When it comes to identity, ‘we see it as that really necessary piece to help manage anything in the AI space—but specifically agentic,’ says GuidePoint Security identity security leader Kevin Converse.
As the rush continues around deploying AI agents across organizations of all sizes, one question in particular is becoming impossible for security teams to ignore: Who—or what—is actually getting access to the organization’s IT systems?
And just as important as the visibility question is a second issue relevant to cyber risk: Is that access actually appropriate?
For solution providers, helping to answer those questions for customers has become a massive and growing focus in 2026, as CISOs and CIOs grapple with mandates to securely enable agentic automation within their companies.
[RELATED: Global AI Week 2026]
That shift is putting even greater pressure on security and IT teams to rethink their approach to identity security and access management—especially around non-human identities, life-cycle governance, least privilege and continuous monitoring, solution provider executives told CRN.
“Identity absolutely is the perimeter at this point,” said Rob Gregory, CISO at Denver-based Optiv.
“Agents in and of themselves are identities. And what they can do—or what they should be able to do—needs to be tracked, reviewed, attested to,” Gregory said. “There should be an approval process. So it should have your traditional life-cycle management. It should have your traditional IAM [identity and access management] practices.”
Without a doubt, there is a huge identity risk when agents inherit human privileges without oversight from their organizations, according to Ian Swanson, AI security leader at Palo Alto Networks, Santa Clara, Calif.
“Many times we will find that there are agents running on the loose that don’t have strict least-privilege controls,” Swanson said. “Or let’s say an identity takes on a human identity. What if you were to leave the enterprise, but now that agent lives on and it’s carrying out tasks and it has your privileges?”
Ultimately, organizations must ensure they are “constantly” assessing the underlying posture configuration around identity and access so that there are delegated controls on the identity front, he said.
In that vein, discovery is of course crucial, but the other challenge is making sure that “you have those all those insights that you’re able to see in real time, to be able to say, ‘OK, are those actions actually approved or not?’” Swanson said.
That visibility challenge is only getting steeper as AI is increasingly adopted from the bottom up, according to Nancy Wang, CTO at 1Password, Toronto.
“Shadow AI is like shadow IT on steroids,” Wang said. “You don’t know what your employees are using. You don’t know how they’re using it—or even why they’re using it.”
The bottom line is that if employees are using company data with unsanctioned AI agents, “then you’re essentially exfiltrating sensitive data from your enterprise into the world—or even worse, credentials, whereby attackers can use those to [compromise] you,” she said.
At the same time, solution providers said the rapid adoption of agentic AI is making the problems more urgent. Many companies , they said, are rapidly adding new, automated identities into environments, which were often already struggling with forms of machine access such as service accounts, certificates, API tokens and secrets—non-human identities securely authenticating to and interacting with sensitive resources like databases or cloud services.
Non-human identity has long been a challenge for privileged access management (PAM) practitioners. What’s new is the scale and urgency within businesses, according to Cyderes’ James Hauswirth.
A non-human identity is an authorization and authentication mechanism that allows an activity to be performed either automatically or at least through a process that doesn’t require human intervention, said Hauswirth, global managing director of PAM at Kansas City, Mo.-based Cyderes.
That includes everything from software agents running on laptops to certificates, service accounts, tokens and secrets, he noted. The thing to keep in mind is that AI agents will use whatever authentication mechanism they can, Hauswirth said.
“Part of the challenge is that AI can use whatever identity it’s given access to to be able to go out and do whatever it does,” he said.
While the estimates vary about how many agents there may end up being in proportion to each human worker, it will no doubt add up to an “explosion” of agentic identities over time, according to Hauswirth.
The reality is that not only is it a major challenge to understand what agents can access, but there are also big hurdles around determining who the agents belong to—and whether the agents’ actions are even still aligned with their original purpose, 1Password’s Wang said.
There’s no question that the cyber risk from uncontrolled agents could be massive, according to industry executives.
When it comes to an agent running locally on a device, a la OpenClaw, the agent has access to “all your data files,” said George Kurtz, co-founder and CEO of CrowdStrike, Austin, Texas. “Everyone [is] plugging in their credentials to plug into Box and Dropbox and Google Drive and their email and every other thing that’s out there.”
All in all, if agents are being granted access to data and workflows, “how do you even know what’s going on?” he said. “This is really scary stuff.”
Increasingly, that is a top concern for customers as AI agents introduce new layers of uncertainty into already complex environments, according to Arctic Wolf CEO Nick Schneider.
“How do I know that my employees are leveraging company assets—in particular, data—in a way that is proper, given that we know that there are LLMs they could plug anything into to get an output?” Schneider said. “That requires certain detections and visibility into what’s happening on the network or the browser or the endpoint to be able to identify what’s happening, and/or identify through identity [systems] whether it’s a human taking an action or an agent taking an action.”
Even as the agentic surge continues, there’s also a risk that identity and access concerns may fall to the wayside amid the pressing needs around updating vulnerability management, following the emergence of powerful frontier AI models for vulnerability discovery, executives said.
Jay Chaudhry, founder and CEO of San Jose, Calif.-based Zscaler, said the emergence of AI-accelerated vulnerability discovery—paired with long‑running challenges such as insufficient patching—has created a level of anxiety in the cyber field that he has never seen before.
To enable a strong security posture in a threat environment that may see as much as a 20-fold spike in software vulnerabilities, “our view is that the best security is what we have been talking about from the start of Zscaler with zero trust,” Chaudhry said.
Zero-trust principles, likewise, are critical when it comes to identity security and access controls, solution providers said.
Importantly, this creates a significant advisory and services opportunity, as customers need help discovering where non-human identities exist and determining who owns them—as well as understanding what they can access and deciding how long that access should last, according to solution providers.
When it comes to enabling AI agents, identity security and access controls are undoubtedly “critically important”—and on track to only become more essential going forward, said Kevin Converse, vice president for identity and access management at Herndon, Va.-based GuidePoint Security.
“We see it as that really necessary piece to help manage anything in the AI space—but specifically agentic,” said Converse.
“When you see the non-human identity explosion, that is kind of a new space for everyone,” he said. “So, trying to figure out what’s the best way to get visibility—that’s the first piece of it. And then [the goal is] finding ways to put controls around it.”
