{"id":15598,"date":"2026-02-03T07:05:31","date_gmt":"2026-02-03T07:05:31","guid":{"rendered":"https:\/\/newestek.com\/?p=15598"},"modified":"2026-02-03T07:05:31","modified_gmt":"2026-02-03T07:05:31","slug":"think-agentic-ai-is-hard-to-secure-today-just-wait-a-few-months","status":"publish","type":"post","link":"https:\/\/newestek.com\/?p=15598","title":{"rendered":"Think agentic AI is hard to secure today? Just wait a few months"},"content":{"rendered":"
\n
\n
\n
\n
\n
\n
<\/div>\n<\/section>\n

Early experimentation with agentic AI has given CISOs a preview of the possible cybersecurity nightmares ahead<\/a>. But with autonomous agent adoption expected to soar throughout 2026, CISOs\u2019 lack of visibility into agentic identities, activities, and decision-making is set to get far worse in quick measure.<\/p>\n

Agentic use will vary by enterprise, but analysts, consultants, and security vendors agree that their numbers will expand far beyond CISOs\u2019 ability to maintain control as they simultaneously navigate the price of decades of identity governance neglect for non-human identities (NHIs)<\/a>, including service accounts, OAuth tokens, embedded API keys, and automation credentials.<\/p>\n

Ishraq Khan<\/a>, CEO of coding productivity tool vendor Kodezi, sees most enterprises today housing 8 to 10 million such identities, a figure he projects will hit 20 to 50 million by year\u2019s end.<\/p>\n

Jason Sabin<\/a>, CTO at DigiCert, predicts an even steeper rise, with enterprises\u2019 identity role calls increasing 10 times by January 2027.<\/p>\n

\u201cWe need to rethink how identity and data provisioning is done and put in place the right processes that can scale with the growth of agentic identities,\u201d says Justin Greis<\/a>, CEO of consulting firm Acceligence and former head of the North American cybersecurity practice at McKinsey. \u201cYou simply cannot apply human processes to something that will scale at this rate.\u201d<\/p>\n

Visibility is the bigger problem<\/h2>\n

As bad as that massively expanding identity universe is, the bigger problem may be how little visibility CISOs have into NHIs, with AI agents offering not just the fastest growth but the least visibility.<\/p>\n

Jason Andersen<\/a>, principal analyst for Moor Insights & Strategy, estimates 25% NHI visibility for enterprise CISOs today. \u201cThe remaining 75% is in the shadows,\u201d he adds.\u00a0<\/p>\n

Those shadows include \u201csemi-shadow\u201d activities, such as third parties or lines of business that have been given permission to experiment with agentic AI but have not necessarily alerted IT or security teams about what they are doing.<\/p>\n

Still, Andersen sees that number getting a lot worse, projecting visibility to drop to about 12% by year-end and then into the single digits by January 2028. \u201cAnd then they\u2019ll likely fix it,\u201d he says, adding, \u201cIt\u2019s a big frickin\u2019 problem.\u201d<\/p>\n

Gartner analysts Jeremy D\u2019Hoinne<\/a> and Akif Khan<\/a> agree CISOs face urgent problems in this area today.\u00a0<\/p>\n

NHIs are going to be \u201cseveral orders of magnitude larger than human identities and most organizations do not have a strong enough foundation to manage both machine and agentic identities,\u201d Gartner\u2019s Khan says.<\/p>\n

Enterprise CISOs are \u201cblind to what is happening. The numbers are going to be overwhelming,\u201d D\u2019Hoinne adds.<\/p>\n

Forrester expects similar outcomes for CISOs. \u201cThere is going to be an explosion of non-human identities,\u201d says Forrester analyst Geoff Cairns<\/a>. \u201cThe exponential growth is indisputable.\u201d<\/p>\n

Kodezi\u2019s Khan notes that the lack of a robust base for NHI governance \u2014 now including agentic AI \u2014 is a critical problem.<\/p>\n

\u201cEnterprises never solved non-human authentication so we don\u2019t have the systems in place for a good secure environment. At its core, we never had the right foundation. That means that we will never have that perfect inventory,\u201d he explains.<\/p>\n

Cost effective fix: Do nothing<\/h2>\n

Kodezi\u2019s Khan offers an interesting fix for that foundational problem: Don\u2019t even try.\u00a0<\/p>\n

He argues it\u2019s a money pit that will never be fully resolved. Instead, he suggests pouring resources into creating a strict identity strategy for every NHI going forward.\u00a0<\/p>\n

\u201cAim for containment rather than for perfection. You can\u2019t really govern every identity, but if you start now, you can<\/em> govern future actions,\u201d he says, adding that, over the years, the percentage of uncontrolled identities will slowly drop as millions more identities are added.<\/p>\n

Nik Kale<\/a>, principal engineer at Cisco and member of the Coalition for Secure AI (CoSAI) and ACM\u2019s AI Security (AISec) program committee, agrees with that assessment. \u201cIf you are drowning,\u00a0you don\u2019t start by draining the ocean.\u201d<\/p>\n

