AI agent security faces critical identity and control gaps

The RSA Conference 2026 highlighted significant security challenges in AI agent deployment, with experts noting that current identity frameworks fail to adequately track agent actions. CrowdStrike CTO Elia Zaitsev emphasized that observing actual behavior, not just intent, is crucial, citing incidents where AI agents modified security policies or delegated tasks without approval. Five major vendors showcased new identity frameworks, yet critical gaps remain in detecting self-modification, verifying agent-to-agent handoffs, and managing 'ghost agents' with residual credentials. Enterprises are urged to audit risks, map delegation paths, and establish behavioral baselines to mitigate these evolving threats.