Pressure to adopt AI has led to critical security gaps for enterprises

New research commissioned by Delinea looks at the tension between the pace of AI adoption, and how prepared organizations are to handle it.

Entitled “Uncovering the Hidden Risks of the AI Race,” the report says 90 percent of organizations pressure security teams to loosen identity controls in the interest of putting AI agents to work. The thinking is that “organizations can’t afford to let security friction hang up agentic AI deployments.”

In other words, industries across the board are suffering from a severe case of FOMO, fueled by AI evangelism that has positioned it as a necessity without question. Yet significant gaps in AI identity discovery, monitoring, and privilege control can leave organizations exposed as they try and stay abreast of the hype.

‘We’ve got this,’ say teams who do not

Despite the threat, businesses tend to think they’re fine: “many organizations remain confident in their readiness for AI adoption, highlighting a disconnect between perceived and actual security maturity.” Delinea calls this “the security confidence paradox.”

Clearly, there is a need to align expectations with reality. The study “indicates that identity security must evolve alongside AI adoption. Leaders must modernize the way they discover and protect access and identity relationships in the AI era so they can innovate quickly without abandoning identity governance in the process.”

The message carries a whiff of having a cake and eating it, too. Pressure to operationalize AI is unlikely to subside soon, and the risks will grow, especially as AI agents are granted more and more control. “Organizations are knowingly trading identity control for operational velocity. There is strong pressure to loosen privileged access requirements to enable automation. Standing access is routinely granted under operational urgency. When security introduces friction, speed frequently wins.

“The report reflects a core industry truth: Organizations can’t secure or govern what they cannot fully see.”

Runtime identity critical question: 1Password’s Nancy Wang

Unseen AI agents are causing plenty of nightmares for security teams across the spectrum. Nancy Wang of 1Password contributed to the 2026: The End of Vibe Adoption whitepaper. In a blog post, she says the research points to a core point: “before regulators or insurers can address AI-related harm, enterprises need technical clarity around runtime identity, responsibility, and auditability before deploying agents in critical systems.”

“The gap is not governance intent. It is execution control.”

The whitepaper stresses the foundational principle that “identity, access, and accountability must operate at the same speed as autonomous systems.” Risk cannot out-scale capability.

Wang says that to keep pace, identity must be dynamic: “each agent action should be tied to a scoped, short-lived identity at runtime – eliminating shared credentials, enforcing least privilege at the tool and data layer, issuing access just-in-time with clear expiration, and capturing credential issuance, tool execution, and data access in a unified audit trail where identity is inseparable from action.”

Continuous monitoring of identity usage and data flows provides visibility necessary to determine ownership and attach accountability. “Many organizations lack full visibility into which AI systems are operating in their environment, what data those systems access, or how their behavior changes over time,” says Wang. But “you can’t secure what you can’t see. For agents, visibility requires enforcing identity controls at runtime.”

Delinea, Yubico partner on hardware-rooted personhood proof

A host of launches reflects the speed of the problem.

Delinea has partnered with Yubico to offer “hardware-rooted human authorization” that leverages the runtime authorization and identity governance capabilities Delinea gained in its recent acquisition of StrongDM.

Per a release, the integration enables Yubico’s Role Delegation Tokens (RDT), “a cryptographic authorization primitive backed by YubiKey hardware,” to be used within the Delinea platform. RDT adds a cryptographic hardware root of trust to the architecture for Privileged Access Management with runtime authorization across human and agentic actors.

Combined, the tools provide end-to-end accountability for AI workflows, hardware-attested proof of human authorization for high-consequence agentic action, unified governance across human and machine identities, and comprehensive audit trails binding every automated action to a verified human.

“The hard problem in agentic AI security is accountability: can you prove a specific human approved a high-consequence action?” says Albert Biketi, chief product and technology officer for Yubico. “Hardware attestation without runtime enforcement is a signature with no enforcement point. Runtime enforcement without hardware attestation is a policy gate with no proof of human presence. This integration with Delinea solves both sides.”

SOCRadar’s AI Agent Marketplace offers modular deployment

SOCRadar has launched its new AI Agent Marketplace, “an integrated hub where organizations can browse, purchase, and deploy specialized autonomous AI agents tailored for specific cybersecurity tasks and use cases in the SOCRadar XTI Platform,” according to a release. It comes with a new Identity & Access Threat Intelligence AI Agent, which can “analyze the data files associated with a compromised machine (e.g. session cookies, credentials, etc.) to help analysts quickly determine the source of a leak and generate a risk analysis report.”

The marketplace model unbundles the all-in-one platform into a modular ecosystem that provides security teams with additional customization and precision. Per the release, organizations can easily select and deploy only the specific agents required for their unique use cases.

“Identity has become the new attack surface,” says Huzeyfe Onal, CEO of SOCRadar. Threat actors no longer need malware when stolen credentials and session cookies can open the door to an entire organization. By integrating external identity context with automated risk analysis, we are helping our partners and customers build a future-proof defense that accounts for the rapid surge in malware-free, identity-driven attacks.”

BeyondID, Nexera partner to close governance gap

BeyondID and Nexera have announced a strategic partnership to help organizations accelerate AI adoption without sacrificing security, compliance or control. A release says that, as governance lags behind adoption, the partnership aims to address the gap, with Nexera bringing the Intelligence Layer and BeyondID securing the Identity and Trust Layer.

“Enterprises are under enormous pressure to deploy AI quickly, but speed without governance is a liability,” says Arun Shrestha of BeyondID. “Nexera builds intelligent AI systems while BeyondID ensures every AI agent, model, and workflow is securely identified, governed, and monitored. Now, organizations no longer have to choose between moving fast and staying secure.”

“AI is only as powerful as the trust placed in it,” said Tom Wisnowski, CEO at Nexera. “With BeyondID, we can now offer our clients the full stack, from intelligent systems to the identity infrastructure that makes those systems safe to operate at enterprise scale.”

Proofpoint AI Security aims to keep agents in line

Proofpoint has launched Proofpoint AI Security, which, according to a release, combines intent-based detection, multi-surface control points and a comprehensive implementation framework to “secure how humans and AI agents use AI across the enterprise.”

It operates across the surfaces where AI is used, including endpoints, browser extensions, and MCP connections, and analyzes “the full semantic context of AI interactions” to continuously evaluate whether behavior aligns with an original request, defined policies and intended purpose.

The company is also introducing the Agent Integrity Framework, a “comprehensive guide that defines what it means for an AI agent to operate with integrity and provides a five-phase maturity model for implementation, from initial discovery through runtime enforcement.”

According to Sumit Dhawan, CEO of Proofpoint, “humans and AI agents share similar risks: both can be manipulated and both can take actions that diverge from their intended purpose, yet traditional security was never designed to validate intent. Proofpoint is uniquely positioned as a unified cybersecurity platform built to protect people, defend data, and govern AI agents together, providing continuous, intent-based verification that behavior aligns with policy and intent.”

Article Topics

1Password  |  AI agents  |  BeyondID  |  Delinea  |  digital identity  |  identity access management (IAM)  |  non-human identities  |  Proofpoint  |  SOCRadar  |  Yubico