惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

博客园 - 三生石上(FineUI控件)
Martin Fowler
Martin Fowler
月光博客
月光博客
AI
AI
B
Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
C
CXSECURITY Database RSS Feed - CXSecurity.com
WordPress大学
WordPress大学
GbyAI
GbyAI
L
Lohrmann on Cybersecurity
O
OpenAI News
Schneier on Security
Schneier on Security
P
Palo Alto Networks Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
T
Troy Hunt's Blog
V2EX - 技术
V2EX - 技术
W
WeLiveSecurity
L
LINUX DO - 最新话题
人人都是产品经理
人人都是产品经理
S
Security Affairs
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
A
Arctic Wolf
Recorded Future
Recorded Future
Microsoft Security Blog
Microsoft Security Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
G
GRAHAM CLULEY
N
Netflix TechBlog - Medium
TaoSecurity Blog
TaoSecurity Blog
C
Check Point Blog
Scott Helme
Scott Helme
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Apple Machine Learning Research
Apple Machine Learning Research
PCI Perspectives
PCI Perspectives
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Vercel News
Vercel News
The Hacker News
The Hacker News
Y
Y Combinator Blog
Latest news
Latest news
SecWiki News
SecWiki News
Hugging Face - Blog
Hugging Face - Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Google Online Security Blog
Google Online Security Blog
Webroot Blog
Webroot Blog
Google DeepMind News
Google DeepMind News
Recent Commits to openclaw:main
Recent Commits to openclaw:main
C
Cisco Blogs
博客园_首页
H
Hackread – Cybersecurity News, Data Breaches, AI and More
宝玉的分享
宝玉的分享
L
LINUX DO - 热门话题

