Identity Security in the Age of AI Agents and Autonomous Digital Ecosystems: A Conversation on AI-powered Authentication and Zero Trust Architectures

Chengi Lin, CEO, Keypasco, in conversation with Rajarshi Dhar, Associate Director, Global Security Advisory, Frost & Sullivan, at the Cybersec India Expo 2026.

Download This Transformation Growth Leadership Discussion with Chengi Lin

From digital banking and government platforms to AI-powered enterprise services, the rapid expansion of connected digital ecosystems is reshaping cybersecurity priorities. As cyber threats become more intelligent and credential-based attacks continue to rise, organizations are accelerating toward adaptive authentication, zero trust security, and identity-centric protection models.

In this exclusive Transformational Growth Leadership discussion, Chengi Lin shares how Keypasco is approaching the future of authentication through behavioral analysis, device-based identity verification, AI-driven risk assessment, and zero trust security architectures. Drawing on decades of experience across hardware authentication, software security, and global banking environments, he also discusses the evolution of multi-factor authentication (MFA), the growing role of AI in cybersecurity, and the importance of building ecosystem-driven security strategies for rapidly growing markets like India.

“We believe authentication should go beyond passwords and credentials by combining behavior, device intelligence, and adaptive risk analysis into one comprehensive security model.”

— Chengi Lin, CEO, Keypasco

Why India Represents a Strategic Growth Opportunity

Rajarshi Dhar: Keypasco has a strong global presence, but relatively speaking, your India presence is still evolving. What makes the Indian market strategically important for the company?

Chengi Lin: India is an extremely attractive market for us because of both its scale and its rapid adoption of digital payment systems. The country has built one of the world’s most advanced mobile payment ecosystems through UPI and related digital initiatives. At the same time, however, cyber fraud and financial security challenges are also increasing significantly.

We also saw a major opportunity emerge through the RBI’s push toward reducing OTP dependency in financial services. Since authentication and identity security have been our core focus for decades, we believe this market transition creates a very strong opportunity for Keypasco.

Our company has been operating since 1987. Initially, we focused heavily on hardware authentication tokens and worked with approximately seventy-five banks globally. Over time, we shifted toward software-based authentication solutions, especially for the banking and financial services sector. Today, many banks around the world use our solutions.

In India specifically, we are focusing on three primary sectors: financial services, government, and enterprises. We see significant demand across all three because each of these environments requires secure digital access, identity protection, and scalable authentication capabilities.

The Evolution of MFA and Identity Security

Rajarshi Dhar: Multi-factor authentication and identity services have existed for years. Why do you believe they are becoming even more critical today?

Chengi Lin: When we first introduced our authentication solutions more than a decade ago, many customers were not even familiar with the term MFA. At that time, authentication was still heavily centered around passwords and OTPs.

Over the years, the market evolved from static authentication toward biometrics, adaptive authentication, and risk-based verification. However, we believed from the beginning that authentication should involve much more than simply combining passwords and OTPs.

Our philosophy has always been that authentication should incorporate multiple dimensions, including what you know, what you have, who you are, and what you do. That last element—behavior—is especially important because it enables much deeper contextual verification.

That is why, when we built our solution, we focused not only on replacing passwords but also on collecting behavioral and environmental parameters that could support adaptive risk analysis. We analyze device behavior, user behavior, environmental context, and usage patterns to determine whether an interaction should be trusted.

Today, the market refers to this approach as adaptive authentication or risk-based authentication, but these principles have been part of our platform architecture for many years.

Building Zero Trust Around Identity, Devices, and Risk

Rajarshi Dhar: Organizations today are increasingly adopting zero trust architectures, especially in hybrid cloud environments. How does Keypasco approach zero trust security?

Chengi Lin: For us, zero trust is much more than simply “never trust, always verify.” We approach zero trust through several foundational pillars that work together as part of a broader security architecture.

The first pillar is identity verification. We combine multiple verification methods, including device intelligence, behavioral analysis, and integration with standards such as Fast IDentity Online (FIDO)-based authentication. One important differentiator is that we do not rely on traditional credential-based authentication models.

Most authentication systems in the market still depend heavily on credentials that can potentially be stolen or compromised. Our approach instead focuses on identifying the device itself and validating the relationship between the device and the user.

The second pillar is device verification. We collect and analyze multiple layers of information from the device environment, including hardware, software, firmware, network characteristics, and behavioral indicators. This helps us determine whether the device itself can be trusted.

