Ping Identity extends runtime identity for AI agents across AWS, Google Cloud and Cloudflare

Ping Identity has expanded its Runtime Identity capabilities through integrations with AWS, Google Cloud, and Cloudflare, giving enterprises more ways to govern AI agents as they move across cloud workloads, APIs, tools, and edge infrastructure.

The integrations are designed to help security teams see what AI agents can access, what actions they are taking, and whether those actions follow enterprise policy. Ping’s Runtime Identity approach extends identity controls beyond initial authentication and into continuous authorization, policy enforcement, and monitoring while agents are operating.

For AWS environments, Ping said the integrations can help organizations establish trusted identities for AI agents, enforce delegated least-privilege access, and align agent activity with policies tied to sensitive data, regulated workloads, and operational limits. With Google Cloud Agent Gateway, PingOne Authorize can be used to authenticate delegated agent identities, enforce policies across agent and tool interactions, and centralize authorization decisions across users, agents, tools, and downstream APIs.

Ping is also working with Cloudflare to extend identity enforcement to the edge, where AI agents may access public and private data, services, and distributed infrastructure. The Cloudflare integration focuses on securing agent and Model Context Protocol traffic with scoped credentials, applying Zero Trust policies to agent activity and monitoring agent behavior across edge environments. For MSPs, MSSPs, and enterprise security teams, the broader signal is that identity vendors are moving deeper into AI governance as organizations look for ways to control agent activity without scattering policy logic across every agent, tool, or workload.