Notifications
Clear all
Topic starter
03/06/2026 5:13 pm
TL;DR: Identity security discussions at RSAC are moving from visibility to enforcement, with Gartner citing that through 2028 at least 80% of unauthorized AI agent transactions will stem from internal policy violations rather than malicious attacks. The key shift is that privileged access is no longer just a human-admin problem, and control models built around vaults alone are no longer enough.
NHIMG editorial — based on content published by Silverfort: RSAC Conference 2026 identity security takeaways and Q&A with Abbas Kudrati
By the numbers:
- Through 2028, at least 80% of unauthorized AI agent transactions will be caused by internal violations of enterprise policies concerning information oversharing, unacceptable use or misguided AI behavior rather than from malicious attacks.
- Only 5.7% of organisations have full visibility into their service accounts.
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.
Questions worth separating out
Q: How should security teams enforce privileged access in hybrid environments?
A: Security teams should enforce privileged access as a runtime decision, not just as a stored credential problem.
Q: Why do vaults alone not solve privileged access risk?
A: Vaults protect where credentials live, but they do not control how those credentials are used once an identity is active.
Q: What do organisations get wrong about AI agent governance?
A: They often treat AI agents like scripted automation or like human admins with faster output.
Practitioner guidance
- Move from visibility goals to enforcement goals Reframe identity programme success around whether policy is enforced at authentication and access time, not whether identities are merely inventoried and reported on.
- Map privileged access beyond vaults Review where privileged decisions occur in cloud, SaaS, automation, and agentic workflows, then identify the places where vault-based controls never see the action path.
- Define acceptable use for AI agents Create explicit policy boundaries for agent behaviour, including what actions are allowed, what data may be accessed, and which execution paths require tighter control.
The market is moving toward runtime control, and programmes that cannot enforce policy at access time will be seen as incomplete even if their discovery coverage looks strong?
👉 Read Silverfort's RSAC identity security Q&A on enforcement and AI agent governance →
Explore further
03/06/2026 5:17 pm
Identity control is replacing identity visibility as the strategic centre of gravity. The article’s core argument is that organisations already know they need more visibility, but visibility alone does not reduce risk. Once identities can be discovered, the real question becomes whether policy can be enforced before action. That is a structural shift in IAM and PAM programmes, not a reporting improvement, and practitioners should read it as a mandate to move from observation to control.
A few things that frame the scale:
- Only 5.7% of organisations have full visibility into their service accounts, according to Ultimate Guide to NHIs.
- Our research also shows that 97% of NHIs carry excessive privileges, which broadens the attack surface and makes runtime enforcement harder to defer.
A question worth separating out:
Q: How do you know if identity visibility is actually improving security?
A: Visibility is only improving security if it leads to fewer uncontrolled access paths and more decisions enforced at the point of use. If discovery produces better reports but no change in runtime policy, the programme has improved knowledge, not control. The best indicator is whether the same identity that can be seen can also be constrained before it acts.
👉 Read our full editorial: Identity security is shifting from visibility to enforcement at RSAC
