2026 Security Predictions: Identity as the Control Plane for Cloud & AI 

For more than a decade, we’ve talked about the “death of the perimeter.” Cloud migration, SaaS adoption, remote work, distributed architectures. Each of these eroded the idea that you could meaningfully secure a network boundary. 

In practice, that shift is already complete. 

Identity is effectively the control plane for cloud, SaaS, and AI systems. Every workflow, API call, model invocation, and administrative action starts with a question: Who (or what) is allowed to do this? 

As we move into 2026, the challenge isn’t whether identity should or whether it’s going to be the control plane. It’s how to make that control enforceable at runtime across humans, non-human identities (NHIs), and AI agents. 

Prediction 1: The Biggest Attack Surface in 2026 Will Be the Identities You Haven’t Seen Yet 

Most organizations know how many employees they have. It’s less likely that they know exactly how many active service accounts, API keys, workload identities, pipeline tokens, data access roles, or AI agents exist across their clouds and SaaS environments. 

And that gap widens every quarter. 

Studies across 2025 consistently show that NHIs now outnumber humans by factors ranging from 40:1 to over 100:1, depending on the industry. Add in LLM-powered agents and Model Context Protocol (MCP) toolchains that are each able to invoke dozens of downstream services, and your identity surface multiplies again. 

This creates three issues: 

1. Unseen identities accumulate privilege silently. 

An unused admin role is still an admin role. A forgotten access key with broad permissions is still a potential vector for a breach. 

2. Ownership becomes ambiguous. 

Who owns the service account in a CI/CD pipeline? Who owns the agent that updates dashboards every hour? Who offboards them when projects end? 

Most teams don’t know, and the lack of visibility lends to vulnerability. 

3. Traditional IAM and PAM visibility stops short of the cloud reality. 

Legacy access reviews don’t capture temporary roles, embedded tokens, ephemeral cloud resources, or agent-driven automations. 

The takeaway? 

Identity inventory, ownership, and runtime visibility will become the foundation of any meaningful and effective access management program. If you can't secure what you can’t see, in cloud and AI systems, the identities that teams typically don’t see are the ones expanding fastest. 

Prediction 2: AI Agents Become First-Class Identities with Policies, Boundaries, and Lifecycles 

Agentic AI adoption grew rapidly in 2025. Enterprises have implemented agents for customer support automation, sales enrichment, internal ticket routing, document summarization, data pipeline actions, infrastructure updates, and other use cases. 

These systems operate faster than humans, touch more tools, and often make branching decisions on their own. And yet, many are still treated like simple scripts or API clients, with long-lived tokens, excessive privileges, and unclear ownership. 

This is changing quickly, as practitioners, regulators, and cloud providers are converging on the same principle: AI agents must be treated as identities with policies, boundaries, oversight, and full lifecycle governance. 

Three elements are becoming essential: 

1. Runtime authorization for tools and data 

Agents should not hold broad, long-lived credentials. Instead, they should request scoped, time-bound permissions for each action. If they attempt something outside policy, it should be denied automatically. 

This aligns with guidance we’ve seen emerging from the Cloud Security Alliance, Google Cloud, and other AI risk frameworks. 

2. On-behalf-of boundaries and human ownership 

Every agent needs: 

• A clear human owner, 
• Documented purpose, 
• An allowed action set, 
• And a defined offboarding flow. 

Agents should only act within permissions that align with the human or system they represent, not escalate into new roles or data domains without approval. 

3. Identity-level observability 

Teams must be able to answer: 

• Which agent acted? 
• What action did it take? 
• Under what policy? 
• For how long? 
• On whose behalf? 

Without identity-level logs, troubleshooting agent behavior or validating governance becomes nearly impossible. 

AI governance will increasingly rely on overarching IAM and PAM practices, not model-level settings. Treating agents as first-class identities is the only scalable way to secure AI’s role inside the enterprise. 

Prediction 3: Zero Trust Finally Becomes Applicable at Runtime, Not Just Another Project Slide 

Over the last few years, “Zero Trust” has often meant: 

• MFA everywhere, 
• Fewer VPNs, 
• Microsegmentation, 
• Network hardening, 
• Better endpoint posture. 

