AI Agents Are Becoming the Weakest Link as Identity Security Risks Escalate Across Enterprises

'Yesterday, a user was the weakest link. Today these agents are becoming the weakest link': Zscaler CEO Jay Chaudhry on why he believes zero trust can secure the AI agents of the present, and the future

Zscaler CEO Jay Chaudhry lays out the company's plans for security AI agents AI agents are entering the workforce, and while some show promise at increasing productivity and ending repetitive rote work, others are using their autonomy to cause some serious problems. Zscaler CEO Jay Chaudhry believes his company has a solution. Speaking in Vienna at the opening keynote of Zscaler Zenith 2026, Chaudhry shared his perspective on how a security architecture born in 2007 is best suited to secure the workforce of the future. "Agents are becoming the weakest link" "There have been so many instances where Microsoft Copilot exfiltrated data without a user action, the agent did it," Chuadhry said. "We're seeing OpenClaw poisoned with credential stealers, and there are other cases where databases got deleted, email inboxes got deleted - and it's not users who are doing it. These agents operate independently, they can make decisions, they can take actions." Where a human has the ability to recognise if their actions are destructive, many AI agents do not double check. "Yesterday, a user was the weakest link, today these agents are becoming the weakest link." "They move at machine speed. They need no coffee breaks, no weekends, no time to sleep," Chaudry noted, pointing to the fact that there is very little time for human decision making to take place once an autonomous agent begins a workflow. "The challenges are coming because the AI revolution is different.," he added. "In the internet wave we had human beings able to access websites, in the cloud wave we could have people build applications on the cloud and access them. In every prior wave, we were securing waves using new tools, but this time the tools are the workforce." "This is where zero trust will play a bigger and bigger role." Zscaler recently unveiled a wave of new tools to help secure emerging AI technologies and autonomous agents under its Zero Trust Exchange platform. Among them are tools to prevent AI agents from abusing their permissions, and tools to mask their presence from attackers looking to create a double agent. The tools unveiled include AI Broker: a platform for maintaining organisational visibility over the access controls applied to autonomous agents, and Endpoint AI Security: designed to closely monitor for malicious activity at the device level, digging as deep as the browser, extension and plugin levels. "It's a very exciting but challenging problem to solve," Chaudhry noted, adding that "to really take any action, you've got to understand what you have and what the risk is associated with it." Not only does the new AI agent platform feature MCP and A2A brokers to secure agentic communications, but it also helps in securing agents by "understanding the task that is being done, understanding prompts properly, and being able to inspect prompts to understand the intent." Additionally, Zscaler announced AI Access Graph, which provides visibility into the connections between individual identities, applications and data sources. "In an enterprise, you've got all these entities, you've got all these data sources. They talk to each other. How do you know who is talking to who? Who has what kind of access?" "This problem was solved by a bunch of PhDs at the University of Texas in Austin," Chaudhry explains, pointing to Zscaler's recent acquisition of Symmetry Systems. "It takes telemetry and meta data from all of these sources, applies AI on top of that, and creates a powerful graph that allows you to connect the dots." For Chaudhry, positioning AI agents behind zero trust and using Zscaler's new tools makes enterprise security "simple, elegant, and your workloads are hidden from the internet." Currently, Zscaler handles more than 750 billion requests per day, and with agentic traffic rapidly growing, Chaudhry expects to add "one or two zeroes to this number." "That's the scale our engineering team is working towards. That's the scale we want to build."

