One Identity predicts AI agent breaches, tighter controls in 2026

Identity security firm One Identity has released five key predictions for 2026, positioning identity as the central control plane in an evolving cybersecurity landscape dominated by AI and automation, reports sIT Brief United Kingdom.

The company forecasts the first major breach originating from an over-privileged AI agent, where prompt-injection attacks will exploit the autonomous workflows of these systems, triggering unauthorized actions and privilege escalation. One Identity's Alan Radford warned that the rush to deploy active AI agents is "outpacing the capabilities of their current security programs," necessitating a shift to secure the identities within AI systems themselves. Further predictions include a move toward "proof-based" supply chain oversight, with regulators demanding real-time evidence of access controls instead of annual attestations.

The firm also highlights the growing risk from unmanaged non-human identities, such as bots and service accounts, which often vastly outnumber employees and lack proper governance. Additionally, the rise of AI model poisoning and the widespread adoption of EU digital identity wallets under eIDAS 2.0 will create new challenges for security teams, requiring tighter integration between identity assurance and AI governance.