In this Help Net Security interview, Archit Lohokare, CEO of AppViewX, explains how the rise of AI marked a turning point where machine and AI agent identities began converging into a single problem. Drawing on his experience across IBM and CyberArk, he describes the shift from human-driven systems to autonomous machines.
Lohokare also shares how AppViewX, together with Eos, is building a unified approach that combines CLM, PKI, and agentic governance to secure these identities.
You’ve gone from building CyberArk’s next-generation Identity Security Platform to founding Eos to now leading AppViewX. At what point did you recognize that machine identity and AI agent identity were converging into a single, unsolvable problem without a unified platform?
The realization came with the inflection point of AI adoption, specifically when tools like ChatGPT moved from novelty to enterprise reality. For the past two decades, enterprise digital transformation has been driven by humans using applications and infrastructure at scale. My work during that time, at IBM, Centrify, Idaptive and then CyberArk and beyond, was focused on solving the identity security challenges that emerged from that human-centric growth.
But with the rapid rise of AI, we’ve entered a fundamentally different era. The next step-function in productivity isn’t coming from more humans, it’s coming from machines and AI agents operating autonomously and at massive scale. That shift made something very clear to me: we’re no longer dealing with separate problems of machine identity and emerging AI identity. They are converging into a single, exponentially growing challenge, one that cannot be solved with platforms designed for human identity.
That was the moment of realization. The next generation of market-leading identity security platforms will be those purpose-built to secure machine and AI agent identities, not humans.
AppViewX already had traction in CLM and PKI. Eos brings agentic governance on top of that. Walk us through what the integration of these two layers looks like in practice for a security engineer sitting at a SOC console.
AppViewX already delivers deep discovery, governance, and compliance for machine identities through CLM, along with strong authentication via PKI.
Eos extends this with an agentic layer, bringing the same capabilities to AI agents. The challenge doesn’t change, but rather, it scales. Organizations now need to discover, govern, and secure not just certificates, but autonomous agents accessing resources.
For a security engineer, this becomes a unified control plane to:
- Discover machine identities and AI agents
- Enforce consistent governance and policy
- Monitor, audit and control their access and behavior
The value is simplicity and consolidation: one platform to reduce identity and access management risk across both machines and AI agents as they rapidly scale.
You and Kashyap Ivaturi are co-founders stepping into the top two technology roles of an established company. How are you thinking about preserving the engineering culture that made Eos attractive in the first place while integrating into a larger organization?
At Eos, Kashyap was instrumental in building an AI-native development lifecycle (AI-DLC), leveraging tools like Claude Code, Figma Make, and other AI agents to dramatically accelerate innovation. What’s unique is that he’s done this across both small, high-velocity teams and large organizations of 500+ engineers, so he brings proven playbooks for scaling without losing that core culture.
Importantly, AppViewX was already on a similar path. Even before we stepped in, there were strong engineering pods experimenting with and adopting AI-driven development practices. So culturally, there’s a natural alignment rather than a forced integration.
Our focus isn’t to impose a new culture, but to amplify what’s already working. That means keeping teams small and empowered, doubling down on AI-native workflows, and creating shared platforms and guardrails that allow innovation to scale without adding unnecessary process.
Ultimately, the goal is to preserve the speed and creativity of Eos, while combining it with the scale and discipline of AppViewX, so we get the best of both worlds.
AI agents can spawn other agents, delegate privileges, and operate across trust boundaries in ways traditional workloads never did. Where do you see the most dangerous blindspot in how enterprises are currently governing this?
The biggest blind spot is that enterprises are still applying human and workload-centric identity models to something fundamentally different.
AI agents are dynamic, non-deterministic, and composite, they can spawn other agents, delegate privileges, and operate across trust boundaries. Yet most organizations still treat them like service accounts or API keys, with coarse, long-lived permissions and little visibility.
That creates a dangerous gap in identity, context, and accountability. Enterprises often don’t know which agent is acting, what it has access to, or how that access propagates.
The core issue is the lack of a unified control plane to govern identity, posture lifecycle, privilege, and behavior in real time. Until that exists, organizations will carry significant unseen risk as agentic systems scale.
Both IDC and KuppingerCole have recognized AppViewX in their leadership reports. Yet the machine identity management category is getting crowded fast, with CrowdStrike, Venafi, and others moving aggressively. What does AppViewX do that those players structurally cannot?
AppViewX is built as a purpose-driven, next-generation SaaS platform for machine identity lifecycle management, not an extension of an endpoint product or a legacy system.
Many newer entrants approach this space adjacently, treating machine identity as a feature to enhance visibility or detection. That limits how deeply they can manage the full lifecycle.
AppViewX is built on core primitives: discovery, issuance, governance, control, and compliance. The platform is designed to operate seamlessly across heterogeneous, vendor-neutral environments.
With the addition of AI agent identity through Eos, we now unify CLM, PKI, and agent governance under a single control plane. That’s not something you can easily retrofit into an endpoint or detection product, it requires a fundamentally different architecture, which is where we have a long-term advantage.
