As agent-based AI workflows spread across the enterprise, security leaders face challenges in identity management, authentication, and governance. Challenges that ask new questions and require new answers. At the RSAC 2026 conference, I had the opportunity to speak with Sam Curry, CISO at Zscaler. We discussed the security pillars that organizations need to get right to manage the AI agents that will soon dominate internet interactions. Above all, there needs to be a renewed focus on some fundamental security principles.
Adding AI agents to the workforce is more than just a technology change. This represents a fundamental shift in the way we transact and communicate online. Curry predicts that silicon-based intelligence (the name for AI agents, as opposed to carbon-based agents, or humans) will become the most common form of interaction on the internet. Agents perform thousands of transactions for every human action. This change makes traditional bot detection methods obsolete and requires an entirely new security framework.
Two Pillars of Agent Security
When it comes to agent workflows, we noticed several trends during the RSAC 2026 conference. The focus was on securing workloads at runtime. The second major topic was around the concept of identity.
“Identity itself is still a work in progress for carbon-based beings and humans, and now we’ve introduced silicon,” Currie explains. The challenge lies in establishing appropriate identity binding for agents representing multiple people or distributed across multiple workloads. Currently, agents typically function as workloads bound to specific machines or cloud computing resources, but this is likely to evolve.
Accountability is key. Organizations must implement a system to track which agents represent which principals and what actions they are authorized to perform. This should go beyond simple authentication to include authorization and authenticity verification. It’s a more complex endeavor.
Building an authentication framework for AI agents
Curry advocates for standards such as SPIFFE and SPIRE to create a proper identification, validation, and authentication framework for workloads. “You have to get the basic identifiers, identification, validation, authentication, and then build a framework on top of that,” he emphasizes.
When agents perform certain transactions on behalf of humans, the authentication challenges become more difficult and nuanced. An agent may need permission to use a credit card in one context but not in another, requiring granular authorization control. This specificity must be balanced against the efficiency that makes the agent valuable in the first place.
Organizations need gateways and brokers to control agent proliferation, especially in cloud environments. Basic provisioning and deprovisioning processes are important. This applies not only to security, but also to practical issues such as billing. “The last thing you want is an agent going out of control and cloning itself and creating new workloads,” Curry warns.
API security and MCP
This conversation also touches on API security. The advent of Anthropic’s Model Context Protocol (MCP) has made it very attractive to also adopt it as a layer to secure agent workflows. However, MCP is not a prerequisite for AI agents to function. You can also directly access the information you need through other routes such as the CLI or API.
Solutions include protocols such as mutual TLS (mTLS), recent working group HTTP signing, and QUIC. However, architectural thinking remains the most important. “We need to look at architectures and frameworks,” Curry argues. He believes that as technology continues to evolve rapidly, proper design can prepare organizations for future growth.
Zero Trust Architecture for Agent Containment
Zero Trust principles provide a framework for managing agent environments when in practice they mean least privilege, least functionality, and least exposure. By segmenting users into apps, workloads, devices, and offices, organizations can lower barriers, including risk, to acceptable levels.
“We can start to say, to a certain extent, we can contain this, we can put order and structure in place,” Curry explains. While proxy and reverse proxy technologies make the system less obtrusive, proper segmentation allows different departments to innovate at different risk levels. Salespeople may want a messy, highly innovative environment for their AI-powered quoting tools, but other features require metronome-like stability.
The goal is not to completely eliminate risk. Curry believes that’s not possible for anything worth doing anyway. Achieving acceptable risk levels through appropriate architecture and controls is key.
Automation challenges in a hostile environment
Automation improves efficiency, but Curry cautions that “any time you automate with an intelligent counterpart, you become predictable.” When a security system automatically creates tickets and incidents in a predictable manner, attackers can exploit that predictability to cause a denial of service condition.
This adversarial dynamic means that certain security functions are easier to automate than others. GRC (governance, risk, and compliance) tasks, such as evidence collection and reporting, will be heavily automated, potentially eliminating some jobs. However, the ability to deal with the real-time unpredictability of intelligent adversaries will require agent-assisted human expertise rather than pure automation.
Curry likens it to modern warfare, where stealth fighters work with unmanned drone support to expand their capabilities in the battlespace. The same model applies to cyber defense. AI assistance extends human capabilities without replacing human judgment in adversarial situations.
Future security talent
The impact on security operations varies by job role. Currie predicts that roles focused on repetitive documentation will be largely automated, while roles that deal with intelligent adversaries will evolve into agent-assisted roles. The human-to-agent ratio may be 1:1 or different, but the adversarial element of cybersecurity ensures continued human involvement.
“This is what happened in chess,” Curry points out. “For 10 years, AI-assisted humans dominated the world of chess. Then AI took over. But this is a more complex world.” The complexity of cybersecurity, combined with its adversarial nature, suggests that there will be longer periods of human-agent cooperation than would occur in more deterministic realms.
Going beyond technical skills, the future will require a mature conversation around agent policy and lifecycle management. “The problem isn’t the tools,” Curry said. “The problem is actually changing business processes and culture.” Even when organizations leverage tools to make decisions, they still need human-to-human conversations to decide what to do and what their systems should look like.
Practical steps for your organization
Curry recommends that organizations focus on the basics such as cleaning up the underlying infrastructure, implementing proper identity and access management for agents, establishing gateways and brokers for cloud environments, and applying zero trust segmentation. These fundamentals create a foundation for innovation within acceptable risks.
Ensuring auditability is very important. When an incident occurs, security teams must be able to track who did what, learn from it, and apply controls. This accountability also applies to scenarios such as privilege escalation, agent duplication, or unauthorized data access.
Although technology is rapidly evolving, the fundamentals of good security architecture remain the same. Organizations that get these basics right are well-positioned to safely innovate as agent AI capabilities continue to evolve.
Also read: IDs are becoming more flexible to cyber attackers