Why security leaders are cautious about agentic AI

Agentic AI is everywhere in cybersecurity right now, but it often feels like everyone is using the term slightly differently. Vendors are quick to mention it, yet rarely stop to explain what it actually means in practice or what problem it's meant to solve. For security leaders, that makes it a difficult space to navigate, especially when expectations are high but clarity is still catching up. At its core, agentic AI describes a goal-oriented system of multiple agents that can act, sometimes autonomously, towards an outcome. That is a concept, not a cybersecurity result. In software development, the value is more straightforward. Multiple agents can collaborate to write, test, and improve code. In cybersecurity, the environment is far more fragmented. Tools span endpoint, network, identity, cloud, vulnerability management, and response. If agentic AI is limited to a single vendor's ecosystem, it cannot deliver meaningful outcomes. It simply operates within another silo. The Challenge of Fragmented Security Environments The cybersecurity industry has long talked about platformization, but in practice many platforms have become larger collections of disconnected capabilities. This is where many early implementations fall short. Instead of transforming workflows, they provide a chat interface that allows operators to query multiple systems. While this may improve usability, it actually increases cognitive load. Security teams need to know what the platform is capable of, ask the right questions, interpret results, correlate findings, and decide on actions. Why Caution Is Justified Security leaders are right to approach agentic AI carefully. The market is full of bold claims about autonomous systems that can solve complex problems without human input. In reality, most of these systems are far from that level of capability. Without expert level instruction, agentic systems cannot operate autonomously in a reliable way. Many current solutions depend on users crafting prompts and interpreting outputs. Transparency is another concern. If a vendor cannot clearly explain how their system works, what data it uses, and where human oversight applies, it is difficult to trust the outcomes. In security operations, where decisions can have direct business impact, that lack of clarity is unacceptable. The Role of Guardrails and Human Oversight Effective agentic AI in cybersecurity must include strong guardrails and human-in-the-loop control. Security teams can use AI to accelerate investigation, analysis, and prioritization, but final decisions must remain with people. Actions need to be explainable, traceable, and auditable. Security leaders must be able to understand why a recommendation was made and what evidence supports it. Without that, trust quickly breaks down. The goal is not to remove humans from the process, but to give them better information faster and reduce the number of manual steps required to reach a decision. Planning Past the Hype Cycle The industry is already moving beyond early experimentation. Agentic workflows are beginning to reshape how security operations function. In some cases, they will reduce the need for traditional orchestration approaches as intelligence becomes embedded directly in investigation and response. At the same time, new models, like Mythos, are emerging that can assess vulnerabilities and provide deeper insight into risk. These developments will challenge tools that rely heavily on static analysis or periodic assessments. Mythos has transformed the vulnerability detection space and we're starting to see disruptive volumes of findings. But, what happens 12 months from now after the number of findings plateau? How will your agentic tools detect misconfiguration or poor posture and take remediation action for those vulnerabilities that did not get patched? That's where the real test begins. Agentic AI offering lasting value should move beyond discovering issues to continuously identifying root causes, detecting drift in posture or configuration, and guiding remediation over time. What Good Looks Like in Practice When implemented correctly, agentic AI can deliver meaningful benefits. Consider a ransomware incident. Instead of requiring an analyst to manually investigate across multiple tools, an agentic system could connect events across endpoint, network, and identity data. It could identify that malware execution is linked to a disabled protection control, trace lateral movement attempts, and highlight indicators of compromise. All of this information can be presented as a clear, evidence based narrative. Rather than sorting through alerts, the analyst is given a concise understanding of what happened, why it matters, and what actions can be taken. This might include isolating affected systems or restricting access to contain the threat. Reducing Noise and Improving Decision Making One of the biggest challenges in security operations is the volume of alerts. Agentic AI has the potential to improve the signal to noise ratio by correlating data and focusing attention on what truly matters. By combining evidence from multiple sources, it can escalate only the most critical issues and provide clear reasoning behind those decisions. This allows teams to respond more quickly and with greater confidence. Today, many investigations take hours or even days. By automating key steps, agentic AI can reduce that time significantly, helping teams keep pace with fast moving threats while reducing burnout. What to Prioritize Security leaders need to separate marketing claims from real capability. Many vendors promote AI, but few are using it to fundamentally improve how security work is done. The focus should be on solutions that reduce detection and response time and improve operational efficiency. Strong solutions are grounded in real data. They rely on tools that directly observe activity across endpoint, network, identity, and cloud environments. This data provides the foundation for accurate analysis and decision making. Equally important is the ability to take action. Systems that only generate alerts or tickets add friction. The most valuable platforms enable teams to act within the same workflow, whether that means isolating devices, enforcing policies, or guiding response actions. A Practical Path Forward Not all consolidation is beneficial. Security teams should avoid solutions that add noise without improving clarity. They should also be cautious of systems that rely heavily on open ended prompts. These interfaces often shift the burden onto the user, forcing them to determine what questions to ask and whether the system can answer them. Security leaders should avoid AI that produces unreliable or unsupported outputs. Effective agentic AI must be grounded in repeatable workflows and supported by verifiable evidence. Agentic AI has potential to improve cybersecurity operations, but only when it is applied thoughtfully. The goal is not full automation, but meaningful augmentation of human expertise. CISOs should adopt a measured approach. Invest in solutions that provide clear value today, maintain governance and oversight, and build toward greater capability over time. By focusing on outcomes rather than hype, security leaders can take advantage of agentic AI without introducing unnecessary risk. Success will come from using AI to make security teams faster, more informed, and more effective while keeping humans firmly in control of decisions that matter most. We rank the best identity management software. This article was produced as part of TechRadar Pro Perspectives, our channel to feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit

