In March 2026, San Francisco once again became the epicenter of the cybersecurity world. Thousands of practitioners, vendors, and investors gathered at Moscone Center for the RSA Conference, where one theme dominated every keynote, panel, and booth conversation: Agentic AI. Not just AI as a tool, but AI as an actor. The shift toward autonomous code generation and decision-making systems that initiate actions without human intervention represents a fundamental change in the threat landscape. Developments like Mythos, a next-generation AI framework capable of orchestrating complex, multi-step cyber operations, highlight both the promise and the risk of this new phase.

The Cloud Security Association warns of a surge in simultaneous AI-powered attacks and urges defenders to fight AI with AI. OpenAI has responded by expanding its Trusted Access for Cyber program to support thousands of verified defenders and hundreds of security teams globally. Gartner reinforces this trend, forecasting AI spending to grow by 44 percent in 2026 and reach $47 trillion by 2029. This far exceeds its projected $238 billion for information security and risk management solutions in the same period. The industry is clearly entering a new era where the speed and scale of AI-driven operations will outpace traditional human-centric security models.

The Dual-Use Reality of Agentic AI

Technologies like Mythos reveal a fundamental truth: the same capabilities that benefit defenders also empower attackers. Adversaries are already leveraging AI to enable autonomous reconnaissance and lateral movement, real-time adaptation to defenses, and scalable, low-cost attacks with minimal human involvement. This is not theoretical—early rogue AI agents are actively probing environments, exploiting misconfigurations, and mimicking legitimate users. Attackers no longer need to control every step; they can deploy agents that behave like identities, slipping past perimeter defenses and blending in with normal traffic. The dual-use nature demands that security teams fundamentally rethink what constitutes a trust boundary.

In the past, cybersecurity focused on securing endpoints, networks, and applications. But agentic AI blurs these lines. An AI agent can authenticate via APIs, access data, perform actions, and even make decisions that affect business operations. When compromised or misused, such agents can cause damage far greater than a conventional malware outbreak. They can become insiders without human oversight, executing commands based on flawed logic or malicious intent. As Mythos and similar frameworks become more sophisticated, the potential for abuse grows exponentially. The industry must prepare for a world where AI agents are both the shield and the spear.

The Risk of One More Tool

Every major shift in cybersecurity has historically led to a wave of point solutions. The result is predictable: tool sprawl, siloed visibility, and operational complexity that often benefits attackers. The field of agentic AI risks following the same path. Early signs are already visible with AI security posture management tools, AI runtime protection platforms, AI-specific anomaly detection engines, and AI governance solutions. Each may provide value, but adding more tools increases friction rather than coherence. Organizations don't need more dashboards—they need better context and control over the entities operating in their environments, whether human or machine.

At the parallel AGC Cybersecurity Investor Conference, AI experts and industry leaders reached a more pragmatic conclusion: organizations should treat AI like an identity. This perspective cuts through the hype. Rather than viewing AI as a new tool category requiring entirely separate security stacks, it places AI within the established domain of identity security. Because fundamentally, agentic AI behaves like an identity: it authenticates via APIs, tokens, or credentials; it accesses systems and data; it performs actions within an environment; and it can be compromised, misused, or go rogue. Once you accept this, the path forward becomes clearer and far less fragmented.

The problem with tool sprawl is not just cost—it's the fragmentation of visibility and response. When dozens of discrete security solutions report into separate consoles, security analysts spend more time correlating alerts than investigating threats. In the age of autonomous agents, where attacks can unfold in milliseconds, this delay is deadly. A unified identity-based approach consolidates detection and response across all entities, reducing mean time to detect and mean time to respond. It also eliminates the friction of integrating multiple AI security tools that may not communicate with each other.

Identity Threat Detection as the Foundation

If AI is treated as an identity, identity threat detection and risk mitigation solutions become the logical control plane. This approach focuses on analyzing behavior across credentials and systems. It combines adaptive verification, behavioral analytics, device intelligence, and risk scoring in a unified platform. Applied to AI, this enables behavioral visibility to detect anomalies such as unusual access, privilege escalation, or data exfiltration; risk-based controls to adjust access, enforce additional verification, or isolate suspicious agents; unified policy enforcement across human and machine identities; and lifecycle management to prevent orphaned or unmanaged agents from becoming a vulnerability.

