Yubico and Delinea Close the Agentic AI Accountability Gap

Joint integration combines hardware-rooted human authorisation with Delinea’s runtime authorisation and identity governance capabilities, powered by StrongDM, to create an end-to-end accountability chain for AI Software Factories and agentic operations

Closing the Agentic AI Accountability Gap

Yubico (NASDAQ STOCKHOLM: YUBICO) and Delinea today announced a joint integration. It closes a critical gap in agentic AI security: the accountability gap between knowing who an AI agent is and proving that a verified human authorised its actions. The integration enables Yubico’s Role Delegation Tokens (RDT), a cryptographic authorisation mechanism backed by YubiKey hardware. It works within the Delinea Platform alongside StrongDM’s runtime authorisation capabilities and StrongDM ID, a new identity layer for AI agents.

A Unified Platform for Human and Non-Human Identity Governance

Following Delinea’s StrongDM acquisition, the platform unifies Privileged Access Management with just-in-time runtime authorisation. It applies across both human and non-human identities. Yubico’s RDT adds a cryptographic hardware root of trust. As a result, organisations can establish a verifiable chain of accountability between the human who authorises an action and the AI system that executes it.

“The hard problem in agentic AI security is accountability: can you prove a specific human approved a high-consequence action?” said Albert Biketi, chief product and technology officer at Yubico. “Hardware attestation without runtime enforcement is a signature with no enforcement point. Runtime enforcement without hardware attestation is a policy gate with no proof of human presence. This integration with Delinea solves both sides.”

Why Agentic AI Breaks Traditional Security Models

AI coding agents now generate, review, and commit code with increasing autonomy. AI operations agents interact with infrastructure, databases, and enterprise workflows. These agents are the fastest-growing class of non-human identities in enterprise environments. However, existing security models were not designed to govern them.

Bridging Hardware Attestation and Runtime Enforcement

Identity platforms can authenticate agents and enforce access policy. However, software can be impersonated, replayed, or automated. As a result, software-based controls alone cannot reliably prove a human physically approved a specific action. Hardware security keys can verify human presence. However, a token alone cannot evaluate policy, manage agent identities, or enforce access controls at scale.

Delinea provides centralised identity governance, JIT runtime authorisation powered by StrongDM, and, through StrongDM ID, verifiable agent identities linked to human sponsors, enabling organisations to discover, govern, and authorise access for every human and non-human identity across cloud, hybrid, and on-premises environments.

Yubico provides hardware-attested human authorisation through Role Delegation Tokens signed by YubiKey – cryptographic proof that a specific, physically present human approved a specific action with defined scope and constraints.

How the Integration Works in High-Risk Workflows

When an agentic workflow reaches a high-consequence decision point, the integration requires a verified human to authorise the action. For example, this includes production deployments, configuration changes, or sensitive data operations. The user signs an RDT envelope with their YubiKey before the workflow proceeds.

Key Capabilities of the Integration

In addition, key capabilities of the new integration include:

• End-to-end accountability for AI Software Factory workflows – from code generation through human-gated deployment
• Hardware-attested proof of human authorisation for high-consequence agentic actions
• Unified governance across human, machine and AI identities with YubiKey-backed escalation gates
• Comprehensive audit trails binding every critical automated action to a verified human approver

Industry Perspective on AI Identity Risk

“AI agents are quickly becoming one of the fastest-growing classes of identities in enterprise environments, yet most organisations lack the controls and accountability needed to govern what those identities can do,” said Phil Calvin, chief product officer at Delinea. “By combining Delinea’s identity governance and runtime authorisation with Yubico’s hardware-backed human authorisation, we create a trusted chain of control that ensures every high-risk action performed by an AI agent organisations can trace back to a verified human decision.”

Availability and RSA Conference Demonstration

The RDT integration with the Delinea Platform will be available for early access customers beginning Q2 2026. Yubico and Delinea will demonstrate the integration live at RSA Conference 2026, March 23–26, at the Moscone Center.

About Yubico

Yubico (Nasdaq Stockholm: YUBICO) is a modern cybersecurity company on a mission to make the digital world safer for everyone. As the inventor of the YubiKey, we set the gold standard for modern phishing-resistant, hardware-backed authentication, stopping account takeovers and making secure login simple.

Since 2007, we’ve helped shape global authentication standards, co-created FIDO2, WebAuthn, and FIDO U2F, and introduced the original passkey. Today, our passkey technology secures people and organisations in over 160 countries, transforming how digital identity is protected from onboarding to account recovery.

Trusted by the world’s most security-conscious brands, governments, and institutions, YubiKeys work out of the box with hundreds of apps and services, delivering fast, passwordless access without friction or compromise.

We believe strong security should never be out of reach. Through our philanthropic initiative, Secure it Forward, we donate YubiKeys to nonprofits supporting at-risk communities.

Headquartered in Stockholm, Sweden, Santa Clara, California, and Singapore, Yubico is proud to be recognised as one of TIME’s 100 Most Influential Companies and Fast Company’s Most Innovative Companies. Learn more at www.yubico.com.

About Cyber News Live

Stay ahead with Cyber News Live! First, we deliver real-time reporting and sharp threat intelligence. Additionally, we provide educational content for professionals, practitioners, and curious minds. From there, whether it’s breaking breach alerts or deep dives into attack vectors, we cover it all. Ultimately, our mission is clear: we make complex cyber topics understandable. And beyond that, we ensure critical knowledge stays accessible to everyone.