IT Brief Ireland - Technology news for CIOs & IT decision-makers
Ireland
Email attachment20260325 179465 nc9ky0
#
DevOps
#
Digital Transformation
#
MFA

Yubico, IBM & Auth0 add human checks to AI actions

Tue, 24th Mar 2026
Author image
By Joseph Gabriel Lagonsin, News Editor

Yubico has partnered with IBM and Auth0 on a security model for agentic AI aimed at organisations that want human approval for high-risk automated actions.

The model is designed for AI systems that move beyond advisory tasks and begin carrying out operational work such as executing transactions, deploying code and accessing sensitive systems. In those cases, the focus shifts from simply identifying an automated action to proving which person authorised it.

The approach adds a human-in-the-loop authorisation process for higher-risk actions while allowing routine tasks to continue without manual intervention. That is intended to let AI agents operate autonomously in lower-risk scenarios, with sensitive decisions escalated for approval.

Approval model

Under the proposed setup, IBM's AI agents manage the workflow and Auth0 handles the approval request through backchannel authentication. The human approver then uses a YubiKey for physical authentication before the action can proceed.

According to Yubico, this creates cryptographic proof tied to a verified identity and physical presence. The process is intended to show that the correct individual approved the action, that the approval cannot be replayed or intercepted, and that the decision is linked to that user.

The design is aimed at areas where automated decisions can carry financial, operational or security consequences. Examples include high-value financial transactions, production code deployment, access to sensitive corporate data, procurement approvals and vendor onboarding, and security response actions that affect system availability.

Governance gap

The collaboration reflects a broader shift in enterprise technology as companies test and deploy AI agents that act as digital workers rather than simply provide recommendations. That trend has raised questions about governance, auditability and accountability, particularly when software is given authority to initiate consequential actions.

Yubico cited industry data showing that 87 per cent of organisations report increased risk linked to AI vulnerabilities, while 77 per cent lack basic AI security practices. The figures highlight the gap between the pace of AI adoption and the controls many organisations have in place.

Traditional identity and access management systems were built around actions initiated directly by people. As a result, they do not always fit workflows in which an AI system initiates a task and a person intervenes only at key decision points.

The three companies are positioning the model as a way to add verifiable human oversight to that newer pattern of work. In practice, that means embedding policy-driven approval checks into AI workflows rather than relying solely on after-the-fact monitoring or manual review.

Sheryl Chamberlain, vice president at Yubico, said organisations are entering a new phase of AI adoption in which execution matters as much as experimentation.

"AI agents are quickly becoming part of the enterprise workforce, capable of taking real action across systems. The challenge is ensuring that this speed does not come at the expense of trust or governance.

By combining hardware-backed authentication with intelligent identity orchestration, we are enabling organisations to scale AI securely while ensuring that the right human remains in control of critical decisions," Chamberlain said.

Industry push

IBM's role in the collaboration centres on its WatsonX products, which can analyse data and execute workflows. Auth0 provides the identity orchestration layer for approval flows, while Yubico supplies the physical authentication element through its YubiKey devices.

The combination points to a growing market focus on controls around autonomous systems, especially in sectors such as financial services, software development and procurement, where a single automated action can have material consequences. Companies in those sectors face pressure to show not just that controls exist, but that they can also produce a clear audit trail when decisions are challenged.

Yubico said the model supports non-repudiation and can help with compliance, financial accountability and risk management requirements. The emphasis on cryptographic proof and physical user authentication is intended to strengthen evidence of who approved an action and under what conditions.

As more organisations move AI from pilot projects into day-to-day operations, the issue is likely to become less about whether automation can complete a task and more about how companies govern the moments when software touches money, code, data and critical systems. The model is intended to embed human approval directly into those high-risk decisions.

Related stories
Protegrity launches AI Team Edition for secure inferencing
OpenAI launches Trusted Access for Cyber with major names
Anthropic launches Claude Opus 4.7 with stronger coding
Testlio launches AI chatbot testing service amid scrutiny
Dropbox launches three apps inside ChatGPT for work

Top stories

TestRail launches AI test script generation in beta
FIRST conference highlights AI & CVE disclosure push
OpenAI expands Codex with desktop & workflow tools
OpenAI launches GPT-Rosalind for life sciences research
Mirantis integrates NVIDIA Run:ai to speed AI deployment