The Register - Special Features

23andMe inherits lawsuit over 'disturbing' DNA data breach Troops’ phones gave away location data to foreign adversaries Qualcomm picks bad time to pitch a $300 laptop platform AI agents get their own phone directory built atop DNS Carnival confirms ShinyHunters cruised off with 6M customer records after April breach Google engineer accused of turning Year in Search secrets into Polymarket payday Are we human? India's cyber agency sets clock at 12 hours to tackle exploited bugs as AI turns up the heat Broadcom gets early start on WiFi 8 with next-gen wireless routing kit Are we human? Microsoft Excel champ proves he still has the formula Anthropic co-founder hallucinates ghost in the machine Anthropic co-founder hallucinates ghost in the machine NASA plans Moon Base buildout with rovers, drones, cargo landers MyPillow must decide whether to be firm or soft as ransomware crims demand pay Starship shows it can deploy satellites, but Moon mission clock still ticks Huawei's chip law looks less like Moore and more like marketing Experts pour cold borscht on Farage's Russian hack claim Logitech unveils a cushioned mouse for all-day use AI eyes scanning for bugs create a worrisome Linux security trend A Russian speaker and jailbroken Gemini went on a hacking spree and emptied at least one MAGA victim's crypto wallets AI datacenter boom collides with US grid reality Media giant settles for $930k amid user-snooping allegations AT&T sues to ditch Cali copper phone lines to save billions FBI warns of Kali365 as device code phishing soars Techie claims Trump Mobile website was leaking thousands of people's data BOFH: Vibe-coded solutions arrive for problems nobody has Dems slam Trump for making cybersecurity hold out the tin cup while splurging on ballroom and Jan. 6 'slush fund' Google explains how it will infuse ads into AI answers AI is getting pricey, but relief is coming, but not for you Deus ex machina: Half of US Christians trust AI's spiritual advice Attackers spill plaintext passwords of 46k Myspace93 users after 2021 breach Apple adds AI smarts to Voice Control, VoiceOver and Magnifier ahead of Accessibility Day Microsoft open-sources agentic AI safety tools OpenAI wants upfront cash for guaranteed AI capacity Fedora: Microsoft is all aboard, but Deepin is dumped Bye-bye, Gemini CLI; Google nudges devs toward Antigravity Plex appeal fades as Lifetime Pass jumps to $750 AI sackings reach New Zealand, which will use it to eject 14 percent of government staff Anthropic’s Stainless steal tightens grip on AI dev tooling Are we human? Google touts tokenmaxxing, huge capex, and AI agents at I/O America's top cyber-defense agency left a GitHub repo open with with passwords, keys, tokens – and incredibly obvious filenames America's top cyber-defense agency left a GitHub repo open with passwords, keys, tokens – and incredibly obvious filenames Shadow AI invades the workplace, up 4x in the last year Microsoft refreshes Surface for Business lineup, starts AI PC upsell at $1,499 Broadcom finds a VMware customer willing to stick around: London Stock Exchange 468k records allegedly stolen from Portugal’s postal carrier Baidu says the quiet part out loud – you can’t build AI infrastructure, so clouds can cash in Shai-Hulud copycat worm infects yet another npm package Uncle Sam's next big super might not use GPUs Are we human? Datacenters slurping up so much juice they boosted prices 75% in largest US energy market MPs want social media treated more like unsafe toys than harmless apps Cerebras’ wafer-scale AI bet delivers blockbuster IPO Nobody believes the 'criminals and scumbags' who hacked Canvas really deleted stolen student data Anthropic tosses agents into the API billing pool Jen Easterly, cybersecurity's 'relentless optimist,' hopes feds come back to RSAC next year Jen Easterly, cybersecurity's 'relentless optimist' Smooth criminals talking their way into cloud environments, Google says Voice phishing skyrockets as smooth crims talk their way in RSAC 2026: Uncle Sam backs out, AI agents everywhere RSAC 2026: Uncle Sam backs out, AI agents everywhere Decoding Nvidia's Groq-powered LPX and the rest of its new rack systems A closer look at Nvidia's Groq-powered LPX rack systems Nvidia slaps $20B Groq tech into massive new LPX racks to speed AI response time Nvidia slaps Groq into new LPX racks for faster AI response AI Burning Man happens next week – what to expect at Nvidia GTC 2026 Nvidia GTC 2026: What to expect at AI Burning Man Unaccounted-for AI agents are being handed wide access Google to foist Gemini pane on Chrome users Google to foist Gemini pane on Chrome users Yes, you can build an AI agent – here's how, using LangFlow How to build an AI agent using LangFlow Clawdbot becomes Moltbot, but can’t shed security concerns Clawdbot becomes Moltbot, but can’t shed security concerns Gartner questions if Salesforce AI will stay all-you-can-eat Gartner questions if Salesforce AI will stay all-you-can-eat Claude supports MCP Apps, presents UI within chat window Claude supports MCP Apps, presents UI within chat window Cursor is better at marketing than coding Cursor is better at marketing than coding Feds skipping infosec industry's biggest conference, RSAC AI is rewriting how power flows through the datacenter All aglow about DCs, investors launch $300M at microreactor startup Radiant bags $300M-plus to commercialize its microreactors Why do bit barns keep bumping up our bills, Senators ask DC operators Senate trio questions DC operators over rising energy costs Building the AI factory datacenter Delays? What delays? Oracle insists its $300B cloud contract with OpenAI is on track Oracle insists its $300B contract with OpenAI is on schedule Salesforce willing to lose money on AI to lock in customers Salesforce willing to lose money on AI to lock in customers Galactic Brain space datacenter coming in 2027, pledges startup Aetherflux Galactic Brain space datacenter promised in 2027 Activist groups urge Congress to pause datacenter buildouts Activist groups urge Congress to pause datacenter buildouts Bezos-backed Unconventional AI addresses datacenter power Bezos-backed Unconventional AI addresses datacenter power AWS re:Invent keynote: Matt Garman bores, then thrills
Unaccounted-for AI agents are being handed wide access
2026-01-30 · via The Register - Special Features

Corporate use of AI agents in 2026 looks like the Wild West, with bots running amok and no one quite knowing what to do about it - especially when it comes to managing and securing their identities.

Organizations have been using identity security controls for decades to ensure only authorized human users access the appropriate resources to do their jobs, enforcing least-privilege principles and adopting zero-trust-style policies to limit data leaks and credential theft.

"These new agentic identities are absolutely ungoverned," Shahar Tal, the CEO of agentic AI cybersecurity outfit Cyata, told The Register. Agentic identities are the accounts, tokens, and credentials assigned to AI agents so they can access corporate apps and data.

REG AD

"We're letting things happen right now that we would have never let happen with our human employees," he said. "We're letting thousands of interns run around in our production environment, and then we give them the keys to the kingdom. One of the key pain points that I hear from every company is that they don't know what's happening" with their AI agents.

REG AD

In part, this is by design. "In the agentic AI world, the value proposition is: give us access to more of your corporate data, and we will do more work for you," Nudge Security co-founder and CEO Russell Spitler told The Register. "Agents need to live inside the existing ecosystem of where that data lives, and that means that they need to live within the existing authentication and access infrastructure that SaaS providers already provide to access your data."

This means AI agents using OAuth tokens to access someone's Gmail or OneDrive containing corporate files, or repository access tokens to interact with a GitHub repo that holds source code.

We're letting things happen that we would have never let happen with our human employees

"In order to provide value, agents need to get the data from the things that already have the data, and there are existing pathways to get that data," Spitler said.

Plus, the plethora of coding tools makes it super easy for individual employees to create AI agents, delegate access to their accounts and data, and then ask the agents to do certain jobs to make the humans' lives easier.

