing, artificial intelligence, and hyperautomation, the number of digital identities has grown beyond human scale. Yet many enterprises continue to govern these identities with security models designed for a much simpler era.
This disconnect has created one of cybersecurity's most urgent challenges. Organizations invest heavily in firewalls, encryption, and endpoint protection, but often overlook the very identities that determine who—or what—can access their most critical systems. The result is a growing attack surface, increasing regulatory pressure, and operational complexity that traditional security frameworks struggle to address.
Few professionals have spent as much time at the intersection of engineering, governance, and regulatory security as Prudhvi Ananthula.
As US Head of IAM Operations at a top-10 U.S. bank, Prudhvi leads enterprise identity governance across 200,000+ digital identities spanning workforce, privileged, and non-human accounts—operating under Federal Reserve, OCC, and FDIC oversight. He holds CISM and CISA certifications and has delivered clean audit outcomes since 2017 against some of the financial industry's most rigorous regulatory scrutiny. Beyond operations, he contributes as an IEEE and ACM peer reviewer, published researcher in Non-Human Identity governance and Physical Identity & Access Management (PIAM), and a contributor to publications including Security Magazine, Dark Reading, SC Media, CIO.com, and Finextra, with research currently under review at Harvard Business Review and the Cloud Security Alliance Journal.
Rather than viewing identity as a technology problem alone, Prudhvi believes it has become the foundation of digital trust.
In this exclusive conversation, he shares why identity security is rapidly becoming the defining cybersecurity challenge of the decade—and what organizations must do to prepare.
Q: Identity security has become a major topic in cybersecurity. Why is it suddenly receiving so much attention?
Prudhvi Ananthula:
The digital world has fundamentally changed.
A decade ago, organizations primarily managed employee accounts. Today, every enterprise operates thousands—or even millions—of identities that extend far beyond people. Applications communicate with applications. APIs exchange sensitive information continuously. Artificial intelligence systems make autonomous decisions. Cloud platforms dynamically create workloads every minute.
Each of these requires an identity.
The challenge is that while technology has evolved rapidly, governance has not kept pace. Many organizations still rely on manual processes and fragmented controls that were never designed for today's environment.
Identity is no longer simply about authentication. It has become the central control point for organizational resilience, regulatory compliance, and cyber defense.
Q: You've written and published research extensively on Non-Human Identities. Why do you consider them one of cybersecurity's biggest emerging risks?
Prudhvi Ananthula:
Non-Human Identities represent one of the fastest-growing segments of enterprise infrastructure. These include service accounts, machine identities, application credentials, API secrets, containers, robotic processes, and AI agents.
Unlike human users, they rarely log in through traditional interfaces. They operate continuously, often with elevated privileges, and many remain active for years without meaningful review.
If these identities are compromised, attackers can move laterally through enterprise environments without triggering many conventional security controls.
That's why I believe organizations must begin governing machine identities with the same discipline historically applied to privileged human users. My published research on NHI governance frameworks—including accepted work at IEEE ICSSAS 2026—explores the specific control gaps regulators are beginning to flag across the industry.
The future belongs to autonomous identity governance—where policies continuously evaluate, validate, and enforce trust without depending entirely on manual intervention.
Q: Financial institutions face some of the world's strictest regulatory requirements. How does identity governance support compliance?
Prudhvi Ananthula:
Regulatory compliance is often misunderstood. Many organizations treat audits as periodic events. In reality, effective compliance is achieved long before an auditor arrives.
Identity governance allows organizations to demonstrate who has access, why they have access, how access was approved, whether segregation-of-duty policies are enforced, and whether privileged permissions remain appropriate throughout their lifecycle.
The Zero-Defect IAM Policy Framework I developed at Santander embeds regulatory controls directly into control architecture—eliminating last-minute audit preparation. A Big Four firm formally recognized elements as industry-leading. That's what it looks like when governance becomes operational rather than reactive.
Strong governance is ultimately about creating confidence—not only for regulators but also for customers, employees, and shareholders.
Q: One of your recent research areas focuses on Physical Identity and Access Management (PIAM). What inspired this work?
Prudhvi Ananthula:
Organizations generally manage physical and digital identities separately—and that separation creates real risk.
Consider a common scenario: an employee is terminated. Their badge access is revoked within hours. But their VPN credentials, cloud application permissions, and service account access remain active for weeks. Or the reverse—digital access is cut, but they can still walk into a data center. Both represent exploitable gaps.
