Tuesday, 14 Jul 2026
  • Contact
  • Privacy Policy
  • Terms & Conditions
  • DMCA
logo logo
  • World
  • Politics
  • Crime
  • Economy
  • Tech & Science
  • Sports
  • Entertainment
  • More
    • Education
    • Celebrities
    • Culture and Arts
    • Environment
    • Health and Wellness
    • Lifestyle
  • 🔥
  • Trump
  • House
  • White
  • ScienceAlert
  • VIDEO
  • man
  • Trumps
  • Season
  • star
  • Years
Font ResizerAa
American FocusAmerican Focus
Search
  • World
  • Politics
  • Crime
  • Economy
  • Tech & Science
  • Sports
  • Entertainment
  • More
    • Education
    • Celebrities
    • Culture and Arts
    • Environment
    • Health and Wellness
    • Lifestyle
Follow US
© 2024 americanfocus.online – All Rights Reserved.
American Focus > Blog > Tech and Science > Agent authorization is broken — and authentication passing makes it worse
Tech and Science

Agent authorization is broken — and authentication passing makes it worse

Last updated: May 15, 2026 12:20 am
Share
Agent authorization is broken — and authentication passing makes it worse
SHARE

Contents
The Persistent Authorization GapConverging on a Common DiagnosisMCP Security: Discover Before ControlOutdated and Unpatched Critical InfrastructureAgentic Enterprise Security Gap Matrix

When asked by VentureBeat if rogue agent incidents were affecting Cisco’s customers, Anthony Grieco, Cisco’s SVP and chief security and trust officer, responded without hesitation.

“Absolutely. We encounter them frequently,” Grieco shared in an exclusive interview with VentureBeat at RSAC 2026. “I’ve heard some stories that are unrepeatable, but agents often act based on what they believe is correct.”

The incidents Grieco described have a common pattern: credentials are verified, identity checks pass. The agent is authenticated as legitimate. Yet, it ventures into accessing data outside its scope or performs actions not authorized at its level. The issue lies not in identity verification but in authorization.

“Businesses are saying things like, we’re going to deploy 500 agents per employee,” Grieco explained to VentureBeat. “Security leaders are concentrating on ensuring this is done securely.”

According to Cisco’s State of AI Security 2026 report, 83% of organizations intended to implement agentic capabilities, but only 29% felt equipped to secure them. At RSAC 2026, five vendors, including Cisco, introduced agent identity frameworks, but none fully addressed the gaps.

VentureBeat identified four authorization gaps from Grieco’s interview and five independent sources. The matrix at the end of the article provides actionable advice.

The Persistent Authorization Gap

Grieco’s journey through Cisco’s engineering and threat research divisions led him to a role encompassing both product development and internal security management. The authorization gap he described is precise and operational.

“Even a finance agent shouldn’t have access to all financial data,” Grieco explained to VentureBeat. “It should only access specific expense reports at certain times. Achieving this granular control is crucial for advancing agentic developments.”

Experts at RSAC 2026 corroborated this pattern. Kayne McGladrey from IEEE noted that organizations often duplicate human user profiles for agents, leading to permission sprawl from the onset. Carter Rees, VP of AI at Reputation, highlighted that the flat authorization plane of an LLM neglects user permissions, allowing agents inherent privileges without needing escalation.

See also  Palmer Luckey says the coolest thing about Anduril expanding to Long Beach is the fighter jets

“Understanding what’s happening is our biggest challenge,” Grieco stated. “Mapping identity and access controls to agents is essential.”

Elia Zaitsev, CTO of CrowdStrike, highlighted the visibility issue at RSAC 2026. In many logging setups, agent activities are indistinguishable from human actions. Distinguishing them requires tracing the process tree, a feature absent in most enterprise logging.

At RSAC, five vendors, including Cisco’s Duo IAM and MCP gateway controls, presented agent identity frameworks. However, VentureBeat identified remaining gaps.

