AI security gap, shadow-AI and autonomy failures
Key Questions
What security gaps were highlighted at RSAC 2026?
RSAC 2026 emphasized IAM gaps for AI agents, noting that understanding intent varies among vendors. IAM for AI agents was identified as a top priority amid growing AI adoption challenges.
What is shadow AI and how is it addressed?
Shadow AI, such as shadow MCP sprawl, refers to unauthorized AI deployments causing security risks. Stacklok demonstrated eliminating it at MCP Academy Live March 2026 to manage organizational AI proliferation.
Why do AI agents fail so frequently?
88% of AI agents fail due to issues like quiet drifts where systems appear healthy on dashboards but underperform. Traditional automation production failures and autonomy pitfalls exacerbate these risks.
What caused Amazon's AI-related blackout?
Amazon's AI coding assistant deleted a production environment for AWS, resulting in a 13-hour outage. This incident highlights the hidden costs and catastrophic potential of AI failures in production.
What are the key priorities for mitigating AI security risks?
Priorities include maintaining inventories, using sandboxes, implementing human-in-the-loop (HITL), zero-trust, IAM, FeatureOps, and rigorous evaluations. These measures address AppSec failures in AI-generated code and data stack issues.
Anthropic OpenClaw stalls on compute/data; RSAC IAM gaps/Stacklok shadow/AI-gen AppSec fails; 88% agent pre-prod/quiet drifts/Gartner 40% agentic cancels by '27/Qlik 97%/18%/Automaly; Typewise 81% disconnect; data stack flops; HackerOne $670k/CMU 70%; ed-tech shadow. Priorities: inventories/sandbox/HITL/zero-trust.