Three analyses published on May 4, 2026 - a Cloud Security Alliance research paper, a CyberScoop editorial, and a CSO Online opinion piece - arrive at the same conclusion from different angles: the identity architecture most enterprises rely on was designed for a world where humans sat behind keyboards. That world no longer exists.
Deepfakes Have Industrialized Impersonation
The CSA paper, authored by Netskope principal engineer Chandra Rajagopalan as Part 2 of a seven-part series on AI and Zero Trust, opens with a scenario that is no longer hypothetical. In 2024, a deepfaked CFO on a video call convinced a finance team at engineering firm Arup to wire roughly $25 million across fifteen transactions. 1Identity in the Age of AI: Rethinking Zero Trust's First Pillar Two years later, the paper argues, those tactics have been commoditized. Open-source models and a few minutes of public audio are enough to replicate a convincing executive persona.
The data backs the urgency. Deepfake-related fraud incidents in Q1 2025 alone surpassed the entire volume recorded in 2024, with 179 verified incidents in a single quarter compared to 150 for all of 2024. 2Deepfake Statistics 2026 — Cases, Victims & Key Facts Detection remains unreliable: research cited in the CSA paper found that humans correctly identify AI-generated audio only about 60% of the time, and fewer than one in a thousand participants could perfectly distinguish synthetic from authentic media across all formats. 1Identity in the Age of AI: Rethinking Zero Trust's First Pillar
Gartner's 2024 prediction that 30% of enterprises would stop treating standalone facial biometrics as a primary trust factor by 2026 has, by the CSA's assessment, materialized. 1Identity in the Age of AI: Rethinking Zero Trust's First Pillar Diffusion-based injection attacks can now defeat naive liveness checks by inserting synthetic frames directly into a video stream.
AI Agents Break Identity From the Other Direction
While deepfakes attack identity from the outside, AI agents erode it from within. The CyberScoop analysis, written by Paladin Global Institute senior director Devin Lynch, frames the problem with a useful analogy: "Think of it like a building where every door has a lock, but the locks were all designed to recognize human hands. Now the building is full of robots - some of them authorized couriers, some of them intruders - and the locks can't tell the difference." 3Everyone's building AI agents. Almost nobody's ready for what they do to identity.
The piece ties Anthropic's decision to withhold its Mythos model - which discovered thousands of previously unknown software vulnerabilities, some hidden in major operating systems for nearly three decades 3Everyone's building AI agents. Almost nobody's ready for what they do to identity. - to the broader identity challenge. The same autonomous capabilities that let agents find and fix flaws could let attackers exploit them at machine speed. And the systems those agents would probe still authenticate as if a person is on the other end.
CSO Online's Etay Maor, VP of threat intelligence at Cato Networks, quantifies the operational consequence: with AI spending forecast to hit $2.5 trillion in 2026 and 40% of enterprise apps expected to embed task-specific AI agents by year's end, nearly three-quarters of organizations report that agents frequently receive more access than necessary. 4Stopping the quiet drift toward excessive agency with re-permissioning Over-permissioning, Maor argues, is not a misconfiguration - it is the default, driven by convenience, integration friction, and a culture of "execution first."
From Point-in-Time Authentication to Continuous Telemetry
The CSA paper proposes the architectural response: identity must become a continuous signal, not a one-time credential check.
NIST SP 800-63-4, finalized in August 2025, provides the standards foundation. Three updates stand out for security leaders. First, liveness detection becomes a formal requirement, aligning with ISO/IEC 30107-3 presentation attack detection. Second, synced FIDO2 passkeys now qualify for Authenticator Assurance Level 2 (AAL2), removing one of the largest barriers to enterprise passkey rollout. 1Identity in the Age of AI: Rethinking Zero Trust's First Pillar Third, the standard explicitly assumes risk context can change mid-session, requiring architectures that respond in real time. 1Identity in the Age of AI: Rethinking Zero Trust's First Pillar
The operational pattern the CSA describes is Continuous Adaptive Risk and Trust Assessment (CARTA): feeding behavioral telemetry - keystroke cadence, mouse micro-movements, ERP navigation paths, API call sequences - into the policy decision point on a near-constant basis. The result is a behavioral fingerprint that is harder for a deepfake to replicate than a face or a voice, because it emerges from how someone actually works rather than how they look or sound. 1Identity in the Age of AI: Rethinking Zero Trust's First Pillar
Re-Permissioning: The Operational Counterpart
Continuous verification addresses the human side. For AI agents, the parallel concept is what Maor calls "re-permissioning" - a continuous permission audit that catches agents slowly climbing the access ladder. 4Stopping the quiet drift toward excessive agency with re-permissioning
The CSO Online piece identifies three systemic drivers of over-permissioning: teams enabling broad tool access to maximize agent utility; elevated privileges granted during integration that are never revoked; and reduced human checkpoints as confidence in agents grows. Fewer than half of businesses have adopted formal risk management frameworks for AI, leaving agent governance largely ad hoc. 4Stopping the quiet drift toward excessive agency with re-permissioning
The mitigation converges with the CSA's recommendation: ephemeral, just-in-time credentials. Frameworks like SPIFFE issue task-specific identities that exist for the duration of a single transaction and expire when the work completes. The blast radius of a compromise shrinks from "everything this agent can ever do" to "this one transaction, for these few seconds." 1Identity in the Age of AI: Rethinking Zero Trust's First Pillar
The 2026 Identity Blueprint
The CISA Zero Trust Maturity Model places most enterprises between the "Initial" and "Advanced" stages on the identity pillar - passwords still in production, continuous evaluation still aspirational. 1Identity in the Age of AI: Rethinking Zero Trust's First Pillar Closing the gap requires a shift across every dimension of identity architecture:
What Comes Next
The three publications share a forward-looking concern: the window for retrofitting identity architecture is narrowing. Machine identities already outnumber human users by ratios of 50-to-1 in traditional environments and up to 500-to-1 in microservice-heavy stacks. 1Identity in the Age of AI: Rethinking Zero Trust's First Pillar Every new AI agent deployment without scoped permissions and an audit trail adds to the structural deficit.
The CyberScoop analysis puts it plainly: "The organizations that can verify identity continuously - not just at the door, but at every action, for every actor, human or machine - will have a durable advantage. The ones that cannot will find out what ambiguity costs." 3Everyone's building AI agents. Almost nobody's ready for what they do to identity.
The digital ghost in the boardroom wins only if defenders keep relying on assumptions from 2020. In a Zero Trust world, the telemetry is what you trust - not the face on the screen.
Bild: Marcel Strauß / Unsplash
