At the RSA Conference this year, our 1Password team was in the room with the brightest minds: the people building the platforms, the investors seeing across the landscape, the customers dealing with tomorrow's problems today. This puts us in a unique position. We get to see the challenges that people will experience tomorrow, even though most of the market isn't seeing them yet. Every organization I talk with is pushing hard to deploy AI, but they’re operating in the dark. They fundamentally don't know what tools are proliferating across their environments, what the risks are, or how to quantify the problem. 1Password Unified Access is helping them turn on the lights. To every customer who spent time with us this week, who shared their challenges, whose eyes lit up to see how we're building to solve those challenges: thank you. You're not just validating our approach. You're helping us solve a problem that's bigger and more urgent than most organizations realize.

The AI industry has an authorization problem nobody is talking about. Existing authentication systems can verify that a human is present or that credentials are valid — but they cannot enforce that the intended human associated with a specific authorization context is the one providing consent at the moment of action. That distinction matters enormously in agentic AI environments where actions are initiated, chained, and delegated by autonomous systems. NIST just published a concept paper this February asking the industry to solve exactly this problem — how do we bind human identity to AI agent authorization in a way that is cryptographically verifiable, ephemeral, and hardware-tied? The answer isn't a better password. It isn't a session token. It isn't OAuth. The answer is treating human authorization itself as a distinct, enforceable system layer that produces a time-limited authorization event — not a persistent identity assertion — for downstream AI consumption. That architecture exists. It's filed. If you're working on AI agent security, agentic authorization, or enterprise AI governance — I'd like to connect. #AIGovernance #AgenticAI #AIAuthorization #NIST #AISecurity #HumanInTheLoop

A study out this week surveyed over 2,000 IT decision-makers on AI adoption. The number that stopped me: 90% of organizations are actively pressuring security teams to loosen identity and access controls to accelerate AI initiatives. Not 9%. 90%. And in the same study, nearly 90% reported at least one identity visibility gap, with the largest gap involving non-human identities like AI agents. We are in a moment where the pressure to move fast on AI is overriding the infrastructure required to govern it. That is not a technology problem. That is a culture problem with technology consequences. The institutions that will look back on 2026 as a win are the ones treating governance as an engineering priority right now, not an audit response later. You cannot govern what you cannot see. And right now, most organizations cannot see nearly enough. #AIGovernance #ResponsibleAI #EnterpriseAI #AgenticAI #RiskManagement

**Identity Management Emerges as Agentic AI Bottleneck** As AI agents gain autonomy, securing their access becomes critical. Dock Labs' new Model Context Protocol (MCP) server and Ping Identity's "Identity for AI" framework signal a rush to solve this problem. These solutions aim to provide real-time enforcement of AI agent permissions. Enterprises face unique challenges managing AI identities, requiring more than traditional IAM systems. Who controls an agent? What data can it access? How do we audit its actions? Agentic AI adoption hinges on robust answers to these questions. #AgenticAI #AIsecurity #IAM #AIagents #IdentityManagement

Stop letting AI agents act as "Anonymous Ghosts." NIST guidance is clear: AI agents need unique credentials. Piggybacking human IDs creates a visibility vacuum. If you can't tell human from machine, your governance is broken. Source: https://lnkd.in/gPrrn9Bp Ship Good AI - Assign unique machine IDs - Use scope-limited tokens - Log agent actions separately - Map agent-to-user hierarchy - Audit identity lifecycle Prevent Bad AI - Don't share human credentials - No anonymous ghost access - Stop over-privileged tokens - No untraceable agent chains - Don't skip verification --- Los agentes de IA no deben ser "fantasmas". NIST exige credenciales únicas para evitar riesgos. ¡Asigne identidades propias a sus agentes ya! Ken Johnston and I co-founded the AiGovOps Foundation and the AiGovOps.community (currently in alpha testing) to build positive solutions for humanity through AI. Join our global community and sign up for our occasional newsletter at https://lnkd.in/gj855M3N Connect with Bob Rapp and Ken Johnston on LinkedIn to join the conversation.

