.gif){kind=logo}
The 2026 Data Breach Investigations Report Confirms It: Identity Is the Control Plane for Agentic AI
%201.png)
Christian Simko
.png){kind=spacer}
Every year, the Verizon Data Breach Investigations Report (DBIR) acts as the cybersecurity industry’s report card. It tells us what attackers are actually doing, where defenders are failing, and which security assumptions no longer hold up under real-world pressure.
The 2026 edition leaves little room for interpretation that identity has become the defining security battleground of modern infrastructure. And increasingly, that identity is not human.
Buried within the report is one of the clearest acknowledgments yet of the security challenge emerging around AI agents, machine identities, service accounts, OAuth tokens, and autonomous systems. Verizon states plainly:
“We should pay special attention to service and machine accounts, as those will likely be the ones leveraged in our potential agentic AI future.”
That sentence matters, because the industry is rapidly approaching a reality where AI agents are no longer experimental copilots operating in isolation. They are becoming operational actors with real permissions, persistent access, and the ability to interact autonomously across SaaS applications, cloud environments, APIs, infrastructure, and sensitive data systems. And, attackers are already adapting.
The DBIR makes clear that traditional assumptions around identity security are breaking down. Third-party breaches increased 60% year-over-year and now account for 48% of all breaches. Many of these incidents were tied directly to insecure authentication, weak credential hygiene, excessive permissions, and poorly governed service accounts. This is not a future problem. It is already happening.
One of the most important examples highlighted in the report involved compromised OAuth tokens used in the Salesloft Drift ecosystem to pivot into Salesforce environments belonging to major enterprises, including Google, Cisco, and Zscaler. These were not traditional username-and-password attacks. They were non-human identity attacks.
OAuth grants, API tokens, service accounts, cloud roles, machine credentials, and secrets have become the connective tissue of modern infrastructure. AI agents depend on these identities to function. Attackers know this. Increasingly, they are targeting the identity layer directly because it offers scalable, persistent, and privileged access.
Token Security believes the DBIR validates a fundamental shift that security teams must recognize immediately: AI security is identity security.
The industry has spent the last two years obsessing over AI guardrails, including prompt filtering, output moderation, policy engines, and behavioral restrictions. But, the problem is not merely what an AI agent says. The problem is what it can access and what it is allowed to do.
Once an AI agent has credentials, permissions, and connectivity into production systems, it effectively becomes a new operational identity that must be governed like any other privileged entity. And unlike humans, AI agents operate continuously, at machine speed, across interconnected systems. They do not stop to ask clarifying questions. They do not recognize uncertainty. They simply execute.
That makes unmanaged AI agent identities one of the most dangerous attack surfaces organizations have ever introduced into enterprise environments. The DBIR reinforces this in multiple ways.
Threat actors are already leveraging generative AI across the attack lifecycle, including reconnaissance, phishing, vulnerability research, malware development, and automated exploitation workflows. Verizon’s analysis found that the median threat actor researched or used AI assistance across 15 different MITRE ATT&CK techniques, with some leveraging as many as 40 or 50.
Even more concerning, the report notes that attackers are beginning to take “more agentic approaches,” where AI systems are making autonomous decisions about targets and attack progression. This is the arrival of a new generation of autonomous adversaries.
At the same time, organizations are rapidly deploying AI internally without corresponding visibility or governance. The DBIR found that 67% of users are accessing AI services using non-corporate accounts on corporate devices, while Shadow AI became the third most common non-malicious insider action in DLP datasets.
This is not just a policy issue. It is an identity problem. Every unauthorized AI tool, autonomous workflow, or internally developed AI agent creates new credentials, new permissions, new OAuth grants, new API tokens, and new machine identities that security teams often cannot see, inventory, or govern.
That is precisely why Token Security was built. We believe identity is the only scalable control plane for securing agentic AI. While network controls, prompt filters, behavioral restrictions all play a role, identity security and governance is essential to the enterprise AI security program.
The organizations that successfully adopt AI at scale will not be the ones that attempt to slow innovation. They will be the ones that can continuously discover AI agents, govern their identities, enforce ownership, control privileges dynamically, and manage the full lifecycle of machine access.
This is especially critical because the DBIR also confirms what many security teams already know firsthand that manual remediation is failing at cloud scale. The report found that organizations take nearly eight months to remediate weak passwords and excessive permissions in third-party cloud environments, with only 31% ever fully resolving those issues. Meanwhile, 37% of organizations still had administrative cloud accounts operating without MFA.
Now imagine layering thousands of AI agents on top of that existing identity sprawl. The attack surface now compounds rapidly.
The lesson from the 2026 DBIR is not that AI itself is inherently dangerous. AI agents will create enormous value for organizations and represent one of the most transformative technology shifts of the century. But, autonomous access without identity governance is unsustainable.
Enterprises will soon be filled with non-human and AI agent identities operating continuously across systems, infrastructure, applications, and data environments. Security teams that continue treating AI agents as temporary productivity tools will quickly lose visibility and control.
The 2026 DBIR confirmed the problem and now the industry needs to act on it.
To learn more about how Token Security helps enterprise organizations take an identity-first approach to securing AI agents, scheduled a demo of the Token Security platform today.
