AI Background and Proliferation of AI Tools and Services:
Despite some misconceptions, AI and AI chatbots are not new technologies. The first AI chatbot was introduced in 1966 named Eliza by an MIT professor, and IBM Watson in 2010 (more info here). AI is changing the Identity and Access Management (IAM) code development landscape with a possibility that repeatable use cases in the cloud at scale are increasingly less successful business models going forward.
What changed in 2022 was the launch of ChatGPT which catapulted the Generative AI into the social consciousness and proliferation of AI tools and services. In my view what makes the ChatGPT quite fascinating is the accessibility of the tool to many people in a very short period of time (more info here). ChatGPT has achieved amazing success in what it is designed to do, the ability to generate new content beyond text, images, and videos and generate code that can be a game changer for many industries specifically software companies.
it is also worth noting that AI is not a technology like EV batteries, reusable space rockets, gene editing, or robotics, rather it is a goal that we have always been striving to achieve for decades, Kathleen Walch beautifully discusses this in her 2018 article here. To keep it simple, I will refer to AI as a technology for the rest of this article.
One shared property of AI and other technologies is that both achieve efficiency by reducing the cost per unit of output of any product or services. It is reasonable to think that AI would shrink the technology maturity timeframe and increase productivity in the Gartner Hype Cycle, presented in figure-1 as the Plateau of Productivity. This will push the Gartner Hype Cycle curve higher and faster to achieve market maturity and most importantly make these products and services more “visible” and accessible to all businesses and consumers globally. In that process products and services with poor economic values are more rapidly identified and corrected.
Increased productivity in the form of new products and services with higher efficiency per unit of output puts pressure on the profit margins for existing products in the market as more competing products enter the market. In simple terms, the value of owning something and holding on to it, and benefiting from what is known as Economies of Scale diminishes in favor of building new products and services with higher efficiency where the market demands.
Subsequently, a lower LRAC or Long Run Average Cost is expected with the introduction of the new AI technology, shown in Figure-2. The lower cost can be in the form of incremental efficiency in a new unit of output. AI, in particular, can change the balance in favor of those who increasingly use AI for a new unit of output and adversely affect those who are vulnerable and not exposed to AI advancements. This vulnerability is more evident where a unit of output follows specific patterns and/or is repeatable.
In economics, while increasingly lower Marginal Cost of Production for a dominant product creates favorable economic values specifically in the digital realm, AI will disrupt the Economies of Scale in favor of more participating organizations and make the scaling less economically sound or what is known as “Diseconomies of Scale” to maintain and grow those units of output. I will discuss next where Economies of Scale stands in IAM terms which are presented as a new user on IAM platforms.
In my view, the marginal cost of a new unit of output is not absolute for one entity, and diminishing marginal revenue for one organization can be adversely correlated with the lower marginal cost of the same unit of output of another organization using AI, which is a new user on a particular IAM platform. AI can escalate the marginal cost of a unit of output and make it economically less viable in relative terms sooner than expected for a non-AI business model as shown in Figure-4.
Explanation for Marginal Revenue
AI which detects patterns and eliminates deficiency in repeatable use cases has the potential to lower Marginal Revenue for an organization that has the dominance in the market. Unexpectedly, revenue will be incrementally lower with more units of output sold, hence diminishing Marginal Revenue. These forces level the landscape for all the participants, creating opportunities for one and losses for another.
AI Usage for Now and the Potentially Disruptive Future of IAM Development Landscape:
As we know AI is a disruptive technology in many areas including software development, and in this space, IAM solutions are not an exception. It is also evident that IAM is mainly a protocol-oriented software solution. Its main goal is to provide secure access to other systems and platforms which demand implementation and standardization of these protocols across all components of an IAM solution. Whether it is federation with SAML/OIDC, or other areas such as SCIM, FIDO, STS, RADIUS, or LDAP, these protocols facilitate interoperability and security of the heterogenous systems and inadvertently expose vulnerabilities and perhaps opportunities with the rise of AI.
AI’s goal is to detect patterns in the code/data, and Generative AI is efficient at creating new content/code based on those patterns. If the IAM base layer is comprised of mainly well-known and repeatable functions and methods, then it is reasonable to think that AI can be an even more disruptive force in the IAM space compared to other industries. AI can effectively commoditize base IAM offerings and make them indistinguishable from one another. IAM features and capabilities can be hardly quantified if all IAM platforms achieve the same level of features and capabilities rapidly using AI-generated code.
As discussed above, this exposes vulnerabilities in terms of Economies of Scale since no IAM solution can achieve a dominant presence in this space and hence benefit from the increasingly lower marginal cost of adding a new unit of output – a new user. The margin diminishes rapidly with the introduction of comparable and competing products and services.
