AI agent identity and next‑gen enterprise authentication prominent at RSAC 2026

Passwordless authentication for humans and non-human identities is emerging as a key theme of RSA Conference 2026, with vendors rolling out new hardware, biometric and passwordless technologies designed to secure both humans and autonomous agents. Meanwhile, Yubico and big-hitting partners such as IBM are going big on hardware-backed “Human-in-the-Loop” models for agentic authorization.

Swissbit previews post-quantum hardware authentication

Swissbit will soon show an early preview of face biometric verification with liveness detection on a FIDO2 Key.

The company says this will bring hardware‑rooted, privacy‑preserving identity proofing to both physical and digital access systems.

“With the iShield Key 2, we set a new bar by unifying physical and digital access in one device,” says Alexander Summerer, head of authentication at Swissbit.

“Now we’re taking the next big steps, bringing HID Seos, biometric identity verification, and post-quantum resistance into a powerful, hardware-based ecosystem built for the future.”

Still in development, the feature is designed to support one‑time authentication as well as unified physical and logical access control, with an option for continuous user verification.

Swissbit will demonstrate the technology at its booth (#6565) during the March 23–26 RSA Conference 2026 at San Francisco’s Moscone Center.

Swissbit will also highlight progress in post‑quantum authentication and new integrations for physical access. As part of its post‑quantum push, Swissbit will present the iShield Key PQC Evaluation Platform.

This is an early hardware environment that allows selected partners to test post‑quantum authentication flows and integration ahead of final standards and certification. Insights from the program will shape future PQC‑ready versions of the iShield Key.

The company has also added support for HID Seos, one of the most widely used credential technologies for physical access control. Launch dates for the biometric and PQC‑ready versions of the iShield Key 2 will be announced later.

RSA attendees will be able to preview both capabilities and see how Swissbit is positioning hardware‑based identity for the next era of secure authentication

RSA expands passwordless, AI‑ready identity support

RSA has expanded its identity and passwordless capabilities for Microsoft’s new 365 E7: The Frontier Suite, strengthening authentication for both human users and AI agents.

The integration of RSA ID Plus with Microsoft 365 E7 gives enterprises stronger protection for sensitive data and privileged operations across cloud, hybrid and on‑premises environments. It follows RSA’s recent additions to the Microsoft Intelligent Security Association and new integrations with Microsoft Security Copilot.

“The rise of AI agents in the enterprise means organizations need to rethink how they secure every identity — human and machine alike,” said RSA CEO Greg Nelson. He said the expanded capabilities help eliminate passwords, block advanced identity threats and scale secure access.

RSA also highlighted new passwordless features that work independently or alongside Microsoft Entra ID. These include updated desktop passwordless for macOS and Windows, enhanced mobile passkeys with proximity checks, and datacenter passwordless support for Linux and other servers.

“At RSA, passwordless isn’t just a feature — it’s a discipline that has to hold when everything else breaks,” said Jim Taylor, RSA’s President and Chief Product and Strategy Officer. Organizations can now deploy RSA authentication through Microsoft Entra External MFA, enabling the full RSA authentication suite within Entra configurations.

RSA is demonstrating the new capabilities at Booth N 6253 during the RSA conference.

Human‑verified authorization model for AI agents

IBM, Auth0 and Yubico have formed a partnership aimed at solving the great emerging challenge in enterprise AI — how to prove that a verified human approved high‑risk actions taken by autonomous agents.

The companies say the rise of “digital workers” — AI agents capable of writing code, executing transactions and interacting with sensitive systems — has outpaced traditional identity and security models.

The collaboration introduces a Human‑in‑the‑Loop authorization framework that allows AI agents to operate autonomously for routine tasks, but requires cryptographically verified human approval for high‑stakes actions. This includes large financial transfers, production code deployments or access to sensitive data.

The model combines IBM’s WatsonX AI orchestration, Auth0’s identity flows using the CIBA standard, and Yubico’s hardware‑backed YubiKey authentication to create a verifiable chain of accountability.

