Fortune Cyber 60 recognition signals rising pressure on AI agent security

At a glance

What this is: Fortune’s 2026 Cyber 60 recognition for Zenity points to rising market attention on AI agent security and governance.

Why it matters: For IAM teams, it reinforces that agent discovery, policy enforcement, and runtime control are becoming core requirements, not optional add-ons, across NHI, autonomous, and human identity programmes.

By the numbers:

• 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.

👉 Read Zenity's statement on Fortune naming it a 2026 Cyber 60 company

Context

AI agent security is the governance problem that appears when software can select tools, act across environments, and persist beyond a single workflow. The question for identity teams is no longer whether agents exist, but whether current controls can see, constrain, and audit what they do.

Zenity’s Fortune recognition is a market signal, not a technical proof point. It reflects that enterprises are looking for ways to govern agent behaviour across SaaS, cloud, and endpoint environments, while security and IAM teams are still trying to define ownership, policy boundaries, and acceptable privilege for non-human actors.

The deeper issue is that agent governance collapses when discovery, authorisation, and monitoring sit in separate operating models. That is why AI agent security is now intersecting with NHI governance, lifecycle controls, and privileged access management rather than remaining a niche product category.

Key questions

Q: How should security teams govern AI agents across SaaS, cloud, and endpoint environments?

A: They should govern AI agents as identities with explicit ownership, scoped tool access, and a runtime policy model that follows the agent across environments. The key is to link discovery, entitlement review, and containment so that the same agent cannot silently gain broader reach as it moves between systems.

Q: Why do AI agents create more identity risk than standard automation?

A: AI agents create more identity risk because they can make runtime decisions about what to do next, which tools to invoke, and when to act. That behaviour can produce scope drift and cross-system actions that ordinary scheduled automation or fixed workflows do not create.

Q: What do security teams get wrong about AI agent inventory and discovery?

A: They often assume application logs or cloud inventories are enough. In practice, agents are embedded in SaaS workflows and delegated permissions, so teams need an identity-centric inventory that records ownership, tool connections, and the environments where each agent can operate.

Q: Who is accountable when an AI agent causes unauthorized access or data exposure?

A: Accountability should sit with the business or platform owner that approved the agent, the team that granted its permissions, and the group responsible for monitoring and offboarding it. If no owner can be named, the governance model is already failing.

Technical breakdown

AI agent discovery and inventory control

AI agent discovery is the process of finding which agents exist, where they run, what they connect to, and which identities they use. In practice, this is harder than ordinary asset discovery because agents may be embedded in SaaS workflows, cloud automations, or endpoint actions, and may invoke tools through delegated permissions rather than direct logins. Without a reliable inventory, security teams cannot distinguish sanctioned agents from shadow AI, nor can they assign ownership, policy, or review cadence. Discovery is therefore the prerequisite for governance, not a reporting layer after the fact.

Practical implication: build an authoritative inventory of agents, their parent identities, and their tool connections before expanding their access.

Policy enforcement across SaaS, cloud, and endpoint environments

Agent-centric policy enforcement means controlling what an agent can access, when it can act, and which tools it can invoke across multiple execution environments. The challenge is that the same agent may move from a SaaS workflow into cloud APIs and then touch endpoint data, so policy cannot live in a single console or product boundary. Effective enforcement has to follow the identity and the action path, not just the application. That is why unified policy models matter more than isolated guardrails: they reduce the chance that one environment silently permits what another would block.

Practical implication: map agent entitlements end to end and enforce policy at each environment boundary, not just at the entry point.

Real-time detection and response for agent activity

Real-time detection for AI agents focuses on behaviour that changes during execution, such as unexpected tool use, unusual data access, or privilege drift across a session. Traditional logs often show the result after the action has already completed, which is too late for agent workflows that can chain decisions quickly. Detection therefore needs context about the agent, its permitted actions, and its normal sequences, so that response can interrupt misuse before it compounds. For identity teams, this turns monitoring into a runtime control rather than a forensic one.

Practical implication: define behavioural baselines for agent activity and trigger containment when tool use or access patterns drift outside approved scope.

Threat narrative

Attacker objective: The objective is to turn trusted agent access into uncontrolled action across enterprise systems, expanding reach without needing a human operator at each step.

1. entry: The attack surface begins when an AI agent is granted access to SaaS, cloud, or endpoint tools through delegated identity and broad permissions.
2. escalation: Once active, the agent can invoke multiple tools across environments, creating scope drift that bypasses controls built for static users or single-system workflows.
3. impact: Misuse or compromise can produce data exposure, unauthorized actions, or cross-environment persistence that is difficult to unwind after the fact.

Breaches seen in the wild

• Moltbook AI agent keys breach — Moltbook breach exposed 1.5M AI agent keys.
• AI LLM hijack breach — attackers used stolen AWS access keys to hijack Anthropic LLM models on Bedrock.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

AI agent security has moved from a niche control problem to a governance boundary problem. The Fortune Cyber 60 recognition reflects market demand, but the real issue is that agents now operate across SaaS, cloud, and endpoint contexts where identity, policy, and monitoring are fragmented. That fragmentation makes it difficult to assign ownership or prove control consistency. Practitioners should treat agent governance as a cross-domain identity programme, not a point solution.

