Yubico and Delinea Close the Agentic AI Accountability Gap

Key Terms

privileged access management technical

Privileged access management is a set of tools and practices that control who can use the most powerful accounts and credentials in an organization, like giving, tracking and removing keys to sensitive rooms. It matters to investors because it lowers the chance of costly data breaches, fraud or regulatory fines by preventing misuse of high‑level access, and therefore helps protect a company’s operations, reputation and financial value.

identity governance technical

Identity governance is the set of policies, processes and tools a company uses to control who can access its systems, data and applications, and to track and approve those access rights over time. Think of it as a company’s keycard system plus an audit trail that ensures only the right people have the right keys and that changes are reviewed. For investors it matters because strong identity governance reduces the risk of data breaches, fraud, regulatory fines and operational outages, which can protect earnings and company value.

root of trust technical

A root of trust is a small, tamper-resistant component inside a device or system that serves as the secure anchor for identity and data protection—think of it as a locked safe that holds the master keys and proof that the system is genuine. It matters to investors because a strong root of trust reduces the risk of hacks, supports regulatory compliance and customer confidence, and therefore can protect a product’s value and a company’s reputation.

non-human identities technical

Non-human identities are legal or digital identities assigned to machines, software agents, Internet-of-Things devices, or automated accounts so they can act, communicate, and be tracked separately from people. For investors this matters because these identities affect who is legally responsible, how transactions are authenticated, and how automated systems impact revenue or liability — think of them like a licensed driver’s license or bank account for a robot or software agent.

audit trails technical

A record of every step, change and action taken on financial records, transactions or documents that creates a clear ‘breadcrumb trail’ from start to finish. Investors care because it lets auditors, regulators and shareholders verify that numbers are accurate, trace the cause of errors or suspicious activity, and assess whether controls are working — much like CCTV footage helps confirm what really happened in an incident.

Joint integration combines hardware-rooted human authorization with Delinea’s runtime authorization and identity governance capabilities powered by StrongDM to create an end-to-end accountability chain for AI Software Factories and agentic operations

SAN FRANCISCO--(BUSINESS WIRE)-- Yubico (NASDAQ STOCKHOLM: YUBICO) and Delinea today announced a joint integration that closes a critical gap in agentic AI security: the accountability gap between knowing who an AI agent is and proving that a verified human authorized what it did. The integration enables Yubico’s Role Delegation Tokens (RDT) – a cryptographic authorization primitive backed by YubiKey hardware – to be used within the Delinea Platform alongside StrongDM’s runtime authorization capabilities, and StrongDM ID, the new identity layer purpose-built for AI agents.

Following Delinea’s completion of its StrongDM acquisition, the combined platform unifies Privileged Access Management with just-in-time runtime authorization across both human and non-human identities. Yubico’s RDT adds a cryptographic hardware root of trust to this architecture, allowing organizations to establish a verifiable chain of accountability between the human who authorizes an action and the AI system that executes it.

“The hard problem in agentic AI security is accountability: can you prove a specific human approved a high-consequence action?” said Albert Biketi, chief product and technology officer at Yubico. “Hardware attestation without runtime enforcement is a signature with no enforcement point. Runtime enforcement without hardware attestation is a policy gate with no proof of human presence. This integration with Delinea solves both sides.”

The Accountability Gap: Runtime Policy Enforcement Meets Hardware-based Human Authorization

AI coding agents now generate, review, and commit code with increasing autonomy. AI operations agents interact with infrastructure, databases, and enterprise workflows. These agents are the fastest-growing class of non-human identities in enterprise environments – and existing security models were not designed to govern them.

Identity platforms can authenticate agents and enforce access policy, but because software can be impersonated, replayed or automated, software-based controls alone cannot reliably prove a specific human physically approved a specific action. Hardware security keys can verify human presence, but a token alone cannot evaluate policy, manage agent identities, or enforce access controls at scale. Organizations need both – and until now, no integration has connected them.