AppViewX targets ungoverned AI agents with new identity security product

AppViewX targets ungoverned AI agents with new identity security product AppViewX Inc. today launched Agent Identity Security, a product that discovers, governs and monitors artificial intelligence agents across enterprise environments as autonomous software increasingly operates on sensitive systems without human oversight. The product extends the AppViewX platform, built on the company's machine identity and public-key infrastructure tools, into AI agent security. It gives security teams a single control plane for every machine and agent identity in their environment, according to the company. AppViewX is pitching the launch at a problem it describes as enterprise security's fastest-growing blind spot: AI agents that act autonomously with broad access and minimal supervision. Ungoverned agent identities can misuse privileged access and violate compliance policies, exposing organizations to security risk. The company is framing the product around two trends hitting enterprises at once. AI agents are proliferating quickly, while the prospect of quantum computing breaking current cryptography is pushing organizations to rethink how they establish digital trust. AppViewX argues that the authentication tools most companies rely on were built for a human-centric world and were not designed for either machine-scale identity or a post-quantum environment. "AI agents have become the largest workforce most enterprises never hired, operating autonomously across sensitive infrastructure with broad access and minimal oversight," said Chief Executive Archit Lohokare. "This new class of identity will lead to incredible innovation if governed appropriately for the post-quantum era. Agent Identity Security gives enterprises the visibility, governance and threat detection to deploy AI agents at scale, without trading speed for security." Agent Identity Security includes four main capabilities. It continuously discovers agents along with their large language models, tool connections and credentials, producing a centralized AI bill of materials. It enforces policy across an agent estate, mapping to frameworks including the National Institute of Standards and Technology's AI Risk Management Framework, the European Union's Artificial Intelligence Act and System and Organization Controls 2. It also applies task-based access controls that restrict agents to only the tools and data each job requires, integrating with existing privileged access and identity management tooling. A fourth component, an AI companion called Guardian Agent, flags anomalous agent behavior in real time and walks teams through remediation. The company is positioning its PKI roots as the differentiator, arguing that grounding agent governance in cryptography addresses the AI and quantum challenges together rather than as separate add-ons. Todd Thiemann, principal analyst at Omdia, said enterprises are deploying AI agents faster than they can govern them, creating "considerable business risk." Grounding agent governance in a native PKI foundation, he said, gives enterprises the cryptographic depth to tackle both the AI and quantum challenges "in one motion, rather than bolting on solutions after the fact." Agent Identity Security is available now as a private preview for qualified enterprises. AppViewX will demonstrate it at the Identiverse 2026 conference. AppViewX has raised about $50 million to date from Brighton Park Capital, including a $30 million growth round in 2019 and a $20 million Series B led by the firm in 2022.