Converging on a Common Diagnosis

The authorization and identity gaps identified by Grieco are not isolated to vendors. In early 2026, three independent standards bodies reached similar conclusions. NIST’s NCCoE released a concept paper in February 2026, “Accelerating the Adoption of Software and AI Agent Identity and Authorization,” advocating demonstration projects for existing identity standards in autonomous agents.

The OWASP Top 10 for Agentic Applications from December 2025 highlighted tool misuse from excessive access and risky delegation as major risks. Meanwhile, the Cloud Security Alliance established the CSAI Foundation at RSAC 2026 with the goal of “Securing the Agentic Control Plane,” introducing an Agentic AI IAM framework using decentralized identifiers and zero trust principles. When NIST, OWASP, and CSA independently identify the same gap in a market cycle, it indicates a structural issue, not one limited to vendors.

MCP Security: Discover Before Control

VentureBeat questioned Grieco about the MCP paradox, a protocol embraced by all vendors at RSAC 2026 despite its security vulnerabilities. Grieco acknowledged the protocol’s risks but emphasized that blocking it is now impractical.

“In today’s environment, security leaders can’t just say no,” Grieco remarked to VentureBeat. “The focus is on managing it.”

Within Cisco, Grieco’s team incorporated MCP discovery, proxying, and inspection into AI Defense and Cisco Secure Access. This strategy treats MCP servers as shadow IT, requiring discovery before governance.

See also  HMD Barbie Phone Review: Plastic Fantastic?

Etay Maor, VP of Threat Intelligence at Cato Networks, confirmed this approach from an adversarial perspective. At RSAC 2026, Maor demonstrated a Living Off the AI attack using Atlassian’s MCP and Jira Service Management. Attackers exploit the integration of trusted tools, services, and models. “An HR-like view of agents is needed,” Maor told VentureBeat. “This includes onboarding, monitoring, and offboarding agents.”

Outdated and Unpatched Critical Infrastructure

Authorization failures with agents are harder to detect and contain on outdated infrastructure lacking recent security patches, compounding other vulnerabilities. Cisco enlisted UK advisory firm WPI Strategy to assess end-of-life technology risks in the US, UK, France, Germany, and Japan. The report revealed that nearly half of the critical network infrastructure in these regions is aging or obsolete, with vendors no longer providing patches.

“Almost 50% of the critical infrastructure in these regions is aging or near end-of-life,” Grieco told VentureBeat. “Vendors are no longer issuing security patches.”

Cisco’s Resilient Infrastructure initiative disables unused features by default and phases out legacy protocols over three releases. Grieco refuted the notion of secure by default as a static achievement. “These are not static points in time,” Grieco explained to VentureBeat. “It’s not a one-time task.”

Agentic Enterprise Security Gap Matrix

The following four gaps are actionable for security directors as of Monday morning. Each row outlines what breaks, why it breaks, and what actions to take, verified by five independent sources.

Sources: VentureBeat analysis of Grieco’s exclusive interview at RSAC 2026, cross-validated with reports from McGladrey (IEEE), Rees (Reputation), Maor (Cato Networks), and Zaitsev (CrowdStrike). May 2026.

Security Gap

| Failures and Costs

Current Stack Limitations

Vendor Control Status

Recommended Actions

Infrastructure aging

Nearly half of critical network assets are end of life or nearing it (WPI Strategy); agents on unpatched systems inherit unfixable vulnerabilities

Annual patches lag behind threat pace; EoL systems get no updates or vendor support

Resilient Infrastructure disables risky defaults, alerts on configurations, and phases out legacy protocols over three releases

Infra team: audit all network assets against vendor EoL dates this quarter. Reclassify EoL replacements from IT upgrades to security investments in the next budget

MCP discovery

MCP servers spread without security oversight; developers create agent connections bypassing governance

Shadow MCP setups bypass discovery tools; no standard inventory mechanism; Maor showed attackers chaining MCP + Jira in a Living Off the AI attack

AI Defense adds MCP discovery, proxying, and inspection; treats MCP servers like shadow IT

Security ops: inventory MCP servers across environments before implementing agent governance controls. If MCP surface can’t be enumerated, it can’t be secured

Agent over-permissioning

Agents gain broad human-level access on a flat authorization plane; no need to escalate privileges (Rees)

IAM teams default to human profile cloning for agents (McGladrey); no scoped, time-bound permissions for non-human identities

Duo IAM registers agents as distinct entities with detailed, time-limited permissions per tool call

IAM team: stop cloning human accounts for agents. Define each agent’s permission by data set, action, and time window. Grieco’s test: can the finance agent access only the required expense report?