These are valuable initiatives and important firs steps, but they don’t address the core problem in cloud and AI environments: most risk comes from identities and the permissions they accumulate. 

The next phase of Zero Trust is about continuous, policy-based authorization at runtime.

Rather than granting perpetual admin roles, keeping standing privileges for convenience, or relying on periodic access reviews, organizations will increasingly require: 

• Ephemeral, just-in-time privileges for high-risk actions, 
• Context-aware checks (identity, resource type, time, risk signals), 
• Automatic expiry instead of manual revocation, 
• Policies that apply across cloud providers and identity types, 
• Metrics that reflect actual least privilege, such as: 

- % of privileged workflows covered by ZSP, 

- time-to-elevate vs. time-to-revoke, 

- volume of unused or stale privileges removed. 

With this, Zero Trust becomes a standard of operation, not just a project milestone. 
 
Zero Trust matures when access is created at the moment it’s needed and disappears as soon as it’s not. No standing entitlements, no permanent elevation, no administrative drift. 

Prediction 4: Modern PAM Is Runtime-Enforced PAM, Not Vault Management 

Privileged Access Management has undergone several evolutions: 

• Phase 1: Shared accounts → controlled credentials 
• Phase 2: Vaults → password rotation 
• Phase 3: Proxies and session recording 
• Phase 4: DevOps and secrets management add-ons 

None of these phases fully addressed the reality of cloud and AI access: most privileged actions don’t use shared passwords. They use cloud-native roles, API permissions, workload identities, temporary tokens, and automated agents. 

So in 2026, PAM will continue shifting toward runtime control, defined by: 

1. Vaultless, agentless JIT 

Not storing or passing credentials at all. Not proxying traffic. Instead, issuing short-lived, scoped permissions through cloud-native APIs. 

2. Policy-driven elevation across human, NHI, and AI identities 

Developers, pipelines, and agents all operate under the same principle: 

• Access is created when the task begins 
• Access ends the moment the task ends 

3. Convergence with CIEM, ITDR, and AI access governance 

Teams won’t buy separate tools just to monitor cloud entitlements, detect identity threats, govern AI agents, and manage privileged access. They will seek unified policy enforcement that handles all three. 

Examples in action: 

• A developer receives 45 minutes of “prod-read” and loses it automatically. 
• An AI agent receives a scoped role to run a workflow and is deprovisioned as soon as it finishes. 
• A pipeline step requests access to a specific cloud resource and loses it after the job completes. 

PAM becomes the layer that enforces Zero Trust at runtime. It’s not just the system of record for old credentials. It’s a continuous, dynamic authorization engine that enforces True Zero Standing Privileges, not another vault. 

Prediction 5: Identity Security Becomes the Backbone of AI Governance 

AI governance conversations have previously revolved around: 

• which models are safe, 
• where data flows, 
• who monitors outputs, 
• how risks get escalated, 
• what regulators will require. 

But none of these questions can be answered without identity. 

Identity ties together: 

• what agents exist, 
• who owns them, 
• what they can access, 
• how they’re monitored, 
• how their access is revoked, 
• and what evidence exists of their actions. 

Frameworks like the Cloud Security Alliance’s DIRF, NIST AI RMF, and cloud provider guidance all point toward the same operational requirement: 

AI access management must be implemented through the controls used to secure identity and authorization, not through ad-hoc rules inside each model or tool. 

Teams that already operate identity as the control plane will have a far easier time meeting new AI expectations. 

Conclusion: Identity Is the Continuous Control Plane 

Identity became the control plane long before most organizations adjusted their tooling. 2026 is the year when teams operationalize that shift to identifying every identity, managing AI agents like first-class actors, and enforcing access policies in real time. 

The organizations that succeed won’t be the ones with the most tools. They’ll be the ones who can answer three questions at any moment: 

Can we see every identity? 
Can we control its access in minutes or less? 
Can we explain its actions through a single policy model? 

If not, the control plane is still theoretical. Making it real is the work that needs to be done throughout 2026.