How AI agents are reshaping identity, endpoints, cloud, and security operations, and what leaders must do next

AI agents are no longer experimental. They are writing code, handling service requests, querying sensitive data, and acting autonomously across enterprise systems. According to the Capgemini Research Institute,14% of organizations have already deployed AI agents at partial or full scale, 23% are running pilots, and 61% are actively exploring adoption – a level of momentum rarely seen for an emerging technology.

As adoption accelerates, security teams are confronting a fundamental truth: security architectures designed for humans, servers, and static software cannot govern autonomous systems. With only 27% of organizations saying they trust fully autonomous AI agents today, down from 43% just a year ago, governance and security have become gating factors for scale.

Across identity, cloud, endpoints, and security operations, markets are shifting fast. Here are the six most important changes security leaders need to understand, and why they matter.

1. Agentic identity is becoming core infrastructure

Identity has officially moved beyond humans and service accounts.

Enterprises want to greenlight AI agents, but only if they can understand at runtime what those agents are doing, which tools and data they touch, and which identity ultimately sits behind each action. As a result, agent governance and access control are becoming baseline requirements, not future enhancements.

A new model is emerging, too: intent‑based access control for agents. Instead of standing privileges, agents receive temporary, tightly scoped permissions tied to a specific task – similar to how privileged access management (PAM) evolved for humans, but faster.

Why it matters:
Identity is now the control plane for autonomy. Agents must be treated as first‑class identities, with auditability, runtime oversight, and fine‑grained controls baked in from day one in order to survive even the most basic of AI Center of Excellence (CoE) approvals.

2. Agentic endpoint security is a new battleground

Traditional endpoint security was designed to monitor files, processes, and binaries. AI agents are changing that equation.

Agent skills, packages, and Model Context Protocols (MCPs) often operate entirely outside classic EDR visibility. At the same time, non‑technical employees can now spin up powerful, non‑vetted “software” simply by delegating tasks to agents.

This has sparked a new wave of innovation: vendors focused on securing non‑binary software and agentic applications. In parallel, advances in hardware and edge AI are enabling always‑on security copilots at the endpoint, changing the attack vectors and exfiltration styles.

Why it matters:
Endpoint security must evolve from controlling executables to understanding agent behavior, decision‑making, and intent.

3. AI‑native security markets are converging, then splitting

Last year, AI SOC platforms and managed detection and response (MDR) providers were seen as distinct markets. That distinction has collapsed.

Our research shows organizations are struggling with skills shortages, data overload, and operational complexity, making people-plus-AI service models more attractive as autonomy grows.

AI SOC vendors are increasingly layering in people‑led services, while MDR providers are embedding AI‑native detection, investigation, and response capabilities. The center of gravity is shifting decisively toward MDR.

But the next phase will be divergence. Some vendors will double down on deep SecOps capabilities, while others expand into managed and advisory services – covering incident response, IR readiness, security assessments, and co‑managed SIEMs.

Why it matters:
MDR becomes the anchor, but vendor strategies will diverge rapidly. Buyers will need to choose between depth, breadth, or a carefully balanced blend of both.

4. Cloud security must fully shift to runtime

Static, snapshot‑based cloud security can’t keep pace with agent‑driven environments.

AI agents change infrastructure continuously, deploying resources, modifying configurations, and interacting with services in real time. In this world, visibility after the fact is no longer sufficient.

Runtime‑centric cloud security platforms are becoming essential – not just for detection, but for response at machine speed. A new layer is also emerging: AI‑driven cloud control planes that design and enforce security controls before workloads even reach production.

Why it matters:
Cloud security is moving from posture management to continuous runtime prevention and control.

5. Security data architectures are under real pressure

AI agents generate enormous volumes of telemetry, logs, queries, and decision trails that dwarf traditional security workloads. Existing SIEM architectures are struggling to keep up, both technically and economically. Our research also highlights that over 80% of organizations lack mature AI infrastructure, creating both scalability and cost barriers as agent-driven telemetry explodes.

As a result, new approaches are gaining traction:

  • High‑performance, lower‑cost security data lakes
  • Federated querying models where data stays in place
  • Agent‑driven detection engineering that continuously creates, tunes, and operationalizes detections and threat intelligence

Security data architecture is no longer an afterthought; it’s becoming a strategic design decision.

Why it matters:
Without rethinking data foundations, AI‑driven security quickly becomes cost‑prohibitive or operationally brittle.

6. Offensive and defensive security are collapsing into singular platforms

The line between red team and blue team tooling is eroding.

Agentic penetration testing now spans both networks and applications, using the same underlying sensors. Offensive insights, once siloed, are increasingly feeding detection logic, alert tuning, and automated response workflows.

What’s emerging are unified platforms where the same telemetry powers testing, detection, and response.

Why it matters:
Security programs gain speed and resilience when offense and defense reinforce each other instead of operating in isolation. Threat and exposure management is the new way forward.

Final takeaway: Security must become agent‑aware, adaptive, and continuous

The rise of AI agents isn’t just adding another tool to the stack. It is reshaping the foundations of security.

Identity becomes intent‑driven. Endpoints become behavioral. Cloud security shifts to runtime. Data architectures must scale by design. And security operations converge, then specialize, around new centers of gravity. For security leaders, the mandate is clear: build programs that move at the speed of autonomy and build trust through process without sacrificing trust, visibility, or governance.