What happens to cybersecurity when silicon-based agents conduct thousands of transactions for every single human action? In this discussion from RSAC 2026 Conference, Zscaler CISO Sam Curry reveals why identity and runtime have become the two most critical security pillars—and why traditional security approaches are already obsolete.
The agentic AI revolution isn’t coming, it’s already here. But as agents proliferate across enterprises, security leaders face a fundamental challenge: how do you establish identity, authentication, and accountability for workloads that may represent multiple people, distribute across multiple systems, and communicate at speeds humans can’t match?
In this comprehensive video interview, you’ll discover the security frameworks emerging to manage this new reality, from SPIFFE and SPIRE standards to the critical role of gateways and brokers in preventing agent sprawl. Curry explains why API security remains a persistent challenge even with protocols like MCP, and how zero trust architecture provides the containment needed for safe innovation.
What you’ll learn in this video
Curry tackles the hard questions about agentic AI security that most vendors won’t discuss. You’ll learn why authentication alone isn’t enough. Organizations need authorization AND authenticity verification in increasingly complex chains of agent-to-agent transactions. The conversation explores practical challenges like preventing agents from cloning themselves or escalating privileges, and why billing implications alone demand better governance.
But this isn’t just about technical controls. Curry reveals a fascinating paradox: while automation can improve efficiency, it also creates predictability that intelligent adversaries can exploit. This adversarial dynamic means some security functions will be fully automated while others will require agent-assisted human expertise for years to come. The analogy to chess, where AI-assisted humans dominated for a decade before pure AI took over, offers clues about how security careers will evolve.
Why identity and runtime matter more than ever
The video unpacks why these two concepts emerged as the dominant themes at RSA Conference. You’ll discover how proper identity binding for agents differs from traditional IAM, why runtime security becomes critical when agents can potentially distribute across multiple workloads, and what accountability really means in an agentic context (hint: it’s not just about blame).
Curry also addresses the elephant in the room: organizations are making the same mistakes with agentic AI that they made with cloud adoption. But there’s hope. The fundamentals of good security architecture remain constant even as technology evolves at breakneck speed. Watch to learn which basics to get right first, how to balance innovation with acceptable risk, and why cleaning up tech debt is more urgent than ever.
The future of security work
Will AI agents replace security professionals? Curry’s answer is nuanced and thought-provoking. While some roles focused on evidence collection and reporting will be automated away, the adversarial nature of cybersecurity ensures that human expertise remains essential—just in different forms. The stealth fighter and unmanned drone analogy illustrates how agent-assisted security operations will function, and why the ratio of humans to agents matters less than how they collaborate.
Perhaps most importantly, you’ll understand why the real difficulty isn’t in the tools. It’s in the business process and cultural changes required to govern agents effectively. The video emphasizes the need for human-to-human dialogue about policies, lifecycle management, and what acceptable risk looks like for different parts of the organization.
Watch now to gain the strategic perspective you need to prepare your organization for an internet dominated by silicon-based intelligence. Whether you’re a CISO, security architect, or technology leader, this conversation offers practical insights you can apply immediately as agentic workflows transform your enterprise.