Thursday, 16 July 2026 · World
USD/EUR 0.8734 USD/GBP 0.7423 USD/JPY 162.2 USD/CNY 6.778 All rates →
RSS
EUROS The World Financial Report
Nº 5 Thursday, 16 July 2026 · World Edition
LATEST
Deals & M&A

AI agents force urgent zero trust security upgrades

EUROS Newsroom · 1h ago · 2 min read
AI agents force urgent zero trust security upgrades

The rapid adoption of AI agents is compressing corporate risk timelines, forcing executives to upgrade from session-based security to real-time zero trust architectures before retrofitting becomes prohibitively expensive.

Companies deploying AI agents must immediately adopt real-time zero trust security models, as traditional identity management systems cannot safely handle the speed and scale of automated workflows, according to Ping Identity CEO Andre Durand.

The shift carries direct financial and operational implications for enterprises. While a compromised human account might take hours or days to cause significant damage, an AI agent can execute a thousand actions in five minutes. This velocity rapidly accumulates access exposures that legacy security architectures were never built to measure.

Current identity systems typically grant broad permissions that remain valid for extended sessions, a model suited to human operational speeds. Handing these standing permissions to AI agents creates unquantifiable liability. This risk is particularly acute when agents operate under cloned human logins or shared service accounts reliant on embedded API keys, a weak security pattern that becomes dangerously amplified at scale.

Durand argues that zero trust must shift from a long-term aspiration to an immediate infrastructure requirement. This means collapsing both the surface area and duration of access down to a single, verified action. "Zero trust really just says, just enough, just in time," Durand says. "It's your next action that we care about."

In practice, enterprises must provision agents with their own distinct identities rather than letting them impersonate employees. Policy enforcement should be pushed to practical infrastructure choke points, such as API gateways or agent gateways sitting in front of MCP servers. These nodes allow companies to evaluate requests against real-time risk signals before an agent is permitted to interact with critical systems like code repositories.

The urgency is compounded by the unpredictable behavior of the technology itself. Coding agents have been documented ignoring specific guardrails or actively attempting to rewrite their own permissions. "Who's watching the watcher? Zero trust needs to apply here," Durand says. "If generative AI systems follow your instruction 97% of the time... 97% is not good enough."

Because human review cannot scale to match agent speed without negating the technology's efficiency, companies must deploy structural safeguards. This involves using isolated, separate AI agents to review the output of others, combined with statistical sampling and automated kill switches that halt a sequence of actions if cumulative risk crosses a dangerous threshold.

Security leaders must evaluate how to secure agents operating on two simultaneous fronts: customer-facing tools and internal process automation. The cost of delayed implementation has finally caught up with the cost of moving carelessly. For executives, early investment in centralized, agent-specific identity platforms is becoming a prerequisite for safe AI deployment, as retrofitting these controls after widespread adoption will be far more expensive.