Identity Crisis: Why Agentic AI Is Stuck in Pilots as Security Gaps Widen

Breaking: Identity Governance Gaps Stall Agentic AI Adoption

A medical transcription agent updates electronic health records in real time. A computer vision inspector runs quality checks at speeds no human can match. Both create non-human identities that most enterprises cannot inventory, scope, or revoke at machine speed.

According to Cisco President Jeetu Patel, speaking exclusively to VentureBeat at RSAC 2026, 85% of enterprises are running agent pilots, but only 5% have reached production. Patel called this 80-point gap a trust problem, not a model or compute limitation.

“The first questions any CISO will ask: which agents have production access to sensitive systems, and who is accountable when one acts outside its scope?” Patel said.

IANS Research found that most businesses still lack role-based access control mature enough for today’s human identities, and agents will make it significantly harder. The 2026 IBM X-Force Threat Intelligence Index reported a 44% increase in attacks exploiting public-facing applications, driven by missing authentication controls and AI-enabled vulnerability discovery.

Why the Trust Gap Is Architectural, Not Just a Tooling Problem

Michael Dickman, SVP and GM of Cisco’s Campus Networking business, said in an exclusive interview with VentureBeat that the network sees what other telemetry sources miss: actual system-to-system communications rather than inferred activity.

“It’s that difference of knowing versus guessing,” Dickman said. “What the network can see are actual data communications … not, I think this system needs to talk to that system, but which systems are actually talking together.”

Dickman, formerly Chief Product Officer at Gigamon and SVP at Aruba Networks, emphasized that raw behavioral data becomes the foundation for cross-domain correlation. Without it, organizations have no reliable way to enforce agent policy at “machine speed.”

The Trust Prerequisite That Most AI Strategies Skip

Dickman argues that agentic AI breaks a pattern that defined every prior technology transition: deploy for productivity first, bolt on security later.

“I don’t think trust is one of those things where the business productivity comes first, and the security is an afterthought,” Dickman told VentureBeat. “Trust actually is one of the key requirements. Just table stakes from the beginning.”

Observing data and recommending decisions carries consequences that stay contained. Execution changes everything. When agents autonomously update patient records, adjust network configurations, or process financial transactions, the blast radius of a compromised identity expands dramatically.

Background: The Rise of Non-Human Identities

Agentic AI—autonomous software that acts on behalf of humans—has surged across healthcare, manufacturing, finance, and IT operations. Pilots are common, but production deployments remain rare.

Enterprises lack the identity governance infrastructure to manage machine identities at scale. Traditional IAM systems were designed for human users with static roles and manual approval workflows.

The result: agents operate in a permission shadow, with access that is undefined, unmonitored, and irreversibly granted.

What This Means for Enterprise Security

Without network-level visibility and automated identity governance, every agent pilot becomes a potential attack surface. The 44% rise in application-layer attacks signals that adversaries are already exploiting weak authentication—and agentic AI amplifies that vulnerability.

CISOs must now ask: Can my organization list every machine identity, its scope, and its expiration in real time? Most cannot. Until identity governance catches up, agentic AI will remain stuck in pilots, and the trust gap will continue to widen.

Dickman recommends embedding trust from day one—using network telemetry to enforce agent policy at machine speed—rather than adding security later. Patel urges enterprises to prioritize agent accountability before scaling production deployments.