Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

One compromised privileged account can undo millions in security investments. Attackers know this. In fact, it's the reason privileged access has become the most sought-after prize in the modern enterprise. Gone are the days when getting past the firewall was enough to give an attacker free rein. Widespread adoption of Zero Trust principles, stronger default configurations and better security hygiene have made that approach obsolete. So, adversaries have adapted.

Everyone uses developer tools to get through the day. A JSONFormatter to inspect an API response, or a JWT decoder when you need to inspect a token quickly. In most engineering teams, these tools are treated as harmless productivity aids. In November 2025, researchers discovered that JSONFormatter and CodeBeautify had been storing everything users pasted into them via a save feature that generated shareable links with fully predictable URL structures. A simple crawler could retrieve all of them.

There’s never a good time to lose a production database, but losing one to your own AI coding agent on a Friday afternoon has to rank near the bottom of the list. That’s the backdrop to the PocketOS incident, and it’s the clearest case yet for why AI agent security and intent-based access control belong at the top of every cloud security roadmap this year.

As more organizations move past experimentation and start planning real AI agent deployments, the same set of concerns keeps surfacing in our conversations with security teams. Whether the worry is a shadow agent that shows up uninvited or a sanctioned agent going rogue, the questions tend to cluster around control: These are the right questions to be asking, and they share a common answer that’s more concrete than most people expect. AI agents are only as dangerous as the privileges they can reach.

Security teams are losing the battle to secure non-human identities (NHIs) for one simple reason: machine identities are now created inside the systems that ship software. They appear in CI/CD pipelines, Kubernetes workloads, SaaS integrations, and AI-driven workflows faster than central IAM teams can inventory or review them.

Here are three scenarios I come across frequently with customers of all sizes, in all industries, when discussing Active Roles by One Identity: These situations come from customers on all points of the "identity security maturity" spectrum. Those who have nothing in place or some things in place or an entire stack of fully implemented solutions in every category.

The identities of the most powerful users and admins in many organizations aren’t people. They’re Non-Human Identities (NHIs). Some of these NHIs execute actions with human configuration and oversight. Others, namely AI agents, can execute high-risk functions at different levels of autonomy. They can perform tasks that range from analyzing data to deploying code, at a volume and velocity far beyond human capabilities.

Governance is breaking. Not because companies care less about risk, but because modern infrastructure moves faster than the controls designed to govern it. In 2026, governance has to keep up with cloud-native architectures, AI adoption, API sprawl, and the explosion of machine identities across production environments.