Identity-First Security in Agentic AI — Threat Model and Product Opportunity

Research date: 2026-03-19 | Agent: Research Analyst | Confidence: High

Executive Summary

• Identity is now the dominant failure point in cloud and agentic systems: Google Cloud reports identity issues in 83% of major cloud/SaaS compromises in H2 2025, while IBM reports a 44% YoY rise in attacks on public-facing apps and a near-4x increase in major supply-chain/third-party compromises since 2020.
• Attackers are combining software exploits with identity abuse (stolen OAuth tokens, PATs, service accounts) to move silently and exfiltrate data; this is directly relevant for multi-agent systems that rely on delegated tool access.
• Enterprise readiness is weak: CSA/Strata shows only 18% of organizations are highly confident in IAM for agents, only 21% maintain a real-time agent inventory, and 84% doubt they could pass an audit focused on agent behavior/access controls.
• The market signal is strong but early: specialized players (WitnessAI, Zenity, Strata, CyberArk) are growing around “agent identity + governance,” and platform vendors (Microsoft, Okta, Google) are productizing controls rapidly.
• Go recommendation for Moklabs: build an identity-first agent control plane (credential brokerage, action policy gateway, full auditability) tightly integrated with OctantOS and with a physical-security extension for Argus.

Market Size & Growth

TAM / SAM / SOM (identity-first agent security)

Layer	Estimate	Methodology	Confidence
TAM (global AI governance software)	$0.44B in 2026	Mordor estimates AI governance market at $0.44B in 2026; Grand View shows $308.3M in 2025 with 36% CAGR to 2033, implying a similar 2026 band.	Medium
SAM (agent-specific IAM/governance segment)	$0.15B-$0.22B in 2026	Inference: apply CSA adoption signals (40% already in prod + 31% piloting) to TAM and isolate identity/governance scope.	Medium (inference)
SOM (Moklabs 24-month target)	$0.45M-$1.8M ARR	Inference: 0.25%-1.0% capture of SAM via mid-market/enterprise control-plane wedge.	Low-Medium (inference)

Growth Signals

Metric	Value	Confidence
Agentic AI project failure risk	40%+ canceled by end of 2027 (Gartner)	High
Supply-chain / third-party compromise trend	Nearly 4x increase since 2020 (IBM X-Force)	High
Public-facing app exploitation trend	+44% YoY (IBM X-Force, 2025)	High
Identity involvement in cloud/SaaS compromises	83% in H2 2025 (Google Cloud Threat Horizons H1 2026)	High

Key Players

Company	Founded	Funding	Revenue/ARR	Pricing	Key Differentiator
WitnessAI	2024 (public launch)	$58M strategic round (Jan 2026), prior $27.5M Series A	N/A (private)	Enterprise/custom	Agentic security layer with MCP/tool visibility and policy enforcement for agents
Zenity	2021	$38M Series B (total $55M+)	N/A (private)	Enterprise/custom	Security posture + governance for business-built copilots/agents
Strata (Maverics)	2019	Private funding (public totals vary)	N/A (private)	Enterprise/custom	Identity orchestration for hybrid/multi-cloud; strong “agent identity” positioning
CyberArk	1999	Public company	Public company financials	Enterprise/custom	Mature identity security platform; machine identities at 82:1 vs human reported in customer base survey
Microsoft (Agent 365 + Entra)	1975	Corporate	N/A (product line)	Agent 365 listed at $15/user/month	Built-in agent identity governance, policy templates, audit/eDiscovery
Okta (NHI/agent security)	2009	Public company	Public company financials	Enterprise/custom	Non-human identity controls and Zero Trust positioning for agentic workflows

Technology Landscape

Dominant Identity and Auth Patterns

• Static credentials still dominate in many deployments (API keys, shared service accounts, username/password), per CSA findings.
• OAuth/OIDC and token exchange are becoming the secure baseline for agent-to-tool access.
• MCP standardizes agent-tool integration and requires OAuth-based authorization discovery flows.
• Cloud identity federation patterns (e.g., Workload Identity Federation) are replacing long-lived keys with short-lived credentials.

Agentic Attack Surface (Threat Model)

Layer	Typical Attack	Evidence	Control Priority
Identity bootstrap	Vishing/helpdesk reset, credential theft	Google reports vishing and stolen identities in major cloud incidents	Phishing-resistant MFA + helpdesk verification workflows
Token/session layer	OAuth token theft, PAT abuse	GTIG documented Salesforce data theft via compromised OAuth tokens	Token TTL reduction, token inventory, conditional access
Tool invocation layer	Over-permissioned service accounts/tools	CSA + CyberArk data indicates privilege sprawl in machine identities	Least privilege, scoped tool permissions, just-in-time grants
Software supply chain	Compromised package/CI-CD trust relationship abuse	IBM near-4x supply-chain compromise trend; Google CI/CD trust abuse case	Signed builds, dependency controls, workload identity boundaries
Agent runtime governance	Untraceable autonomous actions	CSA: low confidence in IAM for agents + low real-time inventory	Action gateway, immutable audit trails, HITL for high-risk actions
Physical-security edge (Argus context)	Camera/NVR auth bypass, weak defaults, old firmware	FBI/CISA PIN on HiatusRAT scanning camera/DVR CVEs including Hikvision	Device identity inventory, segmentation, credential rotation, lifecycle enforcement