\u201cThe ratios tell you why this is so ungovernable. These identities are growing much faster than the discovery capabilities,\u201d Kale notes. \u201cIt becomes a math problem at that point.\u201d<\/p>\n

As for the path forward, Kale advises not to try to fix the legacy situation.<\/p>\n

\u201cYou just have to contain it, segment it, assume it\u2019s compromised and that it\u2019s hostile territory,\u201d he says. \u201cThe plan needs to be containment plus a clean slate going forward.\u00a0Inventory all non-human identities. Identify which have standing versus just-in-time access. Assign ownership to every one of them. No product required \u2014 just a terrifying spreadsheet.\u201d<\/p>\n

Kale adds that cleaning IDs from now on will deliver a better benefit to CISOs. \u201cIn my opinion, the ratio matters less than the governance gap. Whether it\u2019s 200:1 or 500:1, if IAM [identity access management] only manages 44% of them, the attack surface is already unmanageable,\u201d he says.\u00a0<\/p>\n

But he stresses that NHIs \u2014 especially when agentic \u2014 can be particularly difficult to find, let alone control.\u00a0<\/p>\n

\u201cMost organizations are undercounting by two to three times because machine identities are scattered across cloud consoles, repos, config files, and secrets managers that nobody\u2019s aggregating,\u201d Kale says. \u201cAgentic AI is a multiplier, not an addition. Agents spawn subagents, create credentials dynamically, and establish agent-to-agent auth chains. One agent deployment can generate dozens of new machine identities.\u201d<\/p>\n

Sanchit Vir Gogia<\/a>, chief analyst at Greyhound Research, sees a reckoning ahead.<\/p>\n

\u201cThe enterprise control plane has quietly shifted from humans to machines, while governance stayed behind,\u201d he says. \u201cOnce nonhuman identities outnumber humans by hundreds to one, identity stops being an administrative discipline and becomes the operating system of trust. The failure mode is not that there are too many identities; it is that enterprises cannot assert intent, ownership, and accountability for what those identities are doing at runtime.\u201d<\/p>\n

Moreover, the situation is intensifying thanks to today\u2019s business environment.<\/p>\n

\u201cThis is compounded by incentive structures that reward speed and uptime while penalizing breakage, which leads teams to overpermission machines by default,\u201d Gogia says. \u201cOverpermission is invisible until it is catastrophic. At that point, audits, roles, and reviews offer comfort but not control.\u201d<\/p>\n

Agentic didn\u2019t start the fire<\/h2>\n

None of this situation was caused by agentic AI, Gogia underscores.\u00a0<\/p>\n

\u201cEnterprises did not enter a machine identity crisis because of agentic AI. They entered it years ago through service accounts, embedded API keys, long lived tokens, and automation credentials that were created to keep systems moving and then quietly forgotten,\u201d he says. \u201cWhat agents change is velocity and reach. They inherit trust and then operationalize it at machine speed. A legacy identity that once represented a contained risk now becomes an execution layer across systems, vendors, and workflows.\u201d<\/p>\n

Gogia adds: \u201cThe most dangerous assumption in enterprise security today is that valid identity implies safe behavior. In machine-driven environments, credentials are often correct and activity is authorized, yet outcomes are harmful. Machines do not follow joiner-mover-lever models. They do not pause for approvals. They operate continuously and propagate actions automatically.\u201d<\/p>\n

As a result, decision-making agents, layered into operations, achieve a rate of action that \u201ccollapses the window for detection,\u201d he says. \u201cThe failure shifts from prevention to detection lag. By the time humans understand what happened, the agent already did it.\u201d<\/p>\n

This should \u2014 and likely will \u2014 cause a rethinking from both enterprise CISOs and CIOs<\/a>, he says.<\/p>\n

\u201cThis moment tests leadership alignment. CIOs are under pressure to deploy agents for productivity and scale. CISOs are staring at accountability gaps, forensic complexity, and cascading blast radius. If these agendas diverge, the enterprise ends up with autonomy without responsibility. Boards will ask who owns an agent, who sets its boundaries, and who answers when it causes harm,\u201d Gogia explains.<\/p>\n

\u201cThe next phase of governance will require responsibility mapping for agents, separation of duties for high impact actions, and clear human checkpoints where judgment truly matters,\u201d he adds. \u201cIncident response must also evolve toward reconstructing chains of machine decisions, not just tracing logins.\u201d<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

Early experimentation with agentic AI has given CISOs a preview of the possible cybersecurity nightmares ahead. But with autonomous agent adoption expected to soar throughout 2026, CISOs\u2019 lack of visibility into agentic identities, activities, and decision-making is set to get far worse in quick measure. Agentic use will vary by enterprise, but analysts, consultants, and security vendors agree that their numbers will expand far beyond… <\/p>\n

Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-15598","post","type-post","status-publish","format-standard","hentry","category-uncategorized","is-cat-link-borders-light is-cat-link-rounded"],"_links":{"self":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/15598","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=15598"}],"version-history":[{"count":0,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/15598\/revisions"}],"wp:attachment":[{"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=15598"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=15598"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=15598"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}