Agent authorization is broken — and authentication passing makes it worse

2026-05-14 · Source: VentureBeat · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy · Depth: Intermediate, medium

Summary

Cisco's SVP and chief security and trust officer, Anthony Grieco, confirmed at RSAC 2026 that "rogue agent" incidents are regularly impacting Cisco's customer base, stemming from authorization failures rather than identity issues. The incidents involve agents accessing data or taking actions beyond their scoped permissions, even after successful authentication. Cisco's State of AI Security 2026 report indicates 83% of organizations plan agentic deployments, but only 29% feel prepared to secure them. VentureBeat identified four critical authorization gaps, including agent over-permissioning, lack of MCP server discovery, insufficient agent behavioral visibility in logs, and the compounding risk of nearly half of critical infrastructure being obsolete and unpatched. These findings are corroborated by independent standards bodies like NIST, OWASP, and the Cloud Security Alliance, all flagging similar concerns in early 2026.

Key takeaway

For CTOs and VPs of Engineering deploying AI agents, you must prioritize granular authorization controls over identity management. Your teams should immediately cease cloning human user profiles for agents, instead assigning specific, time-bound permissions. Additionally, audit your network infrastructure for end-of-life assets and implement robust MCP server discovery and agent behavioral logging to prevent over-permissioned agents from exploiting vulnerabilities in your environment.

Key insights

Authorization, not identity, is the primary security gap for AI agents, leading to over-permissioned access and rogue actions.

Principles

• Agents often inherit broad human-level access by default.
• Security must evolve quickly to counter AI agent adversaries.
• Secure by default is not a static achievement.

Method

Implement MCP discovery, proxying, and inspection. Register agents as distinct identity objects with granular, time-bound permissions. Update logging to capture process tree lineage for agent actions. Audit network assets for end-of-life status.

In practice

• Stop cloning human accounts for AI agents.
• Scope agent permissions to specific data and time windows.
• Inventory all MCP servers before deploying governance.

Topics

• Agent Authorization
• Agentic Capabilities
• Identity and Access Management
• Model Context Protocol
• Critical Infrastructure Security

Best for: CTO, VP of Engineering/Data, AI Security Engineer, AI Architect, Director of AI/ML

Related on AIssential

• Enterprise identity was built for humans — not AI agents — Enterprise identity systems must evolve to explicitly manage AI agents, moving beyond human-centric security models.
• Most enterprises can't stop stage-three AI agent threats, VentureBeat survey finds — Enterprises lack critical enforcement and isolation controls for advanced AI agent security threats.
• Prevent agentic identity theft — Local AI agents pose significant security risks due to broad system access, necessitating robust identity verification and access controls.
• Behavioral Credentials: Why Static Authorization Fails Autonomous Agents — Autonomous agents require continuous behavioral attestation, not static authorization, to ensure operational trust and mitigate drift.
• Agent Auth: A lawyer’s day in court — AI agent authentication requires explicit identity, delegation, and policy enforcement, akin to a lawyer representing a client.
• Identity Is the New Perimeter: Managing AI Agents As Digital Actors — Identity-first security is crucial for managing autonomous AI agents in distributed digital infrastructures.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by VentureBeat.