Identity and Access Management is not a side project. It is the connective tissue of digital business. When it works, customers log in, employees collaborate, and revenue flows. When it fails, the entire enterprise feels it—systems grind to a halt, regulators come calling, and trust evaporates overnight.
That’s why the current fascination with AI is more than a passing trend, it’s a strategic risk. Too many leaders are mistaking faster answers for smarter execution. But IAM is not solved by access to information. It is solved by leadership, alignment, and judgment.
And those are things no algorithm can provide.
The Architect and the Algorithm (credit: my GPT:)
The Temptation of AI in IAM
Artificial Intelligence—particularly Large Language Models (LLMs) like ChatGPT, Claude, and Gemini—has captivated the business world. From the boardroom to the data center, leaders are asking: If AI can write code, generate board reports, and summarize 300-page analyst studies in seconds, why can’t it run Identity and Access Management (IAM)?
The question is understandable. IAM has always been a discipline flooded with information—white papers, analyst notes, vendor briefs, and implementation guides. The dream of instant expertise at the push of a button is alluring. Faster access to insights feels like it should unlock progress.
But it doesn’t. Having carried the responsibility for enterprise IAM across industries and sectors for over a decade, I can tell you this: access to information has never been the problem. Fifteen years ago, I had Gartner, KuppingerCole, and Forrester at my disposal. More recently, I’ve spearheaded CIAM modernization for Washington State with both the benefit of an IT degree, MBA toolkit, and GPT-4 at my side. None of it replaces the judgment, creativity, and leadership of a seasoned consultant or architect.
Because IAM is not just about knowing—it is about deciding, aligning, and executing. And that is where AI fails to deliver.
Information Isn’t Execution
Think back to the early 2010s. If I needed to know the recommended maturity model for privileged access management, I could find it in a research note. I could highlight the right quadrant and present it to a steering committee with confidence.
Today, I can prompt ChatGPT: “Outline the pillars of a successful IAM program.” In seconds, I’ll have a polished summary—structured, logical, and familiar. Yet the strategic value is unchanged. Faster delivery doesn’t mean better results.
Information—even when attractively packaged—cannot:
Build a compelling business case for your CFO.
Secure executive sponsorship when politics are stacked against you.
Balance IAM investments with competing business priorities.
Recognize cultural blockers that silently stall adoption.
Be accountable at 2:00 AM when SSL certificates expire and customer portals go dark.
In other words, the hard part of IAM has never been the content—it’s the context. The art is in navigating people, priorities, and pressure. And context is where AI shows its limitations most clearly.
The Illusion of Stochastic Certainty
One reason AI is seductive is the fluency of its answers. An LLM can make even shaky reasoning sound confident. But behind the curtain lies stochasticity—the probabilistic process by which models generate responses.
Try this simple experiment: prompt your favorite AI chatbot with the request, “Outline the key pillars and success factors for an enterprise IAM program.” Do it four times in a row. Each time, you’ll get a slightly different list. Sometimes “governance” comes first, sometimes “technology.” One draft emphasizes user experience, another compliance. All are plausible. None are definitive.
This variability is not a bug; it’s the design of the system. LLMs are prediction engines, not reasoning engines. They excel at recombining patterns from training data, but they cannot guarantee consistency—or validity—over multiple runs.
For IAM leaders, this presents a serious risk. You cannot build board strategy or security policy on probabilistic outputs that shift with every prompt. This is why skilled professionals are indispensable. Leaders must oversee AI, interpret its outputs, and apply sound judgment. AI can accelerate tasks, but outsourcing critical thinking, strategy, and design work to it is an abdication of responsibility.
What AI Still Can’t Do
Even with GPT-5 at my fingertips and the best academic and professional training behind me, I’ve seen the same recurring limits. AI doesn’t do the truly human parts of IAM.
Strategic Alignment: AI can list best practices, but it doesn’t know whether your organization needs to move fast, cut costs, or restore customer trust first. Alignment is contextual.
Business Case Creation: LLMs generate words, not conviction. Only a human partner can reframe IAM as business protection, growth enablement, or compliance cost avoidance in a way that resonates at the executive table.
Stakeholder Engagement: IAM succeeds only when HR, legal, operations, and IT are on the same page. That’s not a prompt—it’s a negotiation, built on credibility and trust.
Gap Analysis in Context: Every organization has gaps. The question is: which ones matter most right now? That’s prioritization—a skill born of judgment, not probability.
Hands-On Firefighting: AI doesn’t triage outages. It doesn’t hold the pager. It doesn’t walk into the executive war room when customers are locked out.
At best, AI gives you a faster baseline. At worst, it convinces you that you don’t need a baseline built by professionals in the first place.
