Zero Trust Architecture Highlights Agent Identity Gaps and Unified SASE Importance
In This Article
Zero trust has spent years moving from slogan to architecture, but this week’s signals (March 25–April 1, 2026) show the model being stress-tested by two forces at once: autonomous AI agents and enterprise network consolidation. At RSA Conference 2026, vendors rolled out multiple “agent identity frameworks” meant to secure AI agents—software entities that can act on behalf of users and systems. Yet the most sobering takeaway wasn’t the number of frameworks announced; it was what they didn’t cover. Reported gaps included AI agents being able to modify security policies on their own, delegate tasks without human approval, and leak sensitive data via unsecured AI assistants—failures that identity alone can’t fix. The implication is blunt: if an agent can take action, zero trust must govern the action, not just authenticate the actor. [1]
In parallel, enterprise security teams are re-evaluating how they deliver access controls at scale. A Dark Reading webinar framed a shift from Secure Service Edge (SSE) toward unified Secure Access Service Edge (SASE), emphasizing integrated zero trust principles to eliminate implicit trust and enforce strict access controls across environments. [2] That matters because zero trust is increasingly operationalized through platforms that sit in the traffic path—where policy can be enforced continuously, not just at login.
Put together, this week’s story is that “who are you?” is no longer the hardest question. “What are you allowed to do right now, and how do we verify it continuously?” is. Zero trust architecture is being pulled upward into AI governance and outward into unified access stacks—at the same time.
RSAC 2026: Agent identity frameworks arrive—along with three unresolved gaps
RSA Conference 2026 saw five vendors introduce agent identity frameworks aimed at securing AI agents. The intent is straightforward: if AI agents are going to operate across systems, they need identities that can be authenticated and managed. But the reported shortcomings highlight a deeper architectural issue: identity is necessary, yet insufficient, when agents can initiate changes and chain actions autonomously. [1]
VentureBeat reported three critical gaps left open by these frameworks: (1) AI agents autonomously modifying security policies, (2) agents delegating tasks without human approval, and (3) exposure of sensitive data through unsecured AI assistants. [1] Each gap maps to a classic zero trust failure mode—implicit trust in a component’s behavior after initial authorization.
The first gap—agents modifying security policies—cuts to the heart of control-plane security. If an agent can change the rules that govern access, then the system needs guardrails that treat policy changes as high-risk actions requiring stronger verification and oversight than ordinary requests. The second gap—delegation without human approval—raises the question of how authority is transferred. In zero trust terms, delegation is not a convenience feature; it’s an access escalation event that should be explicitly constrained and continuously evaluated. The third gap—data exposure via unsecured assistants—underscores that “assistant” interfaces can become unmonitored exfiltration paths if they aren’t governed by the same least-privilege and verification expectations as other access channels. [1]
The week’s lesson from RSAC is that agent identity frameworks may help establish “who/what” an agent is, but zero trust architecture must also define “what it can do,” “under what conditions,” and “how actions are monitored and controlled” across the agent lifecycle. [1]
Why unified SASE is being positioned as a zero trust delivery vehicle
A Dark Reading webinar this week argued for “rethinking SSE” and moving toward unified SASE to deliver the flexibility enterprises need, with zero trust principles integrated into the approach. [2] The framing is important: SSE can be seen as a subset of capabilities, while unified SASE emphasizes consolidation—bringing networking and security controls together so policy can be applied consistently.
The webinar discussion emphasized eliminating implicit trust and enforcing strict access controls as part of this unified model. [2] That aligns with the operational reality of zero trust: it’s not just a policy statement; it’s a set of enforcement points and decision logic that must work across users, devices, apps, and locations. When those enforcement points are fragmented, teams often end up with inconsistent rules, uneven visibility, and exceptions that quietly reintroduce trust.
In the context of this week’s RSAC agent identity gaps, unified SASE is being positioned as a way to make zero trust more enforceable in practice—especially where access decisions need to be made continuously and consistently. [1][2] If AI agents and assistants are becoming new “users” of enterprise systems, then the access stack has to handle them with the same rigor as humans: strict controls, minimal privileges, and ongoing verification.
The key point from the webinar isn’t that unified SASE is synonymous with zero trust, but that it can serve as a practical architecture for implementing zero trust principles broadly—reducing the chances that an overlooked pathway becomes the weak link. [2]
Expert take: Zero trust must govern agent actions, not just agent identities
This week’s reporting makes a clear distinction between identity and authority. Agent identity frameworks focus on establishing and managing identities for AI agents. But the gaps highlighted at RSAC—policy modification, unapproved delegation, and data exposure—are fundamentally about what agents are permitted to do and how those permissions are supervised. [1]
Zero trust architecture, as implied by the RSAC coverage, needs to “monitor and control AI agent actions, not just their identities.” [1] That’s a meaningful shift in emphasis. Traditional identity-centric security can fail when an authenticated entity behaves in unexpected ways or when its scope of authority is too broad. With AI agents, the risk is amplified because the agent can execute sequences of actions quickly and potentially across multiple systems.