Emerging Standards and Governance Direction

• NIST launched the AI Agent Standards Initiative (CAISI) in February 2026 for interoperable and secure standards.
• OWASP released Top 10 risks/mitigations specific to agentic AI security (Dec 2025).
• EU AI Act applicability milestones (major provisions by 2 Aug 2026) increase pressure for auditable governance.

Pain Points & Gaps

• Auditability gap: 84% of organizations doubt they can pass an audit focused on agent behavior/access controls (CSA/Strata).
• Identity confidence gap: only 18% report high confidence in current IAM for agent identities.
• Inventory gap: only 21% maintain real-time agent registries, making incident response and access review slow.
• Credential model lag: many teams still rely on static keys/shared accounts, incompatible with autonomous, high-frequency agent actions.
• Privilege sprawl: machine identities now outnumber humans 82:1 in CyberArk survey data, with substantial privileged exposure.
• Physical-security blind spot: camera/NVR ecosystems still contain long-lived, often unpatched vulnerabilities and weak-auth defaults, creating crossover risk for Argus-like deployments.

Opportunities for Moklabs

Ranked Opportunities (Effort x Impact)

Rank	Opportunity	Effort	Impact	Time-to-Market	Moklabs Connection
1	Agent Identity Gateway (ephemeral credentials + policy-based token brokerage)	Medium	Very High	8-12 weeks (MVP)	OctantOS control plane core
2	Action Trust Gateway (risk-scored approvals, least-privilege tool calls, immutable logs)	Medium-High	Very High	10-14 weeks	OctantOS approval/handoff engine
3	Agent Compliance Pack (audit trails, evidence export for SOC2/ISO/AI Act readiness)	Medium	High	6-10 weeks	Cross-product monetization (Paperclip/OctantOS)
4	Argus Secure Edge Module (camera identity inventory + CVE posture + segmentation checks)	Medium	High	8-12 weeks	Argus physical security differentiation
5	Agent Identity Posture Dashboard (NHI/agent drift detection)	Low-Medium	Medium-High	4-8 weeks	AgentScope extension

Go/No-Go Assessment

• Recommendation: GO (phased).
• Why: demand is visible (enterprise concern + funding + standards momentum), incumbent tooling is fragmented, and Moklabs already has architectural primitives (approval flows, agent hierarchy, cost attribution) that map directly to governance/security requirements.
• Execution mode: ship as platform capability first (internal + design partners), then package as external product SKU.

Risk Assessment

Market Risks

• Platform bundling risk from hyperscalers (Microsoft/Google/Okta/CyberArk) can compress pricing power.
• Buyer confusion in early market may slow procurement despite urgency.
• Regulation timing and interpretation (EU AI Act + sector rules) may shift feature priorities quickly.

Technical Risks

• Multi-framework integration complexity (MCP/OpenAI/custom adapters) can create brittle policy coverage.
• False positives in action risk scoring can hurt agent productivity/adoption.
• Secure token brokerage and key management must be robust from day one; this is security-critical infrastructure.

Business Risks

• Long enterprise sales cycles for governance products.
• Proof-of-ROI burden is high unless product links directly to avoided incidents/compliance savings.
• Competing against incumbent IAM/security suites requires sharp wedge positioning (agent-native runtime governance).

