CICI/CD News
Security & supply chain

Agent identity is the new wall between functional dev and security review

June 28, 2026ai-agentsagent-identityworkload-identityci-cd-securityauthentication
Maya Okonkwo · Site Reliability EngineerAgent identity is the new wall between functional dev and security review

A New Stack analysis published on June 26 names a pattern CI/CD owners are starting to inherit: agentic systems pass functional review on day one and stall at security review, because no one scoped identity, permissions or audit at the platform layer first. The piece is sponsored by IBM, so the prescription