The Claude data exfiltration vulnerability is a clear signal that AI risk is evolving. This shows how an AI system can operate as a trusted actor inside a legitimate environment, access permitted data, and move it through approved paths. That is a different security problem. For enterprise teams, the implication is straightforward: securing AI workloads requires more than application-layer controls. It requires visibility, segmentation, and policy enforcement around how AI-driven systems communicate across the environment. Ian Smith breaks down why this incident matters, where traditional security models fall short, and what organizations should consider next as AI becomes more operationally embedded. 👀 Read the blog: https://loom.ly/6uVYQBA #AISecurity #CloudSecurity #AIAgents #CNSF

🚨 78% increase in attacks targeting multi-agent AI systems leveraging weak authorization controls reported in the past 12 months 📊 Recent studies indicate that AI-driven multi-agent environments experience an average dwell time of 15 days for unauthorized cross-agent activities. Threat models reveal rising incidents of agent impersonation and tool poisoning responsible for 33% of breaches in these ecosystems. Delegation chain validation reduces risk exposure by 48%, while strict behavioral boundaries cut cross-agent attack surfaces by 52%. 🔍 Incorporating zero trust authorization principles in AI multi-agent systems is essential. This means enforcing continuous verification for every inter-agent call, validating delegation chains cryptographically, and monitoring behavioral anomalies in real time. Without zero trust, attackers exploit implicit trust in automated workflows, amplifying damage and persistence. 💭 The evolving AI threat landscape underscores zero trust as a foundational security model for future multi-agent architectures — adopting these frameworks reduces attack complexity and supports scalable, resilient AI operations. #ZeroTrust #AIsecurity #ThreatIntelligence #MultiAgentSystems #CyberResilience #IAM #CyberDefense #InfoSec #AutomationSecurity #AIThreats source: https://lnkd.in/efVaVQuD

🤖 AI agents expose a common mistake: confusing identity with identifiers. Example myagent.sh -user alice -scope read 1 process → 1 PID → Alice’s permissions. Now you scale. Threads → same PID  Processes → many PIDs But nothing changed about *who the agent runs for*. Identity: Alice  Identifiers: PID1, PID2, PID3… A PID is just an identifier, not an identity. ⚠️ If scaling changes identity, your deployment choice is changing your security model. What we actually want: 1 Identity (Alice)  N Identifiers (agent instances)  Scoped authority per instance Alice  ├ agent#1 → read:/docs  ├ agent#2 → read:/reports  └ agent#3 → read:/public Same identity origin.  Different identifiers.  Reduced authority. Key separation Identity + intent → create authority  Continuity proof → carry authority  Identifier → traceability Authority must survive scaling. #PIC #AI #AIAgents #Security #Identity #ZeroTrust #DistributedSystems

𝗔𝗜 𝗥𝗶𝘀𝗸 𝗶𝘀 𝗗𝗮𝘁𝗮 𝗥𝗶𝘀𝗸 Most enterprises feed proprietary data into existing foundational AI models through RAG, fine-tuning, and prompt interaction. That means competitive advantage and security exposure share the same root: your data. Three categories of AI risk keep surfacing → AI-accelerated threats, shadow AI integrity, and operational usage governance. The common variable across all three is data exposure. The governance reframe for CISOs: stop governing AI as a standalone capability. Start governing the data that flows through it — - who authorized it, - where it’s processed, and - what controls prevent overexposure. Organizations that treat AI governance as an extension of data governance are building on solid ground. The rest are accumulating risk they haven’t yet measured. ➡️ Loved this article by Dimitri Sirota: https://lnkd.in/egJYTS8X #AIGovernance #AISecurity #DataGovernance #CISO #EnterpriseAI

Most organizations don’t know when their data is being exposed to AI. And that’s the risk. GTB Technologies® provides visibility into every instance where sensitive data is exposed to AI — including PII, source code, and other critical information. We identify who is taking risky actions, track behavioral patterns, etc, so security teams can focus on what matters most. This isn’t just monitoring. It’s real-time control over AI-driven data risk. Because at the end of the day: AI can’t protect what it can’t understand.   RSA Conference 2026 — Booth N-5476 Stop by and see it in action.   #RSAC2026 #DataSecuritythatWorks #AIsecurity #GettheBest #DLPthatWorks