Agent discovery is the new prerequisite for identity governance. You cannot govern what you cannot enumerate, and AI agents are often embedded in workflows that hide them from traditional asset and identity inventories. Without discovery, shadow AI and sanctioned agents look the same to the control plane. Security teams need to assume that missing inventory means missing accountability, not just missing telemetry.

Policy that stops at the application boundary will fail against agentic behaviour. Agents do not respect the tidy separation between SaaS, cloud, and endpoint controls that many IAM programmes still assume. The governance model has to follow the identity across tool invocation and runtime action, because access risk now emerges from the sequence of actions, not just the initial entitlement. Practitioners should re-evaluate whether their policy model governs behaviour or merely permissions.

Runtime response is now part of identity control, not just security operations. AI agents can complete harmful sequences faster than manual review or periodic certification can react. That means governance must include interruption logic, behavioural thresholds, and clear ownership for containment across the agent lifecycle. Teams that still rely on after-the-fact review are already operating outside the pace of the threat.

Agentic AI security validates the need for a broader NHI governance model. The same structural problem that applies to service accounts and API tokens now applies to agents that can choose tools at runtime. The distinction is that agents add independent action selection, which raises the governance bar from credential control to behaviour control. Practitioners should align identity, access, and lifecycle processes across machine identities and autonomous systems.

From our research:

• Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities, according to The State of Non-Human Identity Security.
• Our research also shows: 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, which leaves delegated access and external trust paths poorly governed.
• For a deeper baseline: Read Ultimate Guide to NHIs , Why NHI Security Matters Now for the wider lifecycle and control implications.

What this signals

Agentic AI will force identity teams to merge discovery, policy, and response into a single operating model. If ownership lives in one team, policy in another, and runtime visibility somewhere else, AI agents will keep slipping through the seams. The programme signal is clear: consolidate control points before agent adoption scales faster than your ability to govern it.

AI agent growth will expose whether your NHI programme is lifecycle-aware or credential-only. With NHIs outnumbering human identities by 25x to 50x in modern enterprises, adding agents without lifecycle discipline will compound existing sprawl. Security teams should plan for ownership, review, and offboarding to become mandatory operating requirements, not optional hygiene.

Shadow AI becomes a discovery problem before it becomes a threat problem. The practical response is to establish one inventory for sanctioned agents, one review path for their access, and one containment path when behaviour drifts. That is the governance shape the next wave of agent adoption will demand.

For practitioners

• Inventory every active AI agent Create a single register for agents across SaaS, cloud, and endpoint environments, and tie each one to an owning team, purpose, and approved tool set. Use the register to expose shadow AI and prevent unmanaged expansion of agent privileges.
• Bind policy to the agent, not the app Define access rules around the agent identity, its allowed actions, and its tool invocation paths. If the same agent can move across systems, policy must travel with it instead of being enforced only at the first login or API boundary.
• Add runtime thresholds for misuse Set behaviour-based triggers for unusual tool chaining, unexpected data access, or cross-environment movement. When those thresholds trip, isolate the agent before the action sequence completes and confirm whether the access path was intended.
• Unify owner, review, and offboarding logic Treat every agent as a governed identity with an owner, a review cadence, and a revocation path. Offboarding must remove connected tools, inherited permissions, and any residual tokens or delegated credentials tied to the agent.

Key takeaways

• AI agent security is shifting identity governance from static permissions to runtime behaviour control across SaaS, cloud, and endpoint environments.
• Discovery, ownership, and policy consistency are now the critical gaps, because unmanaged agents create the same governance blind spots as shadow NHI plus faster action paths.
• Security teams need a single operating model for agent inventory, entitlements, monitoring, and offboarding before agent adoption outpaces control design.

Key terms

• AI Agent Identity: An AI agent identity is the set of credentials, permissions, ownership records, and behavioural boundaries used to govern an agent that can act independently at runtime. Unlike a simple automation account, it may select tools and sequence actions dynamically, which makes traceability and containment essential.
• Shadow AI: Shadow AI is an undiscovered or unmanaged AI agent operating inside an organisation without explicit governance, ownership, or security review. It often appears inside existing workflows, which makes it hard to distinguish from approved automation until access, data use, or behaviour is examined.
• Agentic Policy Enforcement: Agentic policy enforcement is the practice of applying access and action controls to an AI agent during execution, not only at setup time. It focuses on what the agent can do, which tools it can invoke, and when response should interrupt a risky sequence.
• Runtime Behaviour Control: Runtime behaviour control is the ability to detect, constrain, or stop an identity while it is acting, based on what it is doing rather than only what it was allowed to do initially. For AI agents, this is the difference between governance on paper and governance in motion.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or governance in your organisation, it is worth exploring.

This post draws on content published by Zenity: Fortune names Zenity a 2026 Cyber 60 company for AI agent security. Read the original.