IAM Components and AI-generated code samples:
Although a detailed discussion of IAM components and protocols is outside the scope of this article, I will discuss next how a seasoned AI Prompt Engineer in this space can gen protocol-level integration in a relatively short period of time. Below are four generated codes to illustrate the usage of AI to reduce the cost of base IAM solutions
Using GPT-3 chatbot, I generated the sample codes below:
WebAuthN authentication on iOS:
Windows Hello API integration generated by ChatGPT
A granular OIDC protocol-level method:
SCIM user provisioning in Rust:
These are sample AI-generated codes where details are omitted to shorten the article. There are infinite possibilities to generate code with more parameters and complexity, and I am sure we are just getting started here with AI chatbots.
It is important to reiterate that a knowledgeable developer in this space and a seasoned Prompt Engineer is essential to successful product development using AI. Regardless, the ability to generate code at this level of detail is something software companies can’t underestimate, and as discussed IAM providers are even more exposed to this new technology.
Use Case: SecureAuth’s Arculix AI Capabilities Delivering Low Code No Code Orchestration
The process of configuring Orchestration follows a similar approach. Orchestration offers organizations the flexibility to create personalized and customized user journeys. It provides an engine that empowers administrators to define policies with greater precision and incorporate advanced conditional statements. With Arculix’s Orchestration Engine, organizations can establish their unique conditions and chain actions, including outbound API calls, without solely relying on pre-built security policies. As policies become more complex in design and implementation, AI can assist by translating business and security requirements into a language that the orchestration engine can understand. Arculix’s orchestration workflows can be exported in JSON format and utilized by the AI engine, enabling the mapping of human-readable statements to Arculix workflows using Generative AI like ChatGPT.
IAM and AI Opportunities:
There are multiple opportunities to utilize how AI can be a disruptive force in this space, AI can increase the security of the existing solutions, by detecting fraudulent activities, facilitating auditing, and reducing costs in many areas that require massive code development. However, businesses will have to reevaluate their business strategy and how to protect investment where it is highly exposed to AI.
Next-generation IAM has a bright future where there is little training data available for AI or requires human analysis and human intervention. One example would be in case of interoperability of heterogenous systems with little to no clearly defined protocols or well-known patterns to follow. Also, enterprise software requires more than implementation of the base protocol, or services that require studying, planning, and proper execution.
Businesses can grow and benefit by concurring lands, adding repeatable use cases, and benefit from Economies of Scale as discussed before, or choose to grow in verticals and gaining knowledge in other industries and how IAM relates to those industries at a deeper level. Products that are highly configurable and support deeper customization and configurability with a broader portfolio of integrated solutions position themselves not only to benefit from the AI to grow but also less vulnerable to Economies of Scale disruption by AI tools and services.
Final Words, Traditional IAM Business Model vs SecureAuth:
We are all fascinated by software automation, cloud computing, digitization of processes and use cases, and the tremendous opportunities that they offer to build profitable and successful businesses. Not surprisingly, several businesses in the IAM space flourish and grow on that same notion and that is what I would like to refer to as traditional IAM solutions where those benefit from Economies of Scale and repeatable use cases in the cloud. It is worth noting that to what degree legacy type of solutions business model fall into this category is another discussion outside of the scope of this article.
Inadvertently, AI is changing this landscape with a possibility that repeatable use cases in the cloud at scale are increasingly less successful business models going forward. These models have limited scope and use cases but otherwise benefit from scalability associated with the cloud computing and IAM base protocol implementations and standardization of these protocols. This is the weakest and the most vulnerable side of any IAM to the rise of AI if it remains on this path with the expectation to achieve more economic value.
In contrary to traditional IAM solutions, SecureAuth which positions itself as a much more flexible next-gen authentication solution that allows for deeper customization of the product, configurability, and a broader portfolio of integrated solutions, not only benefits from the AI to facilitate the growth of the existing solution but also has the advantage to grow in areas where AI can’t yet effectively touch. IAM solutions with specific integration in verticals and services that require human intervention, analysis, and planning have many opportunities to grow and generate economic value despite all the AI advancements.
To summarize the table below shows the impact of AI or its ability to disrupt various initiatives for an IAM solution from the development perspective:
|Building an IAM solution once and targeting more users in the cloud.||High|
|Growing an IAM product by concurring land, more of the same use cases.||High|
|Base IAM protocol implementation for small to mid-size organizations.||High|
|IAM solution with minimal incremental changes.||High|
|**Using AI in an IAM solution to add value.||High|
|IAM analytics, reporting, cloud services, infrastructure, and automation.||Medium|
|Enterprise-level IAM solutions||Medium|
|IAM product exposure to verticals.||Low|
|New innovative IAM ideas.||Low|
|IAM scoping and design services.||Low|
|IAM custom integrations.
**Does not refer to the use of AI in other areas to generate value. AI can easily create more AI-oriented services, so has a big impact on the existing AI implementation if AI itself is the value-added proposition.