Lessons from Identiverse 2026

COMMENTARY: After three days at Identiverse 2026 in Las Vegas last week, one trend became clear: every vendor was talking about AI agents.

Fabrics. Platforms. Control planes. Gateways. Registries. The promise sounds similar: identify agents, attribute them to owners, and govern them safely.

[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]

Many of the starting points are useful. Some vendors look at known AI studios, Claude compliance APIs, Microsoft Copilot Studio, Entra Agent ID, On-Behalf-Of (OBO) events, or the subset of managed agents visible inside applications already onboarded to their platforms.

All necessary. Not sufficient.

Day 1 was about visibility: where are the agents, who owns them, and how do we know they exist? Enterprise leaders are asking the harder questions. What about agents beyond Claude? Agents not registered in Microsoft Copilot Studio? Agents outside Entra Agent ID? Locally built or user-created agents? SaaS-native agents? API-based agents? Agents using delegated or reused credentials? Agents accessing applications outside the IAM stack?

And, what happens when a user runs an agent that runs another agent, does the original intent still prevail?

These are not edge cases. They are the cases that will define enterprise AI adoption.

The discussion kept coming back to one point: to see, associate, and govern all AI agents, we need to observe them at their ultimate destination, each application they touch. Not only the cloud platform. Not only the IAM stack. Not only the central directory. Every application.

Starting with the easy path is fine. But we can’t stop there. That’s exactly the mistake IAM made from the beginning. We took shortcuts, scoped narrowly. Decades later, enterprises are still dealing with fragmented programs, local accounts, unmanaged access paths, and identity dark matter that never made it into the formal control plane.

Day 2 sharpened the conversation. Visibility represents only step one. Authority becomes the real question: what should teams actually let each agent an agent do?

It’s necessary, but not enough, to register an agent in a studio, tag it to an owner, or detect an OBO event in the IAM stack. Enterprises need to decide in real time whether an actor: human, non-human, or agent, should be allowed to access a specific application, invoke a specific API, use a specific credential, or act on behalf of a user.

That decision requires more than an agent registry. It requires application context, identity context, hygiene context, delegation context, risk context, and business context.

The IAM stack we have today was built around relatively static controls: roles, entitlements, approvals, certifications, and periodic reviews. Those still matter. But AI agents will operate continuously, across applications and workflows, at machine speed. They will not wait for quarterly governance.

So the model has to shift toward real-time, zero-trust authorization: evaluating intent based on the full delegation chain, authority, hygiene, risk, business impact, and destination before allowing the action.

By Day 3, the pattern became clear. The AI-agent conversation exposes a much older enterprise problem: most organizations still do not fully understand how identity works inside their applications. Agent governance is not a standalone category, it’s forcing us to confront the identity gaps we have lived with for years.

The takeaways from all three days are simple: AI agents are coming, but enterprises need to get their identity house in order first.

Day 1: Find the agents.

Day 2: Understand their authority.

Day 3: Fix the application identity foundation they will inherit.

Because in the agentic AI era, the winning control plane will not only see registered agents. It will understand every actor, every access path, every application, and every decision before any action gets made.

Roy Katmor, co-founder and CEO, Orchid Security

SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.