In March 2026, San Francisco once again became the epicenter of the cybersecurity world. Thousands of practitioners, vendors, and investors gathered at Moscone Center for the RSA Conference, where one theme dominated every keynote, panel, and booth conversation: Agentic AI. Not just AI as a tool, but AI as an actor.

From autonomous code generation to decision-making systems that initiate actions without human intervention, the industry is entering a new phase. Developments like Mythos, a next-generation AI framework capable of orchestrating complex, multi-step cyber operations, highlight both the promise and the risk of this shift.

The Cloud Security Alliance predicts a surge in simultaneous AI-powered attacks and urges defenders to fight AI with AI. OpenAI has responded by scaling its Trusted Access for Cyber program to support thousands of verified defenders and hundreds of security teams. Gartner reinforces this trend, forecasting AI spending to grow by 44 percent in 2026 and reach $47 trillion by 2029. This far exceeds its projected $238 billion for information security and risk management solutions in 2026.

The Dual-Use Reality of Agentic AI

Technologies like Mythos reveal a fundamental truth. The same capabilities that benefit defenders also empower attackers. Adversaries are already using AI to enable autonomous reconnaissance and lateral movement, real-time adaptation to defenses, and scalable, low-cost attacks with minimal human involvement. This is not theoretical. Early rogue AI agents are probing environments, exploiting misconfigurations, and mimicking legitimate users. Attackers no longer need to control every step. They can deploy agents that behave like identities.

The dual-use nature of AI is particularly dangerous because the speed and scale of AI-driven attacks can overwhelm traditional defenses. For example, an AI agent can scan thousands of systems simultaneously, identify vulnerabilities, and launch tailored exploits in seconds. Traditional signature-based detection struggles to keep up. Moreover, adversarial machine learning techniques allow attackers to evade AI-based defenses by poisoning training data or crafting inputs that bypass detection algorithms.

The Risk of 'One More Tool'

Every major shift in cybersecurity has led to a wave of point solutions. The result is predictable: tool sprawl, siloed visibility, and operational complexity. These gaps often benefit attackers. Agentic AI risks are following the same path. Early signs are already visible: AI security posture management tools, AI runtime protection platforms, AI-specific anomaly detection engines, and AI governance solutions.

Each may provide value, but adding more tools increases friction. Organizations do not need more dashboards. They need better context and control over the entities operating in their environments, whether human or machine. The proliferation of AI-specific tools also creates integration challenges. Security teams must correlate alerts from disparate systems, often leading to alert fatigue and missed threats. A unified approach is essential.

At the parallel AGC Cybersecurity Investor Conference, AI experts and industry leaders reached a more pragmatic conclusion: organizations should treat AI like an identity. This perspective cuts through the hype. Rather than viewing AI as a new tool category that requires entirely separate security stacks, it places AI within the established and critical domain of identity security.

Because fundamentally, agentic AI behaves like an identity: it authenticates (via APIs, tokens, or credentials), it accesses systems and data, it performs actions within an environment, and it can be compromised, misused, or go rogue. Once you accept this, the path forward becomes clearer—and far less fragmented.

Identity Threat Detection as the Foundation

If AI is treated as an identity, identity threat detection and risk mitigation solutions become the logical control plane. This approach focuses on analyzing behavior across credentials and systems. It combines adaptive verification, behavioral analytics, device intelligence, and risk scoring in a unified platform.

Applied to AI, this enables behavioral visibility to detect anomalies such as unusual access, privilege escalation, or data exfiltration; risk-based controls to adjust access, enforce additional verification, or isolate suspicious agents; unified policy enforcement across human and machine identities; and lifecycle management to prevent orphaned or unmanaged agents.

Identity security frameworks have matured over decades. Concepts like zero trust, least privilege, and just-in-time access are well understood. Extending these principles to AI agents is not a radical departure. For example, an AI agent that typically only reads log data but suddenly attempts to write to a production database would trigger an anomaly alert. The identity platform can automatically revoke its access or require step-up authentication, even if the agent itself is not human.

As rogue AI agents emerge, whether compromised or malicious, identity-driven security provides a practical defense. It enforces least privilege, continuously validates access, detects abnormal behavior, and automates response actions. These capabilities already exist in modern identity security frameworks and can be extended to AI without introducing new silos.

Furthermore, identity-centric approaches align with regulatory requirements. Many data protection laws mandate strict access controls and monitoring for all entities accessing sensitive data. By treating AI agents as identities, organizations can demonstrate compliance more easily. They can produce audit trails showing exactly which agent accessed what data and when, and enforce policies for data retention and deletion.

The financial impact of failing to secure AI agents is significant. A single rogue agent could exfiltrate terabytes of customer data or manipulate critical infrastructure. The cost of a breach involving AI systems is likely higher due to the speed of damage. Investing in identity threat detection today is a fraction of the potential loss from an unchecked autonomous attack.

Another consideration is the lifecycle of AI agents. Like human users, agents need to be onboarded, granted appropriate permissions, monitored, and eventually decommissioned. Without lifecycle management, orphaned agents with outdated credentials become backdoors for attackers. Identity platforms can automate this process, ensuring that agents only have access when needed and that credentials are rotated regularly.

The industry is already seeing early adopters of this approach. Forward-thinking organizations have integrated their AI development pipelines with identity providers. When a new AI agent is deployed, it automatically receives a service account with scoped permissions based on its intended function. Behavioral baselines are established, and any deviation triggers a review. This proactive stance prevents incidents before they escalate.

At the RSA Conference, several vendors demonstrated identity platforms that now include AI-specific risk scores. These scores take into account the agent's purpose, its sensitivity, and its historical behavior. A developer testing a new model in a staging environment would have a low risk score, while a production agent handling financial transactions would have a high score, requiring stricter controls.

The shift towards treating AI as an identity also simplifies security operations. Instead of managing separate policies for users and machines, organizations can have a single policy engine. This reduces complexity and the risk of misconfiguration. It also enables better visibility into the entire attack surface, from human employees to automated scripts to sophisticated AI agents.

As the threat landscape evolves, the line between human and machine actors blurs. Attackers already use AI to mimic human behavior, making traditional user behavior analytics less effective. However, identity threat detection platforms that focus on entity behavior—regardless of whether the entity is human or AI—can adapt. They analyze patterns such as login times, geographical locations, device fingerprints, and access requests to determine if an action is legitimate.

The conversations in San Francisco this March made one thing clear: the future of cybersecurity will be shaped by entities that can act independently. Some will be human. Many will not. As technologies like Mythos continue to push the boundaries of what AI can do, the industry must evolve its defensive mindset accordingly. The most effective strategy may also be the simplest: if it can act, it should be treated like an identity.

By anchoring AI security within identity threat detection and risk mitigation frameworks, organizations can protect against rogue agents—without adding yet another fragmented tool to an already complex defense arsenal. The path forward is not about more tools, but about better integration of existing capabilities to address the new reality of autonomous agents.

Source: SecurityWeek News