My research—accepted at IEEE ICSSAS 2026—explores a unified governance framework where physical and digital identities operate as components of a single trust model. As organizations become increasingly connected, identity should follow individuals consistently across both physical facilities and digital environments.
Security works best when it eliminates silos rather than creating additional ones.
Q: Artificial Intelligence is transforming cybersecurity. What opportunities and risks do you see?
Prudhvi Ananthula:
Artificial intelligence is simultaneously one of cybersecurity's greatest opportunities and one of its greatest challenges.
AI can significantly improve threat detection, automate repetitive governance activities, and accelerate decision-making. I've implemented ML-based peer group analysis for access certifications—systems that flag when a user is the only person in Finance with admin access to a production server, or confirm that 99% of peers in a role safely hold a given permission. That level of intelligent signal cuts review fatigue and improves decision quality at scale.
However, AI systems themselves require identities, permissions, accountability, and governance. My published research on Agentic AI frameworks addresses exactly this—how to govern autonomous AI systems that operate with elevated privileges and minimal human supervision.
The future is not simply AI-driven security. It is AI governed by trusted identity frameworks.
Q: You've contributed through technical publications as well as industry articles. Why is knowledge sharing important?
Prudhvi Ananthula:
Cybersecurity evolves too quickly for innovation to remain isolated within individual organizations. Every enterprise faces similar identity challenges, even if their environments differ.
Publishing allows practitioners, researchers, executives, and policymakers to exchange ideas, challenge assumptions, and collectively strengthen the industry. Some audiences need highly technical research—peer-reviewed IEEE and ACM papers. Others need strategic perspectives that connect technology with business outcomes—which is why I write for outlets like Dark Reading, CIO.com, and Finextra.
Both are essential if we want to build more resilient digital ecosystems.
Q: What advice would you offer to organizations beginning their identity transformation journey?
Prudhvi Ananthula:
Technology alone cannot solve identity governance. Start with visibility: understand what identities exist, what privileges they possess, how those privileges were approved, and whether continuous governance exists across their lifecycle. You cannot govern what you cannot see.
Equally important is recognizing that identity is not solely an IT responsibility. It requires collaboration between security teams, business leaders, compliance professionals, auditors, and executive management.
Identity governance succeeds when it becomes part of organizational culture rather than simply another technology implementation.
Q: Looking ahead, what do you believe will define the next decade of cybersecurity?
Prudhvi Ananthula:
Trust.
As digital ecosystems become increasingly autonomous, organizations will need systems capable of making security decisions continuously, transparently, and intelligently.
Identity will become the common language connecting cloud platforms, artificial intelligence, human users, machine identities, physical infrastructure, and regulatory governance.
Organizations that establish trusted identity foundations today will be significantly better prepared for tomorrow's challenges. The future of cybersecurity will not be determined solely by stronger defenses. It will be determined by stronger trust.
Conclusion
Cybersecurity is entering a new era—one where identities outnumber people, intelligent systems operate independently, and trust must be continuously verified rather than assumed.
In this rapidly evolving landscape, identity governance is no longer a back-office function. It has become the invisible infrastructure upon which modern economies depend.
Through enterprise leadership—governing 200,000+ digital identities under Federal Reserve, OCC, and FDIC oversight—alongside published IEEE and ACM research, peer review contributions, and ongoing work in emerging areas such as Non-Human Identity governance and Physical-Cyber Identity convergence, Prudhvi Ananthula represents a new generation of cybersecurity thinkers working to bridge the gap between technological advancement and responsible governance.
As organizations continue their digital transformation journeys, the most valuable security investments may not be the ones that build higher walls—but the ones that ensure every identity, whether human or machine, is trusted, accountable, and governed throughout its lifecycle.
Because in tomorrow's digital world, security will ultimately be measured not by what systems can do—but by how intelligently they decide who should be allowed to do it.
About the Author: Prudhvi Ananthula is US Head of IAM Operations at a top-10 U.S. bank, leading identity governance across 200,000+ digital identities under Federal Reserve, OCC, and FDIC oversight. He is an IEEE and ACM peer reviewer, published researcher, and widely published thought leader in identity security and cybersecurity governance. Learn more at prudhviananthula.com












Click it and Unblock the Notifications