Signal
Insights June 18, 2026

Your AI Agents Don't Have an Identity. That's Your Next Security Audit.

65% of organizations had a security incident tied to their AI agents in the past year. Barely one in five treat those agents as identity-bearing entities with access controls. Colorado just rewrote its AI law and other states are following. The talent gap is the least of your problems — you need people who know how to govern agents the same way you govern humans.

Here's a number that should stop a CISO cold: 65% of organizations had a security incident tied to their AI agents in the past year. Not a projection — that's per a Cloud Security Alliance survey commissioned by Token Security, published April 2026.

But here's the number that makes it make sense: barely one in five organizations treat AI agents as independent, identity-bearing entities with formal access controls. About 22%, per Gravitee's State of AI Agent Security 2026 report.

You deployed something that can read your Salesforce, write to your Jira, query your internal databases, and send Slack messages on your engineers' behalf — and you gave it the same governance posture you'd give a shared team password stored in a sticky note.

This is not a technology problem. It's an organizational maturity problem. And it's about to become a legal one.

The Rules Are Catching Up

Colorado just rewrote its AI law. In May 2026, the state repealed and replaced its original AI Act with SB 26-189, which regulates automated decision-making technology and takes effect January 1, 2027. The details shifted — the new version leans more toward disclosure than the original risk-management regime — but the direction did not. States are moving toward documented governance, auditable access controls, and demonstrable human oversight of AI decisions in high-risk areas: hiring, credit, housing, healthcare.

Meanwhile, NIST launched an AI Agent Standards Initiative in early 2026 and published a draft concept paper on agentic AI identity and authorization, and OWASP's Non-Human Identity (NHI) Top 10 — released in late 2024 — maps the most common attack surfaces created by AI agents operating without proper identity governance.

Your legal team may or may not know these exist. Your CISO almost certainly does. The question is whether you've given them the budget and the headcount to act.

What "Identity-Bearing" Actually Means

When we talk about identity for AI agents, we mean something specific: the agent has a defined identity in your IAM system, that identity has scoped permissions (not admin-level access because it was easier), there's a provenance trail for every action it takes, and there's a kill switch that works.

Right now, most enterprise AI agents are running on service accounts that were stood up quickly during a pilot, were never scoped down after go-live, and have no audit trail that any compliance officer would recognize as adequate. Stood up in a hurry, forgotten, still humming along in production with whatever permissions they had on day one. As Matt Caulfield, VP of Identity and Duo at Cisco, put it in an interview at RSAC 2026:

"If you were to go through an audit today as a chief security officer, the auditor's probably gonna have to figure out, hey, there are agents here. Which one of your controls is actually supposed to be applied to it? I don't see the word agents anywhere in your policies."
— Matt Caulfield, VP of Identity and Duo, Cisco, VentureBeat

Okta shipped agent identity tooling in 2026, and Google and Microsoft have theirs in active development. The tooling exists. What doesn't exist in most organizations is the person whose job it is to implement it.

The Staffing Angle

Here's where this gets into my lane directly.

The fastest-growing job title I'm tracking right now is something that doesn't have a clean name yet. It sits at the intersection of IAM, AI platform engineering, and security architecture. Depending on the org, it's being called an AI Security Architect, an Agentic Systems Engineer, an NHI Governance Lead, or an AI Trust & Safety Engineer. All of them mean roughly the same thing: someone who can model an AI agent as a first-class identity, scope its permissions correctly, integrate it into existing PAM tooling, and build the audit logging that lets you say with a straight face that you're in compliance.

Only 18% of security leaders say they're highly confident their current IAM infrastructure can handle AI agent identities, per the Cloud Security Alliance and Strata Identity's February 2026 survey. Which means the other 82% need someone with this skillset and don't have them yet.

That gap is not going to close by reskilling your existing IAM team in a weekend. The people who understand how agentic systems work at a technical level — how they chain tool calls, how they handle secrets, how they authenticate to downstream services — are not the same people who traditionally ran your Active Directory. You need a hybrid, and hybrids are scarce. Hiring for this intersection requires candidates with production depth in both disciplines, and those candidates are naming their price and fielding multiple offers.

Before the Auditor Asks

If you're a CTO or CISO reading this as the regulatory environment tightens, four things are worth doing now.

Audit every AI agent you have in production — even the informal pilots that "kind of went live." Build a registry. Know what each one can touch. Then scope the permissions down: if an agent only needs read access to the data warehouse, it should not have write access. That sounds obvious, and it's almost universally ignored.

Stand up audit logging while you're at it. Even rough logs beat nothing when a regulator asks how a decision got made. And start hiring for the role above now, not later — the candidates are rare, the process is slow, and the need is already here.

Sixty percent of Fortune 100 companies are expected to appoint a dedicated head of AI governance in 2026, per Forrester. Early movers are already there — Sony named a global head of AI governance, and UBS installed a chief AI officer in January. If you're waiting to see how this plays out, you're already behind.

The Real Risk

The organizations I'm most worried about are not the ones that haven't deployed AI agents yet. They have time to do this right.

I'm worried about the ones that have deployed agents in production, declared the pilot a success, moved on to the next thing — and have no idea what permissions those agents are running with today, six months later.

That's not a hypothetical. That's most of you.

The talent that can fix it exists. It's not cheap, it's not fast to hire, and the job market for people with this exact skillset is going to get significantly tighter as the regulatory environment tightens.

Start now. The audit is coming whether you hired for it or not.