This website uses cookies

Read our Privacy policy and Terms of use for more information.

-THE WIRE  THIS WEEK IN IDENTITY

N°01 · ENFORCEMENT GAP

88 percent of enterprises had an AI agent incident, and most can only watch

A VentureBeat survey of 108 qualified enterprises found 88 percent reported an AI agent security incident in the past year. The most common production architecture they're running is "monitoring without enforcement," which means they can see exactly what an agent is doing and cannot stop it. Visibility without a brake pedal. VENTUREBEAT

N°02 · MARKET SIGNAL

The market is finally building the brake pedal

At Identiverse this June, CrowdStrike shipped Continuous Identity for AI Agents, moving from static long-lived permissions to real-time per-action authorization. Okta, Andromeda, Lumos, and Aembit landed agent governance launches in the same window. The vendors are racing to close the exact gap the survey just measured. CROWDSTRIKE / LETSDATASCIENCE

Hey {{first_name|there}},

There's a conversation happening in two rooms at most enterprises right now, and the two rooms have no idea they're talking about the same thing.

In the SOC, the threat hunters are watching AI agents do strange things. An agent reaching a system it has no business touching. An agent pulling data at three in the morning that nobody requested. An agent that got tricked by some text it read into doing something its operator never intended. The SOC sees it. They have the telemetry, the dashboards, the alerts. They are watching the movie in real time.

Down the hall, the IAM team is running access certifications on a quarterly cycle and feeling good about coverage. They granted the agent its access months ago, signed off on it, and moved on. To them, the agent is a row in a system that says "approved." They are not watching the movie. They don't even know there's a movie.

That's the gap. And the survey data just made it impossible to ignore. 88 percent of enterprises had an AI agent incident in the past year, and the most common architecture in production is monitoring without enforcement. Sit with that phrase for a second, because it's the whole problem in three words. We can see what the agents are doing. We cannot stop them. The SOC has eyes and no hands. The IAM team has hands and no eyes. And the agent operates in the space between them, fully visible to the people who can't act and fully unaccountable to the people who can.

Let me be honest about why this happened. IAM was built around a decision made at the front door. You authenticate, you get your entitlements, and the governance job is mostly done. The whole discipline optimized for a clean grant and a periodic review, because for human identities that was enough. A person with a role behaves roughly the same way on Tuesday as they did on Monday. The decision at the door held up over time.

Agents broke that assumption and nobody updated the org chart. An agent's risk shows up after the grant, in the behavior. The path it chooses, the tools it chains, the thing it decides to do when it reads something unexpected. That is a runtime problem. And runtime, at most companies, belongs to the SOC. So the risk moved from the front door, where IAM lives, to the runtime, where IAM has never operated. The team that owns identity doesn't own the moment the identity actually becomes dangerous.

The SOC, meanwhile, can see the dangerous moment but has no identity context to act on. They watch an agent misbehave and they can tell you what it did, but they often can't tell you who owns it, what it was supposed to be allowed to do, or whether this is the agent malfunctioning or the agent doing exactly what someone authorized. Without the identity layer, enforcement is guesswork. You don't kill a process when you can't tell whether it's rogue or load-bearing. So they watch, and they document, and the monitoring-without-enforcement architecture is born, not because anyone chose it, but because neither room had both halves of what enforcement requires.

Here's the good news, and it's the reason this is the issue I most want you to share. The market figured this out at the same time you're reading it. The whole point of CrowdStrike's Continuous Identity for AI Agents, and the wave of launches around it at Identiverse, is to move authorization from a one-time grant to a per-action decision that carries identity context into the runtime. That's the bridge between the two rooms. It's the SOC's eyes wired to the IAM team's hands. You don't have to wait for a vendor to tell you the gap is real. Five of them shipped products this quarter that exist only because the gap is real.

But tools don't merge two teams that don't talk. That's an organizational problem, and it's yours to fix before any product can help. The enforcement gap is a turf gap first. Somebody has to own the agent from grant through behavior through kill switch, end to end, and at most companies nobody does, because the agent falls in the seam between identity and operations. The companies that close this won't be the ones that bought the most. They'll be the ones where the IAM team and the SOC stopped pretending they were working on different problems.

So here's what I want you to do with this one. Send it to the person in the other room. If you're in IAM, send it to your SOC lead. If you're in the SOC, send it to whoever owns identity. Then ask them the question that the 88 percent number forces. When an agent in our environment does something it shouldn't, which one of us is going to stop it, and do we actually have what we'd need to do it?

This one's free, and it's meant to travel. If it named something you've been feeling, the best thing you can do is forward it to the person in the other room, and if they're not on the list yet, send them here to subscribe. The whole arc is building toward how you actually lead this, and it's a lot better read together.

The Last Word

The most expensive failures in security are rarely the ones nobody saw coming. They're the ones two teams both half-saw and each assumed the other was handling. The agent that leaks data for two hours doesn't do it because it was invisible. It does it because it was visible to the wrong people, the ones without a brake pedal, while the ones with the pedal were looking at a quarterly report that said everything was fine. Close the hallway. That's the whole job this quarter.

See ya next week.

Be good to each other, be kind to each other, love each other

David Lee

Reply

Avatar

or to participate

Keep Reading