Data Points & Numbers

Data Point	Value	Source	Confidence
Cloud/SaaS compromises involving identity issues (H2 2025)	83%	Google Cloud Threat Horizons H1 2026	High
Data-focused threat objective in cloud incidents	73%	Google Cloud Threat Horizons H1 2026	High
Software-based initial access in Google Cloud incidents (H2 2025)	44.5%	Google Cloud Threat Horizons H1 2026	High
Weak-credential initial access in Google Cloud incidents (H2 2025)	27.2%	Google Cloud Threat Horizons H1 2026	High
Third-party trusted relationship involvement	21% of platform-agnostic cases	Google Cloud Threat Horizons H1 2026	High
Voice phishing share in platform-agnostic cloud initial access	17%	Google Cloud Threat Horizons H1 2026	High
Public-facing app exploitation increase	+44% YoY	IBM X-Force 2026 newsroom release	High
Supply-chain/third-party compromise trend	Nearly 4x since 2020	IBM X-Force 2026 newsroom release	High
Vulnerabilities tracked by IBM in 2025 exploitable without authentication	56% of ~40,000	IBM Think (Cyberthreats in 2026)	High
Exposed ChatGPT credentials in 2025	300,000+	IBM Think / X-Force	High
Credential abuse initial vector (DBIR 2025)	22%	Verizon DBIR 2025 press summary	High
Vulnerability exploitation initial vector (DBIR 2025)	20%	Verizon DBIR 2025 press summary	High
Security incidents analyzed in DBIR 2025	22,000+ (12,195 breaches)	Verizon DBIR 2025 press summary	High
Agentic AI projects predicted canceled by 2027	40%+	Gartner press release	High
Organizations with agents in production	40%	CSA survey report page	High
Organizations with high confidence in IAM for agents	18%	CSA survey report page	High
Organizations with real-time agent registry	21%	CSA survey report page	High
Organizations increasing identity/security budget for agents	40%	CSA survey report page	High
Organizations doubting audit readiness for agent behavior/access	84%	CSA/Strata press release	High
Machine-to-human identity ratio	82:1	CyberArk 2025 Identity Security Landscape	High
Machine identities with privileged/sensitive access	42%	CyberArk 2025 Identity Security Landscape	High
Organizations with >=2 successful identity-centric breaches (past 12 months)	87%	CyberArk 2025 Identity Security Landscape	Medium
WitnessAI funding (2026)	$58M	WitnessAI press release	High
Zenity Series B (2024) / total raised	$38M / $55M+	Zenity press release	High
FBI/CISA-noted camera/DVR campaigns include Hikvision CVEs (e.g., CVE-2017-7921)	Yes	FBI PIN 20241216-001 (coordinated with CISA)	High

Sources

• https://cloud.google.com/security/report/resources/cloud-threat-horizons-report-h1-2026?e=48754805 (Google Cloud Threat Horizons H1 2026)
• https://cloud.google.com/blog/topics/threat-intelligence/data-theft-salesforce-instances-via-salesloft-drift/ (GTIG OAuth token abuse case)
• https://www.ibm.com/think/insights/more-2026-cyberthreat-trends (IBM Think, X-Force highlights incl. 56% unauthenticated)
• https://newsroom.ibm.com/2026-02-25-ibm-2026-x-force-threat-index-ai-driven-attacks-are-escalating-as-basic-security-gaps-leave-enterprises-exposed (IBM X-Force newsroom)
• https://www.verizon.com/about/news/2025-data-breach-investigations-report (Verizon DBIR 2025 summary)
• https://genai.owasp.org/2025/12/09/owasp-genai-security-project-releases-top-10-risks-and-mitigations-for-agentic-ai-security/ (OWASP Agentic Top 10 release)
• https://www.nist.gov/news-events/news/2026/02/announcing-ai-agent-standards-initiative-interoperable-and-secure (NIST CAISI initiative)
• https://modelcontextprotocol.io/specification/2025-03-26/basic/authorization (MCP authorization spec)
• https://modelcontextprotocol.io/docs/tutorials/security/security_best_practices (MCP security practices)
• https://developers.openai.com/api/docs/actions/authentication (OpenAI Actions auth patterns)
• https://docs.cloud.google.com/iam/docs/best-practices-for-using-workload-identity-federation (Google WIF identity guidance)
• https://www.microsoft.com/en-us/security/blog/2026/03/09/secure-agentic-ai-for-your-frontier-transformation/ (Microsoft agent identity/governance controls)
• https://www.gartner.com/en/newsroom/press-releases/2025-06-25-gartner-predicts-over-40-percent-of-agentic-ai-projects-will-be-canceled-by-end-of-2027 (Gartner cancellation forecast)
• https://cloudsecurityalliance.org/artifacts/securing-autonomous-ai-agents (CSA survey report)
• https://cloudsecurityalliance.org/press-releases/2026/02/05/cloud-security-alliance-strata-survey-finds-that-enterprises-are-in-time-to-trust-phase-as-they-build-ai-autonomy-foundations (CSA/Strata press release)
• https://witness.ai/resources/witnessai-raises-58-million-for-global-expansion-and-announces-new-ways-to-secure-ai-agents/ (WitnessAI funding)
• https://zenity.io/company-overview/newsroom/company-news/zenity-raises-38m-series-b-funding-round-to-secure-agentic-ai (Zenity funding)
• https://www.cyberark.com/press/machine-identities-outnumber-humans-by-more-than-80-to-1-new-report-exposes-the-exponential-threats-of-fragmented-identity-security/ (CyberArk identity landscape)
• https://www.ic3.gov/CSA/2024/241216.pdf (FBI PIN coordinated with CISA: camera/DVR CVE exploitation)
• https://nvd.nist.gov/vuln/detail/cve-2017-7921 (NVD reference for Hikvision auth flaw)
• https://www.grandviewresearch.com/industry-analysis/ai-governance-market-report (AI governance market sizing)
• https://www.mordorintelligence.com/industry-reports/ai-governance-market (AI governance market sizing)