Delinea provides centralized identity governance, JIT runtime authorization powered by StrongDM, and – through StrongDM ID – verifiable agent identities linked to human sponsors, enabling organizations to discover, govern, and authorize access for every human and non-human identity across cloud, hybrid, and on-premises environments.

Yubico provides hardware-attested human authorization through Role Delegation Tokens signed by YubiKey – cryptographic proof that a specific, physically present human approved a specific action with defined scope and constraints.

When an agentic workflow reaches a high-consequence decision point – such as a production deployment gate, a privileged configuration change, or a sensitive data operation – the integration requires a verified human to authorize the action by signing an RDT envelope with their YubiKey before the workflow proceeds.

Key capabilities of the new integration include:

• End-to-end accountability for AI Software Factory workflows – from code generation through human-gated deployment
• Hardware-attested proof of human authorization for high-consequence agentic actions
• Unified governance across human, machine and AI identities with YubiKey-backed escalation gates
• Comprehensive audit trails binding every critical automated action to a verified human approver

“AI agents are quickly becoming one of the fastest-growing classes of identities in enterprise environments, yet most organizations lack the controls and accountability needed to govern what those identities can do,” said Phil Calvin, chief product officer at Delinea. “By combining Delinea’s identity governance and runtime authorization with Yubico’s hardware-backed human authorization, we create a trusted chain of control that ensures every high-risk action performed by an AI agent can be traced back to a verified human decision.”

The RDT integration with the Delinea Platform will be available for early access customers beginning Q2 2026. Yubico and Delinea will demonstrate the integration live at RSA Conference 2026, March 23–26 at the Moscone Center. Visit the Yubico booth to see hardware-attested agentic AI authorization in action.

About Yubico

Yubico (Nasdaq Stockholm: YUBICO) is a modern cybersecurity company on a mission to make the digital world safer for everyone. As the inventor of the YubiKey, we set the gold standard for modern phishing-resistant, hardware-backed authentication, stopping account takeovers and making secure login simple.

Since 2007, we’ve helped shape global authentication standards, co-created FIDO2, WebAuthn, and FIDO U2F, and introduced the original passkey. Today, our passkey technology secures people and organizations in over 160 countries—transforming how digital identity is protected from onboarding to account recovery.

Trusted by the world’s most security-conscious brands, governments, and institutions, YubiKeys work out of the box with hundreds of apps and services, delivering fast, passwordless access without friction or compromise.

We believe strong security should never be out of reach. Through our philanthropic initiative, Secure it Forward, we donate YubiKeys to nonprofits supporting at-risk communities.

Headquartered in Stockholm, Sweden; Santa Clara, California; and Singapore, Yubico is proud to be recognized as one of TIME’s 100 Most Influential Companies and Fast Company’s Most Innovative Companies. Learn more at www.yubico.com

About Delinea

Delinea is a pioneer in securing human and machine identities through intelligent, centralized authorization, empowering organizations to seamlessly govern their interactions across the modern enterprise. Leveraging AI-powered intelligence, Delinea’s leading cloud-native Identity Security Platform applies context throughout the entire identity lifecycle – across cloud and traditional infrastructure, data, SaaS applications, and AI. It is the only platform that enables you to discover all identities – including workforce, IT administrator, developers, and machines – assign appropriate access levels, detect irregularities, and respond to threats in real-time. With deployment in weeks, not months, 90% fewer resources to manage than the nearest competitor, and a 99.995% uptime, the Delinea Platform delivers robust security and operational efficiency without complexity. Learn more about Delinea on LinkedIn, X, and YouTube.

View source version on businesswire.com: https://www.businesswire.com/news/home/20260319428582/en/

Yubico

Yubico Communications Team

press@yubico.com

Delinea

Justin Ordman, Corporate Communications Director

pr@delinea.com

Source: Yubico