Cloud taught enterprises a painful lesson: move fast, connect everything, sort out identity later, then spend years cleaning up the mess. At RSAC 2026 last week, Sriram Santhanam, chief cyber officer at Human Managed, gave that pattern a familiar line: “I’ve seen this movie before.”
Santhanam, one of many identity experts speaking at RSAC, said familiar growing pains akin to cloud adoption are back with AI agents, copilots and the explosion of non-human identities. The difference, he said, is velocity.
Cloud took roughly 10 years to reach about 40% enterprise adoption, he said. Generative AI hit a similar milestone in two years. AI is moving three to five times faster than cloud did, while many companies are still catching up on the basics of identity governance in this nascent AI-era.
Cloud’s Lessons, AI’s Timeline
Cloud was a slow-motion revolution. Public cloud took about a decade to move from breakthrough to normal enterprise infrastructure, and the security mess took even longer to understand. The question now is not whether enterprises will adopt agents. It’s whether we can make identity management state of the art before our AI mistakes pile up even faster than cloud-era blunders did.
“Identity is a fundamental principle for AI agent security,” said Sandeep Kumbhat, head of global field CTO, Okta.
He said identity security is an imperative because failure in the agent era will not be measured only in breaches. It will also show up in less obvious and more malicious ways such as corrupted data, unauthorized actions, broken audit trails, compliance headaches and decisions no one can fully explain after the fact.
“Much of the identity debt is invisible until the damage is done,” Santhanam said.
If cloud taught the industry the cost of weak governance, AI agents threaten to raise the price by adding autonomy, scale and speed.
IAM Moving at AI Speeds
Cloud gave companies years to clean up identity sprawl. AI agents can create the same mess in a fraction of the time.
The warning was clear from the Moscone Center conference rooms. As AI agents plug into Salesforce, Workday, Slack, GitHub and cloud consoles, they create a surge of API keys, tokens and delegated permissions that can quickly outrun oversight.
These systems are no longer just drafting emails or summarizing tickets, Kumbhat said. Consider the non-human identities (NHI) HR assistant that can read employee records, a sales copilot tied to CRM data, or a coding agent with access to source code and deployment tools. What could possibly go wrong?
A lot said Kumbhat.
“There is a huge consulting company who was running, of course, very fast. They wanted to launch 10,000 agents by the end of this year, because they want to take care of a balance of digital workforce versus human workforce. They never cared about security. They just had a massive breach, and now they are six months behind in their AI journey,” he said.
More public examples include in 2024 when Air Canada was held liable after its chatbot gave a customer bad refund guidance. Meta disclosed an internal incident in March when an AI agent’s unauthorized advice helped expose sensitive data to employees who lacked access. In both cases, the issue was not what the AI suggested. It was who gave it authority to act, what data or systems it could reach, and who owned the fallout when it got it wrong.
A similar cloud-era version of this problem was not autonomous agents running amok, but rather the uncontrolled expansion of IAM sprawl that lead to identity blind spots. In 2019, Capital One showed how a single cloud misconfiguration could expose massive amounts of data. Uber showed in 2022 how a stray cloud key could turn source-code access into a breach.
Same Cloud Plot, Shorter AI Fuse
Yesterday’s shadow IT becomes today’s shadow AI. Service-account sprawl becomes agents and toolchains. Secrets once scattered across repos and pipelines now also sit inside agent credentials, OAuth grants, tool connectors, and the Model Context Protocol (MCP) – a universal adapter of sorts that lets AI plug into your data and tools.
Cloud identity and access management began to crack when decentralized adoption of unsanctioned SaaS apps (Dropbox, Zapier, stray AWS buckets), outpaced governance, Santhanam said. Cloud let organizations adopt first and govern later. Ownership was unclear, shadow IT expanded and identity sprawl followed. AI is now replaying that pattern by granting immortal credentials to self-configuring agents that can connect to dozens of tools in a single afternoon.
Kumbhat cited research showing that 51% of organizations are already deploying AI agents, 27% are piloting them and 22% are still researching use cases. That is why the governance problem already feels like compounded operational debt rather than a theoretical timebomb—the identities are already live, but the guardrails are still in the backlog.
Alongside the productivity gains behind the firewall come token sprawl, on-behalf-of delegation problems, weak agent inventory and thin audit trails across MCP connections.
Warning flags have not slowed enterprise adoption much. Kumbhat said of those enterprise users of AI use rose from about 1% in early 2024 to 91% by late 2025. He also cited Anthropic research suggesting that a single unsanctioned agent may connect to as many as 58 tools.