The RSAC gaps also suggest that governance must extend to the control plane (security policy changes), the delegation plane (task assignment and authority transfer), and the data plane (assistant-mediated access to sensitive information). [1] In zero trust terms, these are all places where implicit trust can creep in: trusting that an authenticated agent won’t change policies, trusting that delegation is benign, or trusting that an assistant interface is “just a UI.”
Meanwhile, the unified SASE discussion reinforces that zero trust needs consistent enforcement mechanisms. If strict access controls are the goal, the architecture must be able to apply them uniformly—otherwise exceptions and tool boundaries become de facto trust zones. [2]
The expert-level takeaway from this week is that zero trust is evolving from “verify identity and device” toward “verify intent and constrain action,” especially for autonomous or semi-autonomous agents. The architecture has to assume that authenticated entities—human or agent—can still create risk, and it must be designed to limit blast radius accordingly. [1][2]
Analysis & Implications: Zero trust is expanding from access to autonomy
Across the week’s developments, zero trust architecture is being pulled into two adjacent domains: AI agent governance and platform-level consolidation for enforcement. RSAC’s agent identity frameworks show the market responding to a new class of actors—AI agents—by giving them identities. But the reported gaps demonstrate that identity is only the entry point. If agents can modify security policies, delegate tasks without approval, or expose sensitive data through unsecured assistants, then the architecture must treat these as high-risk actions requiring stronger controls and oversight. [1]
This is a practical reminder that zero trust is not a product category; it’s an operating model. The model demands continuous verification and least-privilege access, and it becomes more critical as systems become more autonomous. While the RSAC article explicitly points to monitoring and controlling agent actions, the unified SASE discussion provides a complementary angle: enterprises are looking for integrated ways to apply strict access controls and eliminate implicit trust across environments. [1][2]
The implication is that zero trust programs will increasingly be judged by their ability to enforce policy consistently—across human users, AI agents, and assistant interfaces—rather than by whether they have adopted a particular framework label. If agent identity frameworks don’t address action governance, organizations may need to compensate architecturally by ensuring that sensitive operations (like policy changes and delegation) are subject to stronger verification and tighter constraints than routine access. [1]
Finally, the week hints at sector-specific urgency. Dark Reading previewed a retail-focused webinar emphasizing zero trust architectures to mitigate risks tied to customer data and payment systems, highlighting continuous verification and least-privilege access. [3] While that session is upcoming, its focus reinforces the broader trend: zero trust is being applied where the cost of unauthorized access is immediate and measurable.
Net-net: zero trust is expanding from “access control” to “autonomy control,” and from “tooling choices” to “architecture coherence.” This week’s news suggests that the next phase will be defined by how well organizations can constrain what authenticated entities—especially AI agents—are allowed to do. [1][2][3]
Conclusion
This week made one thing clear: zero trust architecture is being redefined by what’s changing in enterprise computing, not by what’s changing in marketing. RSAC 2026 showcased momentum around agent identity frameworks, but the most important details were the unresolved gaps—autonomous policy modification, unapproved delegation, and sensitive data exposure through unsecured assistants. Those are action-level failures, and they point to a zero trust future where governing behavior matters as much as verifying identity. [1]
At the same time, the push from SSE toward unified SASE is being framed as a way to deliver zero trust principles more consistently—eliminating implicit trust and enforcing strict access controls across the enterprise. [2] That consistency will matter even more as AI agents become routine participants in workflows and systems.
For security leaders, the takeaway is not to chase a single framework, but to pressure-test architectures against the realities highlighted this week: can you continuously verify, enforce least privilege, and constrain high-risk actions—especially when the “user” is an agent that can act quickly and broadly? The organizations that answer “yes” will be the ones that turn zero trust from aspiration into resilience. [1][2]
References
[1] RSAC 2026 shipped five agent identity frameworks and left three critical gaps open — VentureBeat, March 30, 2026, https://venturebeat.com/security/rsac-2026-agent-identity-frameworks-three-gaps//?utm_source=openai
[2] Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need — Dark Reading, April 1, 2026, https://www.darkreading.com/cybersecurity-operations?_mc=NL_DR_EDT_DR_weekly_20240201&cid=NL_DR_EDT_DR_weekly_20240201&elq_cid=22863118&page=78&sp_aid=120951&sp_eh=7cc93a5a01f7bf36b5674a2d22aaaaf41f4fa7ddcc11fb94bfd18e066fb7724a&utm_source=openai
[3] Retail Security: Protecting Customer Data and Payment Systems — Dark Reading, April 2, 2026, https://www.darkreading.com/ics-ot-security?_mc=NL_DR_EDT_DR_daily_20240422&cid=NL_DR_EDT_DR_daily_20240422&elq_cid=48497589&page=24&sp_aid=122990&sp_cid=53137&sp_eh=a619b7fdac7e0d95680c1c4266e0cd327aa5ed82f82d0bc69848b35873e376a5&utm_source=openai