Identity has quietly become the most consequential control point in enterprise security - and the most contested. Palo Alto Networks' Unit 42 reports that identity weaknesses played a material role in nearly 90% of its 750-plus incident response engagements during 2025, while the fastest attacks compressed exfiltration timelines to just 72 minutes. 1Unit 42 2026 Global Incident Response Report At the same time, new Cloud Security Alliance research confirms that most organizations still cannot tell whether an action was taken by a human or an AI agent. 2Who's Behind That Action? The AI Agent Identity Crisis — CSA/Aembit Survey Report
The collision between these two realities - attackers exploiting identity at scale, and defenders deploying autonomous agents with borrowed credentials - defines the current threat landscape.
The Attack Surface: Identity as First Mover
The Unit 42 2026 Global Incident Response Report identifies four converging forces: AI-accelerated attacks, identity-driven intrusions, expanding supply chain abuse, and increasingly stealthy nation-state operations. In more than 750 incident response engagements, 87% of intrusions spanned multiple attack surfaces - endpoints, cloud, SaaS, and identity systems - with identity weaknesses serving as the most reliable entry point. 1Unit 42 2026 Global Incident Response Report
This is not a new vector, but the speed is. AI-powered adversaries are using automation to triage stolen credentials, scan for lateral movement opportunities, and exfiltrate data before human defenders can respond. The report notes that exfiltration speeds for the fastest attacks quadrupled during 2025. 1Unit 42 2026 Global Incident Response Report When the attacker moves at machine speed and the defender operates at human speed, the advantage compounds at every step.
The Defender's Side: Agents Without Identities
The CSA/Aembit survey, released April 20, quantifies the governance gap on the defensive side. AI agents are already operating across internal applications, APIs, SaaS platforms, cloud infrastructure, and development pipelines - precisely the systems where access decisions matter most. 2Who's Behind That Action? The AI Agent Identity Crisis — CSA/Aembit Survey Report
Yet most agents do not have distinct identities. They exist in what CSA calls an "identity gray area": only 18% of organizations determine an AI agent's access based on the agent's own permissions, while the rest anchor access to human context, predefined rules, or shared service accounts. 2Who's Behind That Action? The AI Agent Identity Crisis — CSA/Aembit Survey Report
The consequences are predictable. Seventy-four percent of respondents say AI agents frequently receive more access than necessary, 79% say agents introduce access pathways that are difficult to monitor, and 81% agree that prompt manipulation could cause an agent to reveal sensitive credentials or tokens. 2Who's Behind That Action? The AI Agent Identity Crisis — CSA/Aembit Survey Report
When permissions are inherited rather than explicitly scoped, the principle of least privilege - a foundational security control - breaks down at machine speed. An attacker who compromises an agent inherits everything that agent can reach. And because 68% of organizations cannot clearly distinguish between actions performed by AI agents and those performed by humans 2Who's Behind That Action? The AI Agent Identity Crisis — CSA/Aembit Survey Report, forensic attribution after a breach becomes significantly harder.
Identity as Infrastructure, Not Afterthought
The broader industry consensus is shifting toward treating identity as core infrastructure rather than an authentication layer. A CSO Online analysis published this week argues that identity has become "the new security boundary," replacing the traditional network perimeter that assumed trust based on location. 3Why identity is the driving force behind digital transformation — CSO Online In a world of remote workforces, cloud-hosted systems, and autonomous agents, verification must happen at the identity level for every request - a principle aligned with zero trust architecture.
For AI agents specifically, this means three things: each agent needs its own identity rather than a borrowed one; access should be per-task and short-lived; and every action should be logged and attributable. CSA's survey respondents confirm these are the top capabilities organizations want: real-time visibility into agent actions, clear identity separation between agents and humans, and the ability to grant scoped, time-limited access. 2Who's Behind That Action? The AI Agent Identity Crisis — CSA/Aembit Survey Report
The Vendor Response: Agentic SOCs and Governed Autonomy
Security vendors are building products that assume identity-first, machine-speed defense is now mandatory. CrowdStrike's Charlotte AI AgentWorks, detailed in an April 21 blog post, provides a platform for building security agents using models from Anthropic, NVIDIA, and OpenAI. Its companion product, Charlotte Agentic SOAR, ships with twelve pre-built agents for tasks from triage to malware analysis. 4How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem — CrowdStrike
CrowdStrike claims its Charlotte AI agents reduce manual investigation workloads by 70%, restore more than 40 hours of team capacity per week, and achieve greater than 98% decision accuracy. 4How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem — CrowdStrike The pitch is straightforward: if eCrime breakout times have collapsed to 27 seconds, defense cannot wait for a human to open a ticket.
But this creates a recursive challenge. The same agents built to defend environments need the very identity governance that CSA's research shows most organizations lack. CrowdStrike addresses this partly through what it calls "governed access and bounded autonomy" - authorization checks, human oversight triggers, and guardrails embedded in workflows. 4How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem — CrowdStrike Whether that governance scales as agent ecosystems grow remains an open question.
The Feedback Loop
The pattern is now self-reinforcing. Attackers exploit identity weaknesses to breach environments. Defenders deploy AI agents to respond at machine speed. Those agents inherit broad permissions and operate without distinct identities, creating new attack surface. Attackers target the agents themselves - or the credentials they carry - to move laterally faster than before.
The global cybersecurity agentic AI market is projected to grow from $1.83 billion in 2025 to $32.81 billion by 2034, at a compound annual growth rate of 37.81%. 5Cybersecurity Agentic AI Market Size, Share, Growth, Demand, 2034 That growth trajectory means the number of autonomous agents operating in enterprise environments will increase by orders of magnitude. Every one of those agents will need an identity, scoped permissions, and an audit trail - or it will become a liability.
What Comes Next
The industry is converging on a clear architectural direction: treat AI agents as first-class identities with their own credentials, their own permissions, and their own accountability. The challenge is implementation speed. CSA's data shows that only 9% of organizations have designated IAM teams as the primary owner of agent identity, and only 13% feel highly prepared for upcoming AI-related regulations. 2Who's Behind That Action? The AI Agent Identity Crisis — CSA/Aembit Survey Report
Organizations that delay this work are building a structural deficit. As both attack speed and agent deployment accelerate, the window for retrofitting identity governance is narrowing. The agents are already in production. The question is whether their identities are, too.
Bild: Milad Fakurian / Unsplash