The Missing Human Dimensions
Beyond execution, there are higher-order functions that only people perform well. This is where the real gap lies.
Asking Interesting Questions: Consultants and architects don’t just answer questions—they ask the ones nobody else is bold enough to pose. Why do we grant access this way at all? What if the barrier isn’t technical but cultural? AI can summarize knowledge, but it rarely provokes insight.
Second-Order Effects: IAM decisions ripple outward. A tighter MFA policy may harden defenses but could also frustrate customers, leading to revenue loss. Humans are better at spotting those unintended consequences.
Trade-Offs and Opportunity Cost: Budgets are finite. Should you invest in CIAM modernization or privileged access management this year? AI can list benefits, but it won’t balance them against organizational opportunity costs.
Political Capital: IAM is as much politics as it is technology. Timing matters. Allies matter. Sometimes the right answer today is “not yet.” AI has no political capital to spend, no favors to call in, no trust to draw on.
These human dimensions are often the difference between a program that survives and one that fails.
Analyst Reports vs. AI: Same Song, Faster Tempo
In many ways, AI is simply the next iteration of what analyst firms have long provided. When I compare ChatGPT’s IAM advice to the templates and frameworks I pulled from Forrester or Gartner 15 years ago, the substance is strikingly similar. The difference? It arrives in seconds, not days.
That speed matters—but speed without strategy is just faster noise.
As Forrester puts it: “The paradox encapsulates one of the most pressing challenges facing enterprises today: the disconnect between ubiquitous AI adoption at the individual level and the absence of transformational business impact at the organizational level.” (Forrester, 2025)
Faster doesn’t mean wiser. And wisdom, not information, is what IAM requires most.
The Role of Human Expertise
This is why experienced consultants and architects remain irreplaceable. They bring qualities no AI can emulate:
Contextual Understanding: Recognizing what “good IAM” means in your sector, culture, and maturity stage.
Cultural Intelligence: Pacing change so adoption keeps pace with ambition.
Pattern Recognition: Drawing lessons from dozens of prior implementations to spot risks early.
Accountability: Owning outcomes with you—not just generating words but delivering results.
This fusion of technical skill, cultural sensitivity, and political acumen is what turns IAM from a perpetual struggle into a program that delivers measurable business value.
Design Thinking: Where AI Fits, Where It Doesn’t
The right question isn’t whether to use AI but where. Put your design thinking hat on:
Use AI to accelerate: drafting RFPs, summarizing vendor documentation, sketching workflows.
Don’t use AI to decide: choosing priorities, weighing risks, allocating scarce capital.
AI can help your team move faster, but it cannot decide what direction to run. That choice remains squarely in human hands.
What’s Really at Stake
IAM is not a playground for experimentation. It’s the connective tissue of digital business.
Revenue: Frictionless, secure customer access drives loyalty and retention.
Resilience: Outages tied to identity can grind operations to a halt.
Reputation: Breaches stemming from identity failures can permanently erode trust.
This is too important to entrust to stochastic algorithms or generic templates. IAM is existential—and existential risks demand human leadership.
Why Now Is the Time to Invest in Consulting
If your IAM program feels stuck—or worse, if it feels “fine” but unprovable—this is the moment to bring in outside expertise. A skilled consulting partner can:
Uncover hidden gaps before they metastasize.
Translate IAM outcomes into board-level ROI.
Build coalitions across siloed business functions.
Architect AI systems of action that empower, rather than distract, your team.
Done right, this investment more than pays for itself in avoided rework, reduced audit exposure, and programs that actually stick.
Closing Reflection
The future will absolutely include AI in IAM products, processes, and programs—but as an amplifier, not a replacement. The leaders who win won’t be those who blindly outsource to machines. They’ll be the ones who integrate AI wisely, with judgment and strategy intact.
At the end of the day, IAM leadership requires more than access to information. It requires the courage to ask better questions, the foresight to weigh trade-offs, and the political capital to make change stick. These are human skills—and they always will be.
That’s why the call you make to a seasoned consultant at 2:00 AM will always matter more than the prompt you type into ChatGPT at 2:00 PM.
Let’s Talk!
If you need help spotting the gaps in your IAM program or designing and implementing AI systems of action for your team, let’s talk. There’s never been a more important time to balance speed with strategy. The work I do with clients consistently drives seven- and eight-figure impact—unlocking measurable ROI through stronger governance, reduced risk, and IAM programs that finally deliver on their promise.
Reference
Giron, Frederic. Forrester, Why AI ROI Remains Elusive Despite Widespread Adoption, July 2025. Retrieved from: https://www.forrester.com/blogs/why-ai-roi-remains-elusive-despite-widespread-adoption/