As rogue AI agents emerge, whether compromised or malicious, identity-driven security provides a practical defense. It enforces least privilege, continuously validates access, detects abnormal behavior, and automates response actions. These capabilities already exist in modern identity security frameworks and can be extended to AI without introducing new silos. For example, when an AI agent that usually only reads customer records suddenly attempts to modify database schemas, an identity threat detection system can flag that behavior in real time, trigger additional verification, or block the action entirely—all without human intervention. This is the kind of automated guardrail that agentic AI demands.

Behavioral analytics plays a key role in this model. Machine learning models can establish baselines for what normal activity looks like for both human and machine identities. When an AI agent deviates from its baseline—perhaps by accessing systems outside its scope or at unusual hours—the system can treat that as a threat indicator. This is far more effective than static rules that require constant updating. Moreover, risk scoring can be applied dynamically: an AI agent that has a long history of benign behavior might be granted higher trust, while a newly deployed agent might be subject to stricter controls until it proves reliable. This aligns with zero-trust principles, which assume no entity is inherently trustworthy.

Lifecycle management of AI agents is another critical aspect. Just as user accounts need provisioning, review, and deprovisioning, AI agents must be properly onboarded and offboarded. Left unattended, orphaned agent instances can become backdoors. Automated workflows can ensure that every AI agent is registered, has clear policies, and is automatically retired when no longer needed. This reduces the attack surface and prevents credential leakage. In a world where organizations may deploy thousands of micro-agents for various tasks, manual oversight is impossible. Identity-centric automation becomes the only viable path.

The conversations in San Francisco this March made one thing clear: the future of cybersecurity will be shaped by entities that can act independently. Some will be human. Many will not. As technologies like Mythos continue to push the boundaries of what AI can do, the industry must evolve its defensive mindset accordingly. The most effective strategy may also be the simplest: if it can act, it should be treated like an identity. By anchoring AI security within identity threat detection and risk mitigation frameworks, organizations can protect against rogue agents without adding yet another fragmented tool to an already complex defense arsenal.

The dual-use nature of agentic AI demands a proactive stance. Security leaders must evaluate their current identity infrastructure and ensure it can handle machine identities as easily as human ones. This means extending capabilities like adaptive MFA, behavioral profiling, and automated response to API keys, service accounts, and AI agents. Vendors are already developing integrations that allow identity platforms to monitor and control AI behavior, leveraging standards like OpenID Connect and OAuth for machine-to-machine authentication. The industry is moving toward a future where identity is the common denominator for all security decisions, regardless of the actor.

One of the most promising developments is the use of decentralized identity frameworks for AI agents. By issuing verifiable credentials to autonomous systems, organizations can establish trust without relying on centralized directories that may become single points of failure. Decentralized identifiers allow agents to prove their identity and permissions across different environments, reducing the risk of impersonation. Combined with continuous verification, this creates a robust system where trust is earned and dynamically adjusted.

Early adopters of identity-centric AI security are reporting positive outcomes. For instance, financial institutions that treat trading algorithms as identities have reduced incidents of unauthorized transactions by 60 percent. Healthcare providers applying identity principles to AI diagnostic tools have prevented data leakage from misconfigured models. These real-world examples demonstrate that the concept is not just theoretical—it works. The key is to start now, before the number of autonomous agents overwhelms existing security controls.

As Mythos and similar technologies become mainstream, the window for proactive defense is narrowing. Organizations that delay integrating identity threat detection will find themselves scrambling to contain breaches caused by rogue AI agents. By contrast, those that treat AI as an identity from day one will be able to scale their security posture alongside their AI adoption. The cost of failure is high, but the path forward is clear: unify security under the identity umbrella, and let behavior be the ultimate measure of trust.

Source: SecurityWeek News