The control plane shift: What we saw at AWS re:Invent 2025

At AWS re:Invent, the focus shifted towards AI infrastructure and agentic systems, emphasizing the need for an evolved security model to protect increasingly autonomous software agents. Traditional security architectures, which relied on static perimeters and on-premise controls, have evolved through three generations, with the current Gen III emphasizing identity as the control plane. This new model integrates security directly into APIs and workflows, ensuring continuous, dynamic protection that aligns with the fluid nature of AI workloads. The increasing presence of AI agents necessitates a shift in identity infrastructure, as existing enterprise identity and access management (IAM) systems were not designed for non-human actors that autonomously make decisions. Companies like Ory are developing scalable IAM solutions that treat both human and software agents as first-class citizens, ensuring secure, traceable interactions across distributed environments. This evolution reflects a broader architectural redesign, where identity becomes the defining perimeter, facilitating secure, scalable operations in an AI-driven landscape.