By The accountability question sounds simple: when an AI agent executes a high-stakes action, can you prove a specific human authorized it? Albert Biketi, Chief Product and Technology Officer at Yubico, posed it at RSAC 2026 last week. "The hard problem in agentic AI security is accountability: can you prove a specific human approved a high-consequence action?"
From most enterprise security teams, the honest answer is no.
That's what RSAC 2026 kept circling back to. Not theoretical AI threat modeling or five-year risk horizons. The specific, structural problem that AI agents create in identity infrastructure built entirely around humans. The conference ran March 23-26 at Moscone Center in San Francisco, with agentic AI, identity, and Model Context Protocol explicitly on its official list of top trends for 2026. That combination is not coincidental.
The gap between claimed visibility and actual control
Start with the baseline. An ArmorCode and Purple Book Community survey of over 650 security leaders found 90% of enterprises claim visibility into their AI footprint. That sounds reassuring until the next number: 59% of those same organizations confirmed or suspect they have shadow AI. Nearly two-thirds of people who said they could see everything also admitted they're not seeing everything.
Nudge Security's data adds texture. Their AI Agent Discovery product, announced at RSAC, found that 80% of organizations are encountering agentic AI risks related to improper data exposure and unauthorized system access. The product covers Microsoft Copilot Studio, Salesforce Agentforce, and n8n, and specifically surfaces unauthenticated MCP connections, orphaned agents, and risky integrations.
"The greatest AI security threat isn't what organizations can't see, it's what they can see but can't govern fast enough to stop," said Sangram Dash, CISO and VP of IT at Sisense.
That's a more precise framing than most vendor messaging at the conference. The problem is not purely discovery. The governance layer does not exist yet.
What the industry shipped
The vendor response at RSAC was substantial, though uneven in maturity.
On identity: RSA expanded passwordless capabilities for Microsoft 365 E7 to cover both human and AI agent identities. IBM, Auth0, and Yubico announced a Human-in-the-Loop authorization framework combining IBM WatsonX orchestration, Auth0's CIBA-standard identity flows, and Yubico's YubiKey hardware authentication for cryptographically verified human approval of high-stakes agent actions. Yubico and Delinea separately announced integration of hardware-attested Role Delegation Tokens with Delinea Platform and StrongDM ID — an identity layer built specifically for AI agents, in early access in Q2 2026.
Saviynt debuted what they're calling "Identity Security for AI." CEO Sachin Nayyar argued the full stack is required: "core identity management, posture management, privileged access management, vaulting, enforcement — everything running together at AI speed."
