Agent identity (NHIs) is now a security surface

A 2025 Team8 CISO Village survey reported nearly 70% of enterprises already run AI agents in production, with another 23% planning deployments in 2026 and roughly two‑thirds building those agents in‑house. (thehackernews.com)) A controlled red‑team exercise highlighted how quickly agentic attacks escalate when a compromised agent reached broad system access on McKinsey’s internal platform “Lilli” in under two hours. (bvp.com)) That exercise flagged prompt‑injection and Model Context Protocol (MCP) weaknesses as concrete escalation vectors for autonomous agents. (bvp.com)) Recent guidance from the Cloud Security Alliance recommends issuing per‑agent, short‑lived credentials and using workload identity federation to eliminate long‑lived API keys and service account secrets. (cloudsecurityalliance.org)) Surveys and analyses show enterprises are adopting centralized secrets managers plus RBAC and attribute‑based policies to enforce scoped permissions and enable rapid revocation of agent privileges. (elevateconsult.com)) Security reporting and MSSP analysts are urging that agent actions be treated as first‑class telemetry—ingested into SIEM/XDR pipelines for anomaly scoring, audit trails, and forensic replay. (msspalert.com)) Industry voices are promoting “guardian agents” that continuously evaluate agent intent and automatically trigger credential revocation or containment when anomalous behavior is detected. (govinfosecurity.com)) Platform patterns showcased at RSAC and in vendor Innovation Sandbox demos emphasize SDKs, policy‑as‑code, and orchestration tooling (examples cited include Geordie AI) to give developer teams safe, auditable agent runtimes. (xalient.com)) MSSPs and security teams forecast 2026 will bring managed agent‑lifecycle services combining telemetry pipelines, revocation APIs, and DevX SDKs to balance rapid cross‑team adoption with enforceable safety controls. (msspalert.com))