Who owns an employee's personalized AI agent? If a tech giant owns this extension of an individual's intelligence, it poses a huge risk of manipulation. Companies must champion a "self-sovereign" model where individuals own their Identic AI to ensure security, autonomy, and prevent external influence on their thinking.
Related Insights
For CISOs adopting agentic AI, the most practical first step is to frame it as an insider risk problem. This involves assigning agents persistent identities (like Slack or email accounts) and applying rigorous access control and privilege management, similar to onboarding a human employee.
Using a proprietary AI is like having a biographer document your every thought and memory. The critical danger is that this biography is controlled by the AI company; you can't read it, verify its accuracy, or control how it's used to influence you.
As AI agents take over execution, the primary human role will evolve to setting constraints and shouldering the responsibility for agent decisions. Every employee will effectively become a manager of an AI team, with their main function being risk mitigation and accountability, turning everyone into a leader responsible for agent outcomes.
Organizations must urgently develop policies for AI agents, which take action on a user's behalf. This is not a future problem. Agents are already being integrated into common business tools like ChatGPT, Microsoft Copilot, and Salesforce, creating new risks that existing generative AI policies do not cover.
A single AI agent can provide personalized and secure responses by dynamically adopting the data access permissions of the person querying it. This ensures users only see data they are authorized to view, maintaining granular governance without separate agent instances.
The CEO of WorkOS describes AI agents as 'crazy hyperactive interns' that can access all systems and wreak havoc at machine speed. This makes agent-specific security—focusing on authentication, permissions, and safeguards against prompt injection—a massive and urgent challenge for the industry.
For AI to function as a "second brain"—synthesizing personal notes, thoughts, and conversations—it needs access to highly sensitive data. This is antithetical to public cloud AI. The solution lies in leveraging private, self-hosted LLMs that protect user sovereignty.
The concept of "sovereignty" is evolving from data location to model ownership. A company's ultimate competitive moat will be its proprietary foundation model, which embeds tacit knowledge and institutional memory, making the firm more efficient than the open market.
The 1990s 'Sovereign Individual' thesis is a useful lens for AI's future. It predicts that highly leveraged entrepreneurs will create immense value with AI agents, diminishing the power of nation-states, which will be forced to compete for these hyper-productive individuals as citizens.
When an employee with an Identic AI leaves, a new IP challenge arises. The proposed solution is that the agent retains the individual's learned patterns and judgment—their "personal cognitive development"—but loses all access to the former employer's proprietary data. This distinction will become a central framework for future employment agreements.