The promise of a dynamic customer journey is the continuity that allows a customer to start researching a product on mobile during a commute, continue browsing on a laptop later that evening, open a chat the next day, call the contact center, and update details in an app over the weekend, and expect the business to understand that all of those moments belong to the same person.
But the reality behind every “seamless” journey is an increasingly complex identity problem: is this the same customer, acting in the same context, with the same permissions, preferences and consent status as before?
In a static journey map, that question can be glossed over. In a dynamic journey, it determines what the customer sees, which data the system retrieves, the authentication required, which offers are suppressed and what actions can be taken.
CRM platforms, CDPs, orchestration engines and AI-powered journey tools should connect interactions into a seamless narrative. But in practice, identity is rarely a single, stable record. It is a probabilistic, constantly shifting calculation influenced by device changes, channel switches, cookie loss, phone number updates, shared email addresses, contact center verification, consent state and system latency.
The issue is whether the business can recognize a customer with enough confidence to act.
Shared household devices, changing email addresses, multiple phone numbers, anonymous browsing, privacy restrictions, cookie deprecation and disconnected support systems all contribute to an “identity gap.” And if the identity context is wrong, the customer journey can fail in ways that are frustrating, risky or non-compliant.
Alex Salazar, Co-founder and CEO of Arcade.dev, told CX Today that many enterprises are underestimating how tightly identity and AI governance are becoming linked.
“Right now, in 2026, the biggest blocker to production deployment of agents is identity and governance.”
A customer who is recognized in-app may be treated as unknown when they call. A chatbot may authenticate a customer, only for the live agent to ask the same questions again. A CDP may merge two profiles with high enough confidence for marketing, but not enough confidence for account recovery. A CRM may hold the latest service case, while IAM holds the strongest authentication signal, and the orchestration layer has to decide which one matters.
The consequences are increasingly visible to customers in the form of duplicate outreach, incorrect offers, broken suppression rules, repeated authentication requests, support interactions routed to the wrong history and AI systems making decisions based on incomplete or mismatched customer records.
Forrester’s Identity Resolution Survey found that 70 percent of marketing leaders struggle to identify and reach audiences across multiple touchpoints, “making well-informed marketing strategies and connected customer experiences increasingly difficult to achieve.”
That challenge is forcing enterprises to rethink the assumption embedded in many journey orchestration programs that customer identity is stable.
Why Agentic AI Makes the Identity Problem Harder
Traditional customer journey mapping was built around relatively fixed identifiers. A customer logged in using one email address, interacted through a known device and maintained a relatively stable relationship with the brand over time.
Today’s journeys are far more fragmented. Modern CDPs attempt to solve this through identity resolution, the process of matching identifiers across systems into a unified customer profile. Most platforms combine deterministic matching, which relies on exact identifiers such as email addresses or phone numbers, with probabilistic matching, which uses behavioral patterns, device signals, IP addresses and statistical likelihoods to infer connections between records.
But a customer may be one record in CRM, another profile in the CDP, a separate login in IAM, and a partially matched contact in the contact center. Their consent may be stored in one place, their service history in another and their behavioral data somewhere else. A dynamic journey engine then has to decide, often in real time, what to trust.
The consequences go beyond the customer interaction, potentially creating security exposure.
If the system over-trusts a weak match, it may expose account information to the wrong person, and if consent status is not linked to identity in real time, the business may personalize or activate data it should not use.
In a CX Today roundtable panel, Mary Ann Miller, Fraud & Cybercrime Executive Advisor and VP of Client Experience at Prove, described the fragility of this kind of AI-enabled architecture through what she calls “data fuses,” the data feeds that power AI environments and customer-facing decisioning.
“If those data sources are dependent on your AI environment to work flawlessly, but you’re not looking to see if one of those data sources failed, then suddenly the information going into the system is incorrect or not the right data.”
Miller’s point applies directly to identity orchestration. A journey may look dynamic, but if the data feed carrying the latest phone number, consent state, login status, service history, fraud signal or loyalty profile fails, the system may act on degraded context.
That carries more significant consequences as AI agents enter the journey with the ability to retrieve information, infer intent, trigger workflows and increasingly take action across downstream systems.