Spitler calls this AI's "hyper-consumerized consumption model."

"Those two pieces are what gives rise to the challenges that people have from a security perspective," he said. 

Everything all the time

These challenges can lead to disastrous consequences, as researchers and red teams have repeatedly shown. For example, AI agents with broad access to sensitive data and systems can create a "superuser" that can chain together access to sensitive applications and resources, and then use that access to steal information or remotely execute malicious code.

REG AD

As global education and training company Pearson's CTO Dave Treat recently noted: AI agents "tend to want to please," and this presents a security problem when they are granted expansive access to highly sensitive corporate info.

"How are we creating and tuning these agents to be suspicious and not be fooled by the same ploys and tactics that humans are fooled with?" he asked.

Block discovered during an internal red-teaming exercise that its AI agent could be manipulated via prompt injection to deploy information-stealing malware on an employee laptop. The company says the issue has since been fixed.

These security risks aren't shrinking anytime soon. According to Gartner's estimates, 40 percent of all enterprise applications will integrate with task-specific AI agents by 2026, up from less than 5 percent in 2025. 

Considering many companies today don't know how many AI agents have access to their apps and data, the challenges are significant.

Tal explains the first thing his company does with its customers is a discovery scan. "And there is always this jaw-dropping moment when they realize the thousands of identities that are already out there," he said.

It's important to note: these are not only agentic identities but also human and machine identities. As of last spring, however, machine identities outnumber human identities by a ratio of 82 to one. 

When Cyata scans corporate environments, "we are seeing anywhere from one agent per employee to 17 per employee," Tal said. While some roles - specifically research and development and engineering - tend to adopt AI agents more quickly than the rest of their companies, "folks are adopting agents very, very quickly, and it's happening all across the organization."

REG AD

This is causing an identity crisis of sorts, and neither Tal nor the other AI security folks The Register spoke to for this story believe that agentic identities should be included in the larger machine identities counts. AI agents are dynamic and context-aware - in other words, they act more like humans than machines. 

"AI agents are not human, but they also do not behave like service accounts or scripts," Teleport CEO Ev Kontsevoy told us.

"An agent functions around the clock and acts in unpredictable ways. For example, they may execute the same task with different approaches, continuously creating new access paths," he added. "This requires accessing critical resources like MCP servers, APIs, databases, internal services, LLMs, and orchestration systems."

It also makes securing them using traditional identity and access management (IAM) and privileged access management (PAM) tools "near impossible at scale," Kontsevoy said. "Agents break traditional identity assumptions that legacy tools are built on, that identity is either human or machine." 

For decades, IAM and PAM have been critical in securing and managing user identities. IAM is used to identify and authorize all users across an organization, while PAM applies to more privileged users and accounts such as admins, securing and monitoring these identities with elevated permissions to access sensitive systems and data.

AI agents are not human, but they also do not behave like service accounts or scripts

While this has more or less worked for human employees with predictable roles, it doesn't work for non-deterministic AI agents, which act autonomously and change their behavior on the fly. This can lead to security issues such as agents being granted excessive privileges, and "shadow AI."

Meet the new shadow IT: shadow AI

"We are seeing a lot of shadow AI - someone using a personal account for ChatGPT or Cursor or Claude Code or any of these productivity tools," Tal said, adding that this can lead to "blast-radius issues."

"What I mean by that: they're risky agents," he said, explaining that some are essentially workflow experiments that someone in the organization created, and neither the IT nor security departments have any oversight.

"What they have done is created a super-connected AI agent that is connected to every MCP server and every data source the company has," Tal said. "We've seen the problem of rogue MCP servers over and over again, where they compromise an agent and steal all of its tokens."

Fixing this requires visibility into both IT-sanctioned and unsanctioned AI agents being used, so they can be continuously monitored for misconfigurations or any other threats.

"We do a risk assessment for each and every identity that we discover," Tal said. "We look at its configuration, its connectivity, the permissions that it has. We look at its activity or history - journals, logs that we collect - so we can maintain a profile for each of these agents. After that, we want to put posture guardrails in place."

These are mitigating controls that prevent the agent from doing something or accessing something sensitive. Sometimes improving security is as easy as speaking to the human behind the AI agents about the risk they unknowingly introduced via the agent and what it can access.

"We need to pop this bubble that agents come out of immaculate conception - a human is creating them, a human is provisioning their access," Spitler said. "We need to associate tightly those agents with the human who created it, or the humans who work on it. We need to know who proxied their access to these other platforms, and what roles those accounts have in these platforms, so we understand the scope of access and potential impact of that agent's access in the wild."

Spitler says that's "ground zero" for managing and securing agentic identities. "You need to know who your agents are." ®