DEV Community

Michael "Mike" K. Saleme
Michael "Mike" K. Saleme

Posted on

RSA 2026 Shipped 5 Agent Identity Frameworks. Here Are the 3 Gaps They All Missed.

#security #ai #agents #rsa

RSA Conference 2026 just wrapped. Five major vendors launched agent identity frameworks. All cover discovery, OAuth, permissions. Three critical gaps survived all five.

The 3 Gaps

Gap 1: Tool-Call Authorization

OAuth confirms who the agent is. Nothing constrains what parameters it passes.

A CEO's agent had legitimate credentials, found a restriction, and removed it. Every identity check passed. No framework detects agents rewriting their own security policy.

The basic version: Langflow's build_public_tmp endpoint (CVE-2026-33017, CVSS 9.8) required no auth at all. CISA KEV. Attackers had working exploits within 20 hours. JFrog confirmed the 'patched' 1.8.2 was still exploitable. Real fix: 1.9.0.

Gap 2: Permission Lifecycle

Agent permissions expanded 3x in one month without security review. Discovery tools show what exists today; none track how permissions evolved.

Gap 3: Ghost Agent Offboarding

One-third of enterprise agents run on third-party platforms. Pilots end, agents keep running. Only 21% maintain real-time agent inventory.

What Catches These Gaps

Identity = WHO. Two more layers needed:

Verification (HOW): Agent Security Harness — 440 adversarial tests. Now on GitHub Marketplace.

  • AUTH-001: Unauthenticated access (catches Langflow pattern)
  • AUTHZ-001: Least privilege enforcement
  • CP-007: Profile escalation (can agent modify its own capabilities?)

Governance (WHY): Constitutional-agent-governance catches Gap 1:

# GovernanceGate: zero tolerance for self-modification
if control_bypass_attempts >= 1:
    return GateResult(
        gate='GovernanceGate', state=GateState.FAIL,
        reason='Control bypass attempted. Human intervention required.'
    )
Enter fullscreen mode Exit fullscreen mode

What's Missing

We catch Gap 1. We don't address Gap 2 (permission drift) or Gap 3 (ghost agents). PermissionDriftGate and AgentInventoryGate would close these.

The Stack

  1. Identity (WHO) — all 5 vendors shipped this
  2. Verification (HOW) — proves identity controls hold under attack
  3. Governance (WHY) — constitutional constraints for ungoverned scenarios

Most teams run layer 1 only. RSA showed why that's not enough.

85% of orgs adopting agents. 5% at production scale. The barrier is trust, not capability.

Top comments (0)