Security concerns are driving the shift. Recent industry data shows 87 percent of organizations see rising risks from AI vulnerabilities, while most lack foundational AI security practices. Traditional identity systems cannot prove which human authorized an AI‑initiated action, and software‑only controls are vulnerable to impersonation or replay attacks.

Under the new model, IBM’s AI agents propose actions, Auth0 triggers secure out‑of‑band approval requests, and YubiKey taps provide cryptographic proof that a specific human physically authorized the decision.

The companies say this approach provides non‑repudiation and meets regulatory and operational requirements without slowing down automation. The partners outlined the architecture at RSA Conference, giving insight into a foundation for safely moving AI agents from pilot projects into production environments.

Bringing hardware‑backed accountability to AI agents

Yubico and Delinea have partnered on a new integration aimed at closing the security gap in the rise of agentic AI.

The integration allows Yubico’s hardware‑attested Role Delegation Tokens (RDTs) to work inside the Delinea Platform alongside StrongDM’s runtime authorization engine and StrongDM ID, the identity layer built for AI agents.

Following Delinea’s acquisition of StrongDM, the combined platform now unifies privileged access management with just‑in‑time runtime authorization for both human and non‑human identities.

“The hard problem in agentic AI security is accountability: can you prove a specific human approved a high-consequence action?” said Albert Biketi, Yubico’s chief product and technology officer.

He noted that hardware attestation without runtime enforcement, or runtime enforcement without hardware attestation, leaves organizations exposed. “This integration with Delinea solves both sides.”

The joint solution links Delinea’s identity governance and runtime authorization with Yubico’s hardware‑signed RDTs. When reaching a sensitive decision point, such as a production deployment or privileged configuration change, the system requires a human sponsor to sign an RDT envelope with their YubiKey before the action proceeds. This creates a verifiable chain binding every high‑risk automated action to a specific human approver.

“AI agents are quickly becoming one of the fastest-growing classes of identities in enterprise environments, yet most organizations lack the controls and accountability needed to govern what those identities can do,” said Phil Calvin, Delinea’s chief product officer. “By combining Delinea’s identity governance and runtime authorization with Yubico’s hardware-backed human authorization, we create a trusted chain of control that ensures every high-risk action performed by an AI agent can be traced back to a verified human decision.”

Early access to the RDT integration will begin in Q2 2026. Yubico and Delinea will demonstrate the capability live at RSA Conference 2026, where attendees can see hardware‑attested authorization for AI agents in action.

Yubico expands enrollment services for Microsoft and PingID

Yubico has expanded its YubiKey enrollment services to support simple, secure in‑the‑field setup for Microsoft Entra ID and PingOne PingID environments.

The new capabilities, offered through YubiKey as a Service, are designed to speed up passwordless deployment and strengthen phishing‑resistant authentication across large organizations.

A new YubiKey as a Service – Enroll app is now in limited early access for Android users. Yubico plans to release it as both a standalone app and an SDK, allowing enterprises to embed YubiKey enrollment and account recovery directly into their existing IT and HR workflows.

Enterprises will be able to choose between a fully managed service that ships pre‑enrolled YubiKeys to employees or on‑site enrollment tools that let IT and non‑technical staff register keys on behalf of users.

The company’s FIDO Pre‑reg service delivers factory‑programmed keys ready for passwordless login. It’s already available with Okta, Ping Identity, Versasec, and is in early access with Microsoft. Yubico is also offering YubiEnroll, a free command‑line tool for technical teams that need to enroll keys quickly, or in regions where turnkey delivery is limited.

The expanded services include secure remote setup, end‑to‑end encrypted provisioning, global delivery options, audit visibility and the ability to reset and reassign keys when employees change roles. Yubico says these capabilities will help organizations deploy hardware‑backed authentication across distributed workforces while maintaining strong governance and operational control.

Article Topics

AI agents  |  biometric security key  |  Delinea  |  identity access management (IAM)  |  Microsoft Entra  |  non-human identities  |  passwordless authentication  |  Ping Identity  |  RSA  |  RSAC 2026  |  Swissbit  |  Yubico