Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Speakers made it clear that agentic AI is already operating across enterprise workflows. Learn why identity must govern ownership, permissions, actions, and accountability.

Adversaries are using AI to launch cyber attacks in record time, forcing security teams to measure responses in seconds instead of hours or days. Detecting these attacks is increasingly difficult. Phishing campaigns built by large language models (LLMs) achieve click-through rates 4.5x higher than traditional methods.1 Public sector organizations are at an inflection point with cybersecurity. Most security stacks in place today weren’t built for this level of speed.

There isn't a CIO on the planet not worried about AI spend right now. CFOs are increasingly nervous, too. For fear of falling behind, many companies have pushed their employees to use AI as aggressively as possible. The edict was clear: "Move fast, we'll figure out the bill later." And for the most part, it worked: AI has been genuinely transformational for the teams that leaned in. But the costs are real: we’ve heard countless horror stories of huge bills and painful overages on token spend.

The era of "typing into a box" is over. For years, we viewed artificial intelligence as a digital assistant—a sophisticated autocomplete tool that waited for human input. But according to Martin Kraemer, KnowBe4’s CISO Advisor for Europe and the Middle East, that dynamic has shifted. We have moved from asking AI questions to giving AI jobs. In a recent webinar, Martin explores the transition from AI tools to AI agents.

An account-takeover campaign against Instagram shows why agentic AI inherits every business logic blind spot we already had and then hands it a megaphone. Over the past weekend, a number of Instagram users, including the long-dormant Obama-era White House handle and a U.S. Space Force senior enlisted leader found their accounts hijacked. As reported by TechCrunch, the entry point wasn’t a stolen password, a phishing kit, or a zero-day in Instagram’s code.

In our view, The Gartner Hype Cycle for Agentic AI, published in April 2026, contains a passage that we at 1Password feel should be a wakeup call for any organization building an agent program.

Walking the floor at Infosecurity Europe this week, it was impossible to avoid the subject of AI. Every conversation seemed to touch on it in some way. Vendors were demonstrating AI-powered detection capabilities, security teams were discussing governance frameworks, and practitioners were debating how best to secure the models, agents and data pipelines that are rapidly becoming part of everyday enterprise operations.

Most organizations spend their AI security budget on the wrong layer. The instinct is to just buy visibility to inventory the models, map the APIs, and ship a dashboard. But visibility alone won’t stop the coding agent that just pulled in a compromised MCP server. It won’t stop the production agent that’s about to forward a customer record to a place it shouldn’t go.

With code being written (& generated) faster than ever before, there is the unfortunate side effect that security vulnerabilities are also coming faster than ever before. Asking your LLM not to include security vulnerabilities in its code doesn't always work. It is becoming clear that the way software is built today, manually or with assistance, is insufficient when it comes to reliably, consistently, and provably writing secure code.