How AI Agents Are Making Identity Security More 'Critical' Than Ever: Partners

When it comes to identity, 'we see it as that really necessary piece to help manage anything in the AI space -- but specifically agentic,' says GuidePoint Security identity security leader Kevin Converse. As the rush continues around deploying AI agents across organizations of all sizes, one question in particular is becoming impossible for security teams to ignore: Who -- or what -- is actually getting access to the organization's IT systems? And just as important as the visibility question is a second issue relevant to cyber risk: Is that access actually appropriate? For solution providers, helping to answer those questions for customers has become a massive and growing focus in 2026, as CISOs and CIOs grapple with mandates to securely enable agentic automation within their companies. [RELATED: Global AI Week 2026] That shift is putting even greater pressure on security and IT teams to rethink their approach to identity security and access management -- especially around non-human identities, life-cycle governance, least privilege and continuous monitoring, solution provider executives told CRN. "Identity absolutely is the perimeter at this point," said Rob Gregory, CISO at Denver-based Optiv. "Agents in and of themselves are identities. And what they can do -- or what they should be able to do -- needs to be tracked, reviewed, attested to," Gregory said. "There should be an approval process. So it should have your traditional life-cycle management. It should have your traditional IAM [identity and access management] practices." Without a doubt, there is a huge identity risk when agents inherit human privileges without oversight from their organizations, according to Ian Swanson, AI security leader at Palo Alto Networks, Santa Clara, Calif. "Many times we will find that there are agents running on the loose that don't have strict least-privilege controls," Swanson said. "Or let's say an identity takes on a human identity. What if you were to leave the enterprise, but now that agent lives on and it's carrying out tasks and it has your privileges?" Ultimately, organizations must ensure they are "constantly" assessing the underlying posture configuration around identity and access so that there are delegated controls on the identity front, he said. In that vein, discovery is of course crucial, but the other challenge is making sure that "you have those all those insights that you're able to see in real time, to be able to say, 'OK, are those actions actually approved or not?'" Swanson said. That visibility challenge is only getting steeper as AI is increasingly adopted from the bottom up, according to Nancy Wang, CTO at 1Password, Toronto. "Shadow AI is like shadow IT on steroids," Wang said. "You don't know what your employees are using. You don't know how they're using it -- or even why they're using it." The bottom line is that if employees are using company data with unsanctioned AI agents, "then you're essentially exfiltrating sensitive data from your enterprise into the world -- or even worse, credentials, whereby attackers can use those to [compromise] you," she said. At the same time, solution providers said the rapid adoption of agentic AI is making the problems more urgent. Many companies , they said, are rapidly adding new, automated identities into environments, which were often already struggling with forms of machine access such as service accounts, certificates, API tokens and secrets -- non-human identities securely authenticating to and interacting with sensitive resources like databases or cloud services. Non-human identity has long been a challenge for privileged access management (PAM) practitioners. What's new is the scale and urgency within businesses, according to Cyderes' James Hauswirth. A non-human identity is an authorization and authentication mechanism that allows an activity to be performed either automatically or at least through a process that doesn't require human intervention, said Hauswirth, global managing director of PAM at Kansas City, Mo.-based Cyderes. That includes everything from software agents running on laptops to certificates, service accounts, tokens and secrets, he noted. The thing to keep in mind is that AI agents will use whatever authentication mechanism they can, Hauswirth said. "Part of the challenge is that AI can use whatever identity it's given access to to be able to go out and do whatever it does," he said. While the estimates vary about how many agents there may end up being in proportion to each human worker, it will no doubt add up to an "explosion" of agentic identities over time, according to Hauswirth. The reality is that not only is it a major challenge to understand what agents can access, but there are also big hurdles around determining who the agents belong to -- and whether the agents' actions are even still aligned with their original purpose, 1Password's Wang said. There's no question that the cyber risk from uncontrolled agents could be massive, according to industry executives. When it comes to an agent running locally on a device, a la OpenClaw, the agent has access to "all your data files," said George Kurtz, co-founder and CEO of CrowdStrike, Austin, Texas. "Everyone [is] plugging in their credentials to plug into Box and Dropbox and Google Drive and their email and every other thing that's out there." All in all, if agents are being granted access to data and workflows, "how do you even know what's going on?" he said. "This is really scary stuff." Increasingly, that is a top concern for customers as AI agents introduce new layers of uncertainty into already complex environments, according to Arctic Wolf CEO Nick Schneider. "How do I know that my employees are leveraging company assets -- in particular, data -- in a way that is proper, given that we know that there are LLMs they could plug anything into to get an output?" Schneider said. "That requires certain detections and visibility into what's happening on the network or the browser or the endpoint to be able to identify what's happening, and/or identify through identity [systems] whether it's a human taking an action or an agent taking an action." Even as the agentic surge continues, there's also a risk that identity and access concerns may fall to the wayside amid the pressing needs around updating vulnerability management, following the emergence of powerful frontier AI models for vulnerability discovery, executives said. Jay Chaudhry, founder and CEO of San Jose, Calif.-based Zscaler, said the emergence of AI-accelerated vulnerability discovery -- paired with long‑running challenges such as insufficient patching -- has created a level of anxiety in the cyber field that he has never seen before. To enable a strong security posture in a threat environment that may see as much as a 20-fold spike in software vulnerabilities, "our view is that the best security is what we have been talking about from the start of Zscaler with zero trust," Chaudhry said. Zero-trust principles, likewise, are critical when it comes to identity security and access controls, solution providers said. Importantly, this creates a significant advisory and services opportunity, as customers need help discovering where non-human identities exist and determining who owns them -- as well as understanding what they can access and deciding how long that access should last, according to solution providers. When it comes to enabling AI agents, identity security and access controls are undoubtedly "critically important" -- and on track to only become more essential going forward, said Kevin Converse, vice president for identity and access management at Herndon, Va.-based GuidePoint Security. "We see it as that really necessary piece to help manage anything in the AI space -- but specifically agentic," said Converse. "When you see the non-human identity explosion, that is kind of a new space for everyone," he said. "So, trying to figure out what's the best way to get visibility -- that's the first piece of it. And then [the goal is] finding ways to put controls around it."