Orchestration platforms are increasingly functioning as security systems because they now determine who can access data, what actions can be taken, and how trust is evaluated across channels and workflows. Identity, authentication, fraud prevention, and consent enforcement are becoming embedded directly into orchestration logic.
But enterprises need to stop thinking about identity purely as a security layer and start seeing it as an operational enabler, Salazar argued. “Identity clears a bottleneck or unblocks a feature set. It is a security thing… but its value is that it unlocks new functionality.”
Salazar argued that the temptation to treat agents like human users breaks down architecturally.
“An agent is software; it’s an application. When you treat it like an application workload, things get a million times easier and a million times clearer.”
That distinction is key, as an AI agent that is granted broad customer credentials may inherit excessive permissions. If it operates as a super-user, it could gain access far beyond what is appropriate for a single interaction.
“Identity with agents in agentic worlds… has gotten really complicated, mostly because there are so many vendors selling so many stories to promote their products without necessarily there being a good, strong, deep understanding… from customers who understandably are still catching up,” Salazar said.
Buyers should be cautious about that complexity. If a vendor cannot clearly explain how identity is established, delegated, scoped, and audited across systems, the promise of dynamic journeys can quickly become a governance problem.
Identity is also about understanding what the customer has permitted the organization to do. A dynamic journey that recognizes a customer but ignores their consent status is still broken. Consent affects which data can be retrieved, which channels can be used, which offers can be made and which AI tools can process the interaction.
That becomes more complicated when AI agents reason over data from multiple systems. A customer may have consented to one use of data, but not another. Sensitive information may be present in a record even if it is irrelevant, legally inappropriate, for the decision being made. Consent should be enforceable at the point of decision and action.
CRM, CDP, IAM: Who Owns the Truth?
Dynamic journeys can often fail if different systems define “truth” differently. CRM may be the operational record for sales and service. CDP may be the behavioral and segmentation brain. IAM or CIAM may be the authority on login, authentication, and access, whereas contact center platforms may hold the most detailed interaction history and marketing tools may store channel preferences and suppression rules.
That is where the idea of a “last-known-good” customer state becomes important. When signals conflict or degrade, the organization needs rules for what to trust.
CDP data may be sufficient for low-risk personalization, whereas IAM may need to dominate for account changes. When it comes to consent enforcement, the most recent verified preference should override older inferred signals. For agentic actions, delegated authorization and scoped permissions should determine what the system can do.
This hierarchy can help to avoid dynamic journeys from becoming brittle by over-personalizing on weak signals or over-authenticating customers who should already be trusted.
The Metrics Buyers Should Understand
The challenge for buyers is to ask vendors how these conflicts are resolved. What happens when CRM and CDP disagree? How is identity confidence calculated? Can confidence thresholds trigger different journey paths? Is consent evaluated in real time? Are agent actions logged against the user, the agent, and the downstream system?
Salazar’s advice to buyers is simple: if the explanation does not make sense, slow down.
“If it doesn’t make intuitive sense to you, slow down… If a vendor’s explaining something and you’re just not getting it, flag it.”
That is especially important in AI, where complex language can hide weak architecture.
If identity is probabilistic, buyers need metrics that reflect that reality.
A high match rate may look impressive, but if it includes false merges, such as two people incorrectly joined into one profile, it can create privacy and security problems. A lower match rate may be safer if confidence is transparent and the system knows when not to act.
Buyers should ask for metrics including identity confidence thresholds, false merge rates, false split rates, repeat authentication frequency, account recovery abandonment, consent mismatch incidents, suppression failures, and the percentage of journeys that fall back to manual review.
They should also ask whether these metrics can be tied to journey outcomes. How often does identity uncertainty cause escalation? How often does it block an action? How often does it trigger step-up authentication? How often does stale or conflicting identity data lead to mis-personalization?
Dynamic journeys require identity to become a live decisioning input that changes based on channel, confidence, consent, risk and context. Better identity management can reduce, enabling customers to move between channels without repeating themselves. It enables safer personalization, and it allows low-risk actions to be automated and high-risk actions to be challenged.
The brands that solve the identity gap will have more precise judgment about when data can be trusted. They will know when they are confident enough to personalize, when they need to verify, when they must suppress and when they should refuse to act.
