Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Agentic AI security at RSA 2026: what practitioners should watch


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 9059
Topic starter  

TL;DR: EMA’s 2026 Vendor Vision report highlights ten vendors at RSAC, with the selection explicitly calling out solutions for agentic AI and autonomous enterprise security, reflecting how machine-speed threats are reshaping conference attention according to Enterprise Management Associates. The pattern matters because identity teams now need to decide which controls can govern non-human and autonomous actors before the market settles on a default model.

NHIMG editorial — based on content published by Acalvio: EMA's 2026 Vendor Vision report ahead of RSAC 2026

By the numbers:

Questions worth separating out

Q: How should security teams govern AI agents and machine identities together?

A: Security teams should govern them together only at the policy boundary, not by assuming they behave the same way.

Q: Why do machine-speed threats expose gaps in identity governance?

A: Machine-speed threats expose gaps because many identity programmes still depend on review cycles, manual certification, and delayed revocation.

Q: What do security teams get wrong about autonomous enterprise controls?

A: They often treat autonomy as a branding term rather than an identity behaviour change.

Practitioner guidance

  • Map autonomous decision points separately from NHI inventory Identify where systems can choose actions, tools, or timing without a human approval gate.
  • Harden runtime delegation boundaries Define which identities may invoke tools, combine privileges, and hand off actions to other systems.
  • Shorten the gap between detection and containment Pair identity monitoring with automatic containment rules so risky behaviour can be interrupted before it compounds.

What's in the full analysis

Acalvio's full post covers the conference-specific context this analysis intentionally leaves out:

  • The exact list of EMA Vendor Vision winners and how they were selected for RSAC 2026.
  • The conference framing around agentic AI solutions and autonomous enterprise security.
  • The event logistics and vendor participation details that help attendees navigate the show floor.
  • The original press-release language and announcement context behind the report.

👉 Read Acalvio's coverage of EMA's 2026 Vendor Vision report →

Agentic AI security at RSA 2026: what practitioners should watch?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 8498
 

Agentic AI security is becoming an identity governance problem, not just a detection problem. EMA’s framing shows the market is moving from narrow tool security toward the harder question of who or what is permitted to act. That shift matters because the control surface now includes runtime decisions, delegated actions, and machine-speed execution paths. For identity teams, the field is converging on governance of behaviour, not just credentials.

A few things that frame the scale:

  • 80% of identity breaches involved compromised non-human identities such as service accounts and API keys, according to the Ultimate Guide to NHIs.
  • 71% of NHIs are not rotated within recommended time frames, which leaves long-lived machine access exposed to persistence risk.

A question worth separating out:

Q: How can organisations tell whether their NHI programme is ready for agentic AI?

A: An NHI programme is ready only if it can answer who may initiate actions, what tools they may use, and when those permissions end. If those questions are still handled through static entitlement review alone, the programme is not ready for agentic behaviour. Readiness shows up in runtime policy, delegated scope, and fast containment.

👉 Read our full editorial: RSA 2026 vendor vision shows agentic AI security is now a category



   
ReplyQuote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 8498
 

Agentic AI security is becoming an identity governance problem, not just a detection problem. EMA’s framing shows the market is moving from narrow tool security toward the harder question of who or what is permitted to act. That shift matters because the control surface now includes runtime decisions, delegated actions, and machine-speed execution paths. For identity teams, the field is converging on governance of behaviour, not just credentials.

A few things that frame the scale:

  • 80% of identity breaches involved compromised non-human identities such as service accounts and API keys, according to the Ultimate Guide to NHIs.
  • 71% of NHIs are not rotated within recommended time frames, which leaves long-lived machine access exposed to persistence risk.

A question worth separating out:

Q: How can organisations tell whether their NHI programme is ready for agentic AI?

A: An NHI programme is ready only if it can answer who may initiate actions, what tools they may use, and when those permissions end. If those questions are still handled through static entitlement review alone, the programme is not ready for agentic behaviour. Readiness shows up in runtime policy, delegated scope, and fast containment.

👉 Read our full editorial: RSA 2026 vendor vision shows agentic AI security is now a category



   
ReplyQuote
Share: