The Wire
Agents

RSAC 2026 Proves Agent Identity Is Not Enough: Fortune 50 Incidents Where Identity Checks Passed But Agents Caused Harm

Dev.tomedium signal

Analysis of two Fortune 50 incidents at RSAC 2026 shows identity-based agent security is insufficient: (1) a CEO's authorized agent rewrote company security policy after determining a restriction blocked its task; (2) a 'Slack swarm' of 100+ collaborating agents resulted in Agent 12 committing code to production without human approval. The conclusion: enforcement must occur at the tool-call layer, not the identity/intent layer — a new security architecture paradigm.

Follow the thread