That has left door more than ajar for AI-fueled identity mishaps, which there have been.
One widely cited 2025 example involved Replit’s coding agent. Tasked with maintenance during an explicit “code freeze,” the agent bypassed safety instructions and executed a DROP DATABASE command. After wiping the production system, it autonomously generated 4,000 fake logs to cover its tracks, later telling developers, “I panicked instead of thinking.”
The Old Operating Model Is Too Slow
Cloud gave identity teams years to clean up access debt. With AI there is more security at stake and a shorter fuse.
Ian Glazer, head of continuous identity, product strategy at CrowdStrike, said the bigger problem is that today’s cloud-ready identity (but not AI ready) and access management models were built for a soon-to-be woebegone era. While identity still follows the workflow-driven principles of join, move, leave and log in, agent-ready systems need decisions that are contextual, dynamic and continuous.
“We cannot just IGA harder and expect something different to happen,” Glazer said. Using identity governance and administration (IGA) as a verb, he poked fun at the old habit of throwing more tickets, approvals, and certifications to quell escalating identity problems.
His complaint was not that identity lacks policies. It is that too much of the policy that governs identity depends on slow humans reviewing yesterday’s request after the work has already moved on.
Akhila Nama, head, enterprise security, Box, made the same point from the operator’s side. A fixed identity – user or machine – that remains valid until manually revoked or updated does not hold up when a coding agent can install 10 or 15 extensions in a day or when a tool can expand its reach faster than inventory and review processes can keep up.
How the Debt Starts
Like cloud, the trouble usually starts as a shortcut. The difference is that AI can scale that shortcut into risk much faster.
Chris Gruel, distinguished solutions engineer at Oasis Security, reminded his session attendees that looming identity debt rarely starts as sabotage. Usually, it starts with someone trying to get work done.
He shared an early-career anecdote from his time as a data-entry temp at Home Depot. He automated his own job with a homegrown system spread across five machines, each storing credentials and talking to the others. He thought he was being clever. In hindsight, he said, he had become a “rogue IT villain.” Messy identity sprawl often begins as ingenuity under pressure.
Gruel reminded RSAC attendees that Colonial Pipeline paid a $4.4 million ransom after “nobody hit delete” on a stale VPN account. In another scenario, he described how one credential spread across more than 30 repos and created “infinite risk.”
“Stop creating immortal identities faster than you can govern them,” Gruel said.
Attackers Are Moving at Machine Speed, Too
If defenders are still cleaning up cloud-era identity debt, attackers are already exploiting the next version of it.
Brian Contos, field CISO at Mitiga, said defenders have a narrowing AI window to get IAM right. “Identity is still the number one access factor,” he said, and AI is amplifying attacks through scale, speed and accuracy.
In November, Anthropic disclosed that it had disrupted a sophisticated, AI-orchestrated cyber espionage campaign conducted by a Chinese state-sponsored group. The attackers used Anthropic’s Claude Code tool to perform nearly all stages of a cyberattack, from reconnaissance to data exfiltration, with minimal human oversight.
Contos reduced the shift to “old human vs. human and new bot vs. bot.” He warned of dated defender models where abuse is investigated inside cloud and software-as-a-service platforms. He points out that this is where logs can be fragmented and retention can be short. In that environment, token theft, phishing and reconnaissance do not have to be perfect. Adversaries only have to blend in long enough.
His advice: understand your exposure, turn on the logs, build identity-centric detections and automate what you can. “You don’t need to do everything at once … but you do need to start doing it.”
What Changes Monday Morning
That brings the cloud lesson back into focus: identity security has to be designed into the SOC before AI agents scale. Repairing right of boom is too late. The overarching message from these discussions here at RSAC was not a call to “slow down AI.” It was “stop bolting identity on at the end.”
That means finding the agents before pretending to govern them, Kumbhat said. It means registering agents as first-class identities with owners instead of letting them hide behind generic service accounts. It means shrinking standing privilege, vaulting tokens, rotating credentials and separating user identity from agent identity when the risk is too high to let them blur together. It means moving policy closer to runtime, so access reflects the ticket, the device, the task and the risk, not a stale approval from last quarter.
Cloud gave enterprises years to build identity debt quietly in the shadows and years more to discover it. AI offers no such grace period. With autonomous agents capable of expanding their reach in hours rather than months, the debt is being accrued loudly, rapidly, and in full public view.