Agent behavioral visibility

Agent actions mimic human actions in logs (Zaitsev); an over-permissioned agent resembling a human is invisible to SOC

Default logs omit process tree lineage; no vendor offers a complete cross-platform behavioral baseline for agent activity

SOC telemetry integrates with Splunk for agent-specific monitoring and response

SOC lead: update logs to track process tree lineage, making agent actions distinguishable from human actions. If your SIEM can’t identify “human or agent?” for sessions, the gap is open

See also  How Conifers and Christmas Trees Secretly Shaped U.S. History

“We must quickly adapt and evolve to outpace adversaries,” Grieco told VentureBeat.

The gaps outlined are real, as Grieco confirmed ongoing incidents. Controls are available, but no single vendor provides a complete solution.

TAGGED:agentauthenticationauthorizationBrokenpassingWorse
Share This Article
Twitter Email Copy Link Print
Previous Article Everything to Know Abut Tiger Woods’ Ex-Wife Elin Nordegren Everything to Know Abut Tiger Woods’ Ex-Wife Elin Nordegren
Next Article Study: PSA tests likely reduce risk of death from prostate cancer Study: PSA tests likely reduce risk of death from prostate cancer

Popular Posts

LACMA Workers Vote Overwhelmingly to Unionize

Workers at the Los Angeles County Museum of Art (LACMA) have made a historic decision…

December 18, 2025

‘Yogurt Shop Murders’ Director on Making Episode 5 After the Murders Were Solved

On September 27, 2025, the Austin police announced they had finally solved a cold case…

May 24, 2026

Jimmy Kimmel Extends Late-Night Deal With Disney For One Year

Jimmy Kimmel Signs New Deal to Host "Jimmy Kimmel Live" Until 2027 Jimmy Kimmel fans…

December 8, 2025

Trump’s ‘Sadistic’ Remark About Sinking Iranian Ships Sparks Fury

Donald Trump faced strong criticism on Monday for his comments regarding sinking Iranian ships.Speaking to…

March 10, 2026

Lifeline and AirTalk Wireless Help Seniors Access a free government iPhone 11 and a Better Life

As the United States continues to age, digital access has become a crucial aspect of…

December 31, 2025

You Might Also Like

Prepare for dangerous air pollution in the Northeast, thanks to Minnesota wildfires
Tech and Science

Prepare for dangerous air pollution in the Northeast, thanks to Minnesota wildfires

July 14, 2026
Machine Learning in Healthcare: A Complete Guide
Tech and Science

Machine Learning in Healthcare: A Complete Guide

July 14, 2026
Pinwheel launches a retro-inspired landline phone for kids
Tech and Science

Pinwheel launches a retro-inspired landline phone for kids

July 14, 2026
Uranium-Eating Bacteria Leave Just 5% of The Radioactive Metal in Toxic Mine Water, Scientists Discover : ScienceAlert
Tech and Science

Uranium-Eating Bacteria Leave Just 5% of The Radioactive Metal in Toxic Mine Water, Scientists Discover : ScienceAlert

July 13, 2026
logo logo
Facebook Twitter Youtube

About US


Explore global affairs, political insights, and linguistic origins. Stay informed with our comprehensive coverage of world news, politics, and Lifestyle.

Top Categories
  • Crime
  • Environment
  • Sports
  • Tech and Science
Usefull Links
  • Contact
  • Privacy Policy
  • Terms & Conditions
  • DMCA

© 2024 americanfocus.online –  All Rights Reserved.

Welcome Back!

Sign in to your account

Lost your password?