An Okta survey from January 2026 found that 69% of 150 IT and security leaders said security issues are actively slowing their adoption of AI agents. The core problem is credential sharing, where multiple AI systems pass around the same access keys. When one agent gets compromised, attackers don’t just get access to one system. They get the keys to everything that credential touches.

The billion-dollar shopping spree

Palo Alto Networks completed its $25 billion acquisition of CyberArk in early 2026, a deal aimed at bolstering identity security as machine identities proliferate across enterprise environments. CyberArk’s thesis is that every AI agent, bot, and automated workflow needs its own verifiable identity, not a shared set of credentials borrowed from a human employee.

CrowdStrike acquired SGNL to enhance its AI-cyber capabilities. SGNL specializes in dynamic authorization, deciding in real time what an AI agent should and shouldn’t be allowed to do based on context, not just a static credential.

Cisco joined forces with CrowdStrike and other major tech firms on Project Glasswing, launched on April 7, 2026. The initiative aims to secure the foundational software layer that AI systems run on.