Ping Identity Extends Runtime Identity to AWS, Google Cloud, and Cloudflare to Secure AI Agents

As AI agents proliferate across enterprise environments, a critical security gap has emerged: traditional identity checks that happen only at login are insufficient for agents that act continuously and autonomously across cloud services, APIs, and edge infrastructure. On June 16, 2026, Ping Identity announced a set of integrations with Amazon Web Services, Google Cloud, and Cloudflare to close this gap, extending its Runtime Identity enforcement directly into the platforms where agents are built, deployed, and operated . The move represents a practical evolution from static authentication to continuous, context-aware authorization at the moment of every agent action.

The Core Shift: From Authentication to Runtime Authorization

Ping Identity's approach is built on a foundational concept: AI agents are not human users, and they don't simply log in and stop. They chain API calls, access tools, and make decisions across distributed systems. This reality demands a security model where identity, delegation, and policy are checked continuously, at runtime, for every action an agent takes .

To enable this, Ping's Identity for AI framework, which became generally available in March 2026, treats AI agents as first-class, non-human identities. The framework provides agent registration and lifecycle management, OAuth 2.0 token exchange for delegated authorization, and centralized visibility into agent activity across environments .

Key technical principle: delegation without impersonation

Central to all three integrations is OAuth 2.0 token exchange. When a human user delegates a task to an agent, the agent does not simply impersonate the user with full privileges. Instead, Ping's infrastructure exchanges the human user's subject token for a new, downscoped token. This delegation token carries both the human user's identity (via the act claim) and the agent's own identity (via the may_act claim), creating a secure chain of custody for every downstream action . This means security teams can always answer: which human authorized this, which agent performed the action, and what scoped permissions did it have?

AWS: Securing Agent Identities Across Cloud Workloads

Ping Identity's integration with AWS is centered on Amazon Bedrock AgentCore, the identity and credential management service Amazon built specifically for AI agents and automated workloads .

How it works:

Ping's identity providers—PingOne, PingOne Advanced Identity Cloud, and PingFederate—can be configured in two ways:

• As an inbound IdP for AgentCore Gateway and Runtime, authenticating end users and issuing scoped OAuth tokens that agents must present before reaching downstream resources .
• As an outbound credential provider, enabling agents to securely obtain access tokens for third-party services without exposing long-lived credentials .

Practical capabilities:

• Unique agent identities — Every AI agent receives a distinct identity with associated metadata. Administrators can apply least-privilege access policies across multi-account AWS environments .
• Real-time governance — Authorization is enforced dynamically as agents interact with APIs, tools, and data stores, aligning agent behavior with enterprise policies on sensitive data, regulated workloads, and operational limits .
• Monitoring — Amazon Bedrock AgentCore provides inbound and outbound authentication logs, while Ping's agent detection capabilities allow organizations to discover, track, and audit AI agents across their AWS digital ecosystem .

Google Cloud: Inline Authorization for Agent and Tool Traffic

The Google Cloud integration addresses a different layer: the traffic between AI agents and the tools and MCP servers they invoke. Ping Identity integrates with Google Cloud Agent Gateway, a managed control point that intercepts agent-to-tool requests and enforces policy before the request reaches its destination .

How it works:

PingOne Authorize is placed inline in the Agent Gateway traffic flow via an ext_proc integration. Every agent-to-MCP-server or agent-to-tool request triggers a real-time policy evaluation: who is the represented user, which agent is acting, what resource is being accessed, and what action is being attempted .

Practical capabilities:

• Continuous inline authorization — If a policy allows the request, it passes through. If denied, the request is blocked before reaching the tool or API. No application code needs to change .
• Fine-grained, scoped tool policies — Security teams can enforce context-aware rules such as "any employee can purchase a $100 item, but only a manager can approve a $10,000 purchase" without modifying the application or MCP server itself .
• Centralized policy management — Authorization logic is externalized from individual MCP servers and agent implementations, making rules easier to maintain, audit, and update as agent architectures scale .
• End-to-end observability — Agent Gateway logs and trace IDs combine with Ping's Runtime Identity model to provide full tracing: which user delegated, which agent called, which tool executed, and which policy allowed or blocked the action .

Cloudflare: Zero Trust Enforcement at the Edge

For organizations deploying AI agents across globally distributed infrastructure, Ping Identity's integration with Cloudflare brings identity enforcement to the edge. Cloudflare's global network, spanning over 220 cities with GPU-powered inference nodes, operates outside the traditional corporate perimeter .

How it works:

The Cloudflare Workers Model Context Protocol (MCP) server functions as an OAuth resource server. It delegates authentication to Ping's identity providers—PingOne DaVinci, PingOne Advanced Identity Cloud, or PingFederate—to validate agents before they can access downstream APIs .

Practical capabilities:

• Strong, scoped credentials at the edge — AI agents authenticate through Cloudflare Workers OAuth Provider to obtain scoped tokens before calling any protected API. Unregistered or unauthenticated MCP clients are blocked from connecting .
• Zero Trust policy enforcement — Ping and Cloudflare apply Zero Trust policies to all AI agent traffic accessing models and enterprise data globally, rather than relying on a corporate perimeter that doesn't exist in edge environments .
• Auditing and visibility — Agent activity across distributed edge infrastructure is logged and auditable, giving security teams visibility into what each agent accessed, when, and with whose delegated authority .

Why Three Platforms, and Why Now

The three integrations are not redundant—they address distinct architectural layers: AWS for cloud workload identity, Google Cloud for inline traffic control, and Cloudflare for edge enforcement. All three are built on the common Identity for AI foundation, meaning organizations can apply consistent authorization logic, token exchange patterns, and policy frameworks regardless of where their agents run .

The timing reflects a market reality: enterprises are deploying AI agents faster than security teams can adapt traditional identity tools. The integrations allow enterprises to centralize authorization and policy enforcement rather than embedding fragmented controls into individual agents and APIs .

For security architects working on agentic AI deployments, the practical question is no longer "is the agent authenticated?" but "at this moment, with this context, is this specific action authorized?" These integrations make that question answerable in real time, at scale, across the platforms where agents actually live.