<p>As I was hanging out with more than 40,000 of my closest cybersecurity friends at RSAC Conference 2026 — CISOs, practitioners and vendor leaders — I learned the dominant theme was widespread adoption of AI agents. This has a variety of implications for identity and data security across its use cases, including adversaries using AI agents, security for AI agents and applying agents to improve cybersecurity tools. These are the key identity and security themes from the show.</p>
<section class=”section main-article-chapter” data-menu-title=”Threat landscape: Increasing threat velocity”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>Threat landscape: Increasing threat velocity</h2>
<p>RSAC week kicked off with events from Microsoft and Google, and the consistent message that adversaries were using AI to increase the volume, speed and sophistication of their attacks. Long story short, <a href=”https://www.techtarget.com/searchsecurity/feature/AI-powered-attacks-What-CISOSs-need-to-know-now”>adversaries are using AI</a> to dramatically amp up their efforts. While the attacks might not be super-sophisticated today — better <a href=”https://www.techtarget.com/searchsecurity/definition/phishing”>phishing lures</a>, etc. — attackers will learn and get progressively better, especially because they can now deploy agents for malicious purposes.</p>
<p>While everyone has opinions on the risks and where the threats will emerge, these are early days for deploying AI agents, and the risks in the field have yet to emerge in volume. Researchers have found many vulnerabilities, but actual events or compromises causing significant business damage have yet to appear. Given how enterprises are embracing agentic AI across their businesses, it is a matter of when — rather than if — they will face attacks or incidents.</p>
<p>The increased attacker velocity with AI needs to be countered by defender velocity that is also powered by AI. The topics on most RSAC attendees’ minds were how defenders can up their game using AI agents and ensuring that enterprises use agents securely.</p>
</section>
<section class=”section main-article-chapter” data-menu-title=”Finding the signal in the AI security marketing noise”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>Finding the signal in the AI security marketing noise</h2>
<p>From a defender’s perspective, the volume of the AI agent message was cranked to 10, but there was distortion coming out of the speaker. Signage blared “security for AI agents,” but there was little clarity about the layers comprising a complete solution for AI agent security. An AI agent security stack has many layers: AI security posture management; data security, including data security posture management and data loss prevention; identity security — i.e., governance, fine-grained access control, lifecycle management; and data and cyber-resilience for AI agents, including backup and recovery, ensuring AI infrastructure, retaining AI agent logs, etc.</p>
<p>The AI agent phenomenon is relatively new, and it will take time for enterprises, security practitioners and the cybersecurity ecosystem to figure out how the cybersecurity pieces fit together. The various technology providers are approaching it from different perspectives. When it comes to identity security for AI agents, three approaches stand out:</p>
<ul class=”default-list”>
<li><b>Cybersecurity platform players.</b> Bigger cybersecurity players have a comprehensive “we will solve your AI agent issues” approach to solve the broad range of AI agent security challenges. That runs the gamut from prompt injection attacks and model poisoning to governing and securing agent identities. These players include Cisco, CrowdStrike, Microsoft, Palo Alto Networks, CyberArk and Thales.</li>
<li><b>Identity platform players.</b> Enterprises have already invested in <a href=”https://www.techtarget.com/searchsecurity/definition/identity-governance-and-administration-IGA”>identity governance and administration</a>, <a href=”https://www.techtarget.com/searchsecurity/definition/privileged-access-management-PAM”>privileged access management</a>, access management, identity security posture management and <a href=”https://www.techtarget.com/searchsecurity/definition/What-is-identity-threat-detection-and-response-ITDR”>identity threat detection and response</a>. It is a natural extension for vendors such as Delinea, SailPoint Technologies, Saviynt, BeyondTrust, ConductorOne, Teleport, Andromeda Security and Xage Security to expand their portfolios to manage and secure AI agent identities alongside existing platforms for securing and governing human and nonhuman identities.</li>
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: