Two things happened this week that signal where enterprise agent security is heading.
First: WideField announced Cisco Investments in their Series A, extending their identity security platform to cover autonomous AI agents. Cisco — the company that owns your network stack — is now investing in agent identity monitoring.
Second: Security Boulevard published a comprehensive guide to agentic AI risks in 2026 that reads like a catalog of problems we've been building against for months.
The Six Risks Security Boulevard Maps
- Unmanaged agent identities — agents operating with over-permissioned credentials or no formal identity at all
- Privilege escalation — developers grant broad permissions "just in case," creating disproportionate blast radius
- Prompt injection — malicious instructions embedded in content agents process, executed without human review
- No auditability — when a chain of agents takes action, nobody can trace which agent did what, on whose behalf
- Agent-to-agent attacks — a compromised agent passes manipulated instructions downstream through the pipeline
- Shadow AI — agents deployed without IT knowledge, invisible to governance
Their conclusion: "The identity frameworks built for human users were never designed for autonomous AI."
Here's what's notable about this list: every single item is an identity problem. Not a capability problem. Not a reasoning problem. An identity problem.
What Cisco's Investment Tells Us
WideField's pitch is agent identity monitoring — discovering which agents are running, tracking their credentials, observing their behavior. This is the enterprise answer to shadow AI: visibility.
Combine this with CrowdStrike's Falcon Shield (agent discovery), Orchid Security (runtime enforcement from the Gartner Guardian Agents market), and Okta's Agent Identity Platform (launching April 30).
The enterprise stack is being built right now. But it's being built top-down — monitoring and governance layers that sit above agents and treat them as resources to manage.
The Gap Between Monitoring and Verification
Monitoring tells you what agents are doing. Verification lets agents prove who they are to each other.
Security Boulevard specifically calls out agent-to-agent attacks as a core risk. But none of the enterprise solutions ship mutual agent authentication. They can't — mutual verification requires agents to have their own cryptographic identity, not just credentials managed by an enterprise IAM.
This is the architectural distinction that matters:
- Enterprise IAM gives agents credentials and monitors usage. Identity belongs to the organization.
- Agent identity protocols give agents their own keypair and let them verify each other directly. Identity belongs to the agent.
Both are needed. But only one solves the agent-to-agent verification gap.
What This Looks Like in Practice
The Agent Identity Protocol implements the agent-owned layer:
- Every agent gets an Ed25519 keypair and a DID (decentralized identifier)
- Every action is signed — not just the first authentication
- Agents verify each other mutually at every interaction
- Trust scores update based on behavioral observation (Promise-Delivery Ratio)
Last week we submitted did:aip to the W3C DID Method Registry. Three DID methods have already cross-verified delegation chains across different identity systems.
The vouch_chain signal type we co-authored is now part of the trust.signals[] specification being designed for Google's A2A protocol — alongside on-chain credentials, on-chain activity, and behavioral scoring.
The Convergence
Enterprise vendors are building the top of the stack: discovery, monitoring, governance. Open protocols are building the bottom: cryptographic identity, mutual verification, portable trust.
The agents that survive the next confused deputy incident won't be the ones with the best monitoring dashboards. They'll be the ones that can prove, cryptographically, that every action was authorized — at every hop in the chain.
AIP is open source: github.com/The-Nexus-Guard/aip. Install: pip install aip-identity.
Top comments (0)