AI assistants answer questions. AI agents take action.
That distinction matters more than most New Zealand businesses currently appreciate.
The AI tools most of us have used, ChatGPT, Copilot, Claude, are generative. You ask, they respond. You decide what to do with the output. The human stays in the loop because nothing happens without you reading the response and choosing to act on it.
Agentic AI is different. An AI agent perceives its environment, makes decisions, and takes actions autonomously. It can browse the web, send emails, book appointments, submit forms, call APIs, modify data, and trigger downstream processes without stopping to check with you at each step. That is the point of it. And it is genuinely useful.
It also means that for the first time, software is taking consequential actions in your business on your behalf, without a human reviewing each one.
The security gap that comes with the territory
Agentic AI has overtaken stolen credentials as the top identity security concern for organisations globally. Generative AI threats rank first at 53% and agentic AI threats sit at 45%, ahead of traditional attack vectors like phishing and credential stuffing. This is not a future concern. It is what security teams are actively managing right now.
For most New Zealand SMEs, the conversation about agentic AI security hasn't started yet. The tools are being adopted: scheduling agents, customer service bots with action capabilities, workflow automation. But the governance question of what these agents are permitted to do, and how that permission was granted, often hasn't been asked.
Why the authentication question is harder than it looks
Modern authentication has made significant progress. Passkeys, which use cryptographic key pairs instead of passwords, are becoming the standard for secure, phishing-resistant login. Major platforms including Google, Apple, and Microsoft now support them. They are significantly stronger than passwords and much harder to compromise.
But passkeys have a deliberate design constraint: they require a human to be physically present to authorise each use. The cryptographic standard that underpins them, WebAuthn, mandates a user gesture before the private key can sign any authentication request. A fingerprint. A face scan. A hardware key touch. This is what makes passkeys phishing-resistant: the authentication cannot complete without a real human physically approving it in real time.
An AI agent cannot do this. It is software. It has no physical form. It cannot touch a key or provide a biometric. This means that when an agent authenticates to systems on your behalf, it is doing so through a separate mechanism, typically service account credentials or access tokens that were configured once and left in place.
Those tokens often have no expiry. They often have broader permissions than the agent needs. And there is often no record of a specific human having approved a specific action at a specific time.
A practical approach: the YubiKey as your human checkpoint
You don't need to rebuild your security infrastructure to address this. The practical starting point is to identify the places in your agentic workflows where actions are consequential, where something the agent does could affect money, data, customer communications, or system access, and require a human authentication event before the agent is granted access to those systems.
The architecture is simple:
- A human authenticates using a passkey, with a YubiKey providing the physical verification step.
- That authentication grants the agent a scoped, time-limited token: permission to do a specific thing, for a limited period, on your behalf.
- The agent acts within those bounds.
- The YubiKey touch is your auditable record. A specific person, on a specific device, at a specific time, approved a specific scope of agent activity.
This is not about slowing down your AI workflows. A well-scoped token can cover an entire work session or a single task, depending on the risk level. It is about ensuring that the automation you are running is traceable back to a human decision, and that the human decision was genuinely made, not just assumed.
Starting with the right hardware
The YubiKey 5 Series is the right starting point for most New Zealand businesses. It supports FIDO2/WebAuthn for passkey authentication, plus OATH-TOTP for systems that aren't yet passkey-ready. USB-C and USB-A options are available to match your devices, with NFC support for mobile use.
Trust Panda NZ holds local stock, prices in NZD, and ships from New Zealand. There's no minimum order, so you can start with a single key and scale from there.
If you're not sure which YubiKey fits your setup, our team is happy to help you work through it.
Shop the YubiKey 5 Series or get in touch with any questions.