The third pillar is AI-driven risk assessment. We combine rule-based analysis with AI-driven behavioral analysis to evaluate user activities, transactions, and login patterns dynamically.

The fourth pillar is secure network access through Software-defined Perimeter (SDP)-based architecture, where we minimize exposure to protected resources.

In addition, one of our most unique differentiators is our patented two-channel architecture, where service delivery and authentication are separated into independent channels. This significantly improves protection against attacks such as phishing, man-in-the-middle attacks, and browser-based attacks.

Using AI to Advance Authentication and Risk Intelligence

Rajarshi Dhar: AI is rapidly transforming cybersecurity. How is Keypasco leveraging AI within its solutions and innovation strategy?

Chengi Lin: We have actually been using AI-driven concepts within our risk analysis engines for many years. Earlier, our systems relied primarily on rule-based risk analysis models with extensive profiling and transaction evaluation capabilities.

As AI technologies evolved, we integrated AI capabilities into our risk engines to improve behavioral analysis and predictive risk assessment. We use AI to analyze user behavior, evaluate transaction patterns, and predict the likelihood of risky activity before it progresses further.

More recently, we have also been working on what we describe as “zero knowledge” analysis in collaboration with researchers from Stanford University. The idea is to identify risks in payment transactions and digital environments without infringing on personal privacy or exposing sensitive information unnecessarily.

At the same time, we also see significant opportunities around AI agent security. As AI agents become more widely adopted, organizations will need strong authentication and identity frameworks capable of securing machine-driven interactions as effectively as human interactions.

Differentiating Through Passwordless and Device-centric Security

Rajarshi Dhar: The identity and MFA market is highly competitive today. What do you believe makes Keypasco different from other players in the market?

Chengi Lin: The authentication market has existed for many years, and there are many established players globally. From the beginning, we knew we could not simply compete by offering the same approach as everyone else. We needed to build something fundamentally different.

One of the most important decisions we made early on was to avoid depending entirely on traditional credential-based authentication systems. Most authentication platforms use credentials as the core foundation for generating authentication tokens or OTPs. We believed this still created a major risk because credentials themselves remain attractive targets for attackers.

Instead, we chose to focus on device-centric authentication by leveraging unique characteristics and identifiers from the device itself. This allows us to use the user’s own device as a trusted authentication mechanism while eliminating many of the risks associated with traditional credential models.

At the same time, we continue integrating emerging technologies, standards, and ecosystem capabilities into our platform. We collaborate with larger industry players, integrate broader authentication standards, and continuously evolve our platform while maintaining the uniqueness of our core architecture.

Building an Ecosystem-driven Growth Strategy in India

Rajarshi Dhar: Partnerships are critical when entering a market like India. What kind of ecosystem and partnership strategy are you building locally?

Chengi Lin:For us, partnerships are absolutely essential because India is a large and diverse market. We view ecosystem development as a foundational part of our go-to-market strategy.

First, we look for partners that understand evolving regulatory and security trends, especially in sectors such as banking and financial services. Second, we need strong channel partners because we are still relatively new in the Indian market and need local reach and customer engagement capabilities.

Third, we look for technical partners that can provide localized implementation and support services to customers. Beyond that, we also collaborate with hardware providers, enterprise solution providers, and industry-specific platform vendors so that our authentication capabilities can integrate directly into broader business environments.

Our goal is to build an ecosystem that spans industries, regions, and technology environments. We have already started collaborating with partners in the banking sector and integrating our solutions into banking platforms such as core banking systems. This allows us to scale not only across India but also into neighboring regions and international markets where similar platforms are deployed.

Preparing for the Next Era of AI-driven Security

Rajarshi Dhar: Looking ahead over the next three to five years, what major transformation do you believe will reshape the cybersecurity market?

Chengi Lin: One of the biggest changes we are already beginning to see is the rise of AI agents. During recent industry events like the RSA Conference, almost every company was discussing AI and AI-driven services.

Over the next three to five years, AI agents will become increasingly integrated into daily operations and digital environments. These systems will not simply support human activities—they will increasingly act independently and interact directly with systems, services, and other machines.

As this shift happens, authentication and security will evolve from human-centric models toward machine-to-machine trust models. Organizations will need entirely new approaches to securing AI-driven environments and autonomous interactions.

At the same time, quantum computing will become another major focus area over the longer term. Governments and industries globally are already beginning to prepare for the cybersecurity implications of quantum computing, especially within banking and government sectors.