What CISOs Need To Know About AI Agent Runtime Security
okta, Wednesday, April 22nd, 2026
New Stanford, SACR research supports an identity-first approach to securing AI agents
Organizations aren't short on AI agents - they're short on controls for them. With over 3 million agents operating globally and active agent identities reaching thousands per team, manual oversight is already impossible.
A new report from Software Analyst Cyber Research (SACR) and the Stanford Graduate School of Business offers guidance for navigating this challenge. Runtime Security for AI Agents: An Identity Governance Perspective finds that traditional identity controls were designed for humans and predictable machine identities - not autonomous agents that reason, chain actions, and interact with a changing set of tools and data sources on their own. The report concludes that agents must be treated as first-class identities and secured as runtime actors.