Non-human identity, delegated authority, and audit-ready traceability for agentic artificial intelligence.
Speaker
Dr Reza Alavi
Agenda
18:30 - Event start with welcome and introductions
19:00 - Presentation
19:45 - Q&A
20:00 - Event close
Synopsis
This session explains the hidden access layer behind agentic artificial intelligence: non-human identities (machine, workload, and service identities) that allow agents to call tools, access data, and trigger actions. The objective is to reframe “agent risk” from model behaviour alone to credentialed execution, who/what is acting, with what permissions, under what constraints and with what evidence trail.
Attendees will leave with a practical taxonomy of non-human identities used in agentic systems, the dominant failure modes (silent privilege, token sprawl, weak binding between user intent and agent action) and a set of control objectives to make agent actions least-privilege, identity-bound, monitorable, and audit-ready before scaling beyond supervised use.
About the speaker
Dr Reza Alavi is a Senior Security Risk Specialist at Lloyds Banking Group, specialising in Responsible Artificial Intelligence security, governance, and control assurance for Generative Artificial Intelligence and agentic artificial intelligence. He works at the intersection of security engineering, risk oversight, and regulatory readiness, helping organisations scale Artificial Intelligence safely through practical, threat-informed controls covering areas such as prompt injection, model drift, data leakage, and adversarial manipulation. He partners closely with engineering, data, legal, and risk functions to translate complex technical risks into decision-ready governance and evidence-based assurance aligned to the European Union Artificial Intelligence Act, the General Data Protection Regulation, and the Organisation for Economic Co-operation and Development Artificial Intelligence Principles. Dr Alavi holds a Doctor of Philosophy in Information Security and professional certifications including Certification in Risk and Information Systems Control, Certified Information Systems Auditor, Certified Information Security Manager, and Certified Information Privacy Professional.
Our events are for adults aged 16 years and over.
This meeting is conducted in accordance with the BCS Code of Conduct for Meetings.
BCS is a membership organisation. If you enjoy this event, please consider joining BCS. You’ll be very welcome. You’ll receive access to many exclusive career development tools, an introduction to a thriving professional community and also help us Make IT Good For Society. Join BCS today
Please note: if you have any accessibility needs, please let us know via groups@bcs.uk, and we’ll work with you to make suitable arrangements.
This event is brought to you by: IRMA (Information Risk Management and Assurance) specialist group
