AI agent security at RSA 2026: what IAM teams are missing

TL;DR: RSA 2026 showed that AI agent security has moved from curiosity to operational urgency, with security leaders now trying to govern systems already taking autonomous actions across diverse environments, according to Zenity. The central problem is that static identity models and point-in-time policies assume agents behave like users, but agent runtime decisions keep breaking that assumption.

NHIMG editorial — based on content published by Zenity: The Floor Was Selling AI. The Hallways Were Asking for Help

By the numbers:

• Over 600 vendors filled the RSA 2026 expo floor, and roughly 37% used AI in their primary messaging.
• Only 44% of organisations have implemented any policies to manage their AI agents, despite 92% agreeing that governing AI agents is critical to enterprise security.
• 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, inappropriately sharing sensitive data, and revealing access credentials.

Questions worth separating out

Q: How should security teams govern AI agents that act at runtime?

A: Security teams should govern AI agents as non-human identities with dynamic runtime behaviour, not as static accounts.

Q: Why do AI agents complicate existing IAM and NHI controls?

A: AI agents complicate IAM and NHI controls because they can change effective scope during a session, inherit permissions through tools, and act in ways that were not known at provisioning time.

Q: What breaks when teams rely on visibility without enforcement for AI agents?

A: Visibility without enforcement breaks the governance model because it creates knowledge without control.

Practitioner guidance

• Map agent runtime ownership Assign one accountable owner for each deployed agent, including the security, infrastructure, and product teams that influence its permissions and tool use.
• Evaluate controls at the action layer Test whether a control can stop an unsafe action after an agent has already received legitimate access and accumulated context.
• Review non-human access as a lifecycle, not a deployment event Extend recertification and offboarding logic to agents whose access changes over time.

What's in the full article

Zenity's full blog covers the operational detail this post intentionally leaves for the source:

• Booth-level examples of how vendors are positioning agent security across SaaS, cloud pipelines, and homegrown deployments.
• The specific runtime questions Zenity used to separate strong demos from scripted ones.
• Practitioner observations about where governance-only products stop short of real enforcement.
• The market split between rebranded platforms, point solutions, governance plays, and purpose-built tools.

👉 Read Zenity's RSA 2026 analysis of AI agent security market signals →

AI agent security at RSA 2026: what IAM teams are missing?

Explore further

View Full Forum →  |  NHI Foundation Course →