




















Rapid AI agent expansion is exposing structural gaps in access control maturity, credential hygiene, and identity attribution
RSAC (SAN FRANCISCO) – March 24, 2026 – Seventy-three percent of organizations expect AI agents to become vital within the next year, yet 68% can’t clearly distinguish between human and AI agent activity, according to a new survey report from the Cloud Security Alliance (CSA), the world’s leading not-for-profit organization committed to AI, cloud, and Zero Trust cybersecurity education.
Commissioned by Aembit, The Identity and Access Gaps in the Age of Autonomous AI report found that as AI agents take on greater autonomy and operational responsibility within organizations, the identity and access management (IAM) models used to manage them have failed to keep pace, leaving gaps that must be addressed if organizations are to successfully manage risk and enable their secure adoption.
“AI agents are already embedded within enterprise environments, and as these systems take on more autonomous roles, organizations must address new challenges around identity and access,” said Hillary Baron, AVP of Research, Cloud Security Alliance. “The survey data indicates that existing IAM approaches were not designed for autonomous agents and are showing strain as deployments scale.”
Among the survey’s key findings:
“AI agents are inheriting human permissions, operating under shared accounts, and expanding the attack surface in ways that existing IAM tools weren’t designed to handle,” said David Goldschlag, co-founder and CEO of Aembit. “The survey makes the stakes clear: Agentic autonomy without identity-level access controls is a risk organizations can’t afford to ignore.”
Aembit commissioned CSA to develop a survey and report to better understand the industry’s knowledge, attitudes, and opinions regarding autonomous AI agents. Aembit financed the project and co-developed the questionnaire with CSA research analysts. The survey was conducted online by CSA in January 2026, and it received 228 responses from IT and security professionals from organizations of various sizes and locations. CSA’s research analysts performed the data analysis and interpretation for this report.
Download the Identity and Access Gaps in the Age of Autonomous AI survey report.
About Aembit
Aembit is the identity and access management platform for agentic AI and workloads. It enforces access based on identity, context, and centrally managed policies, giving organizations a singular place to control access risk from AI agents, automate credential management, and accelerate AI adoption. With Aembit, enterprises can confidently control access to sensitive resources across all the workloads that power their business. Users can visit aembit.io and follow the company on LinkedIn.
About Cloud Security Alliance
The Cloud Security Alliance (CSA) is the world’s leading not-for-profit organization committed to awareness, practical implementation, and credentialing of forward-looking cybersecurity topics, including AI, cloud, and Zero Trust. In an era where digital transformation drives business success, CSA stands as the global authority ensuring organizations can operate securely while harnessing cutting-edge technology. Through volunteer-driven research, globally-accepted standards, and award-winning vendor-neutral education programs that unite technical experts, industry practitioners, and varied associations, governments, chapters, and corporate members, CSA bridges the gap between innovation and pragmatic security execution. Visit CSA’s website to learn more.
Media Contact
Kristina Rundquist
ZAG Communications for the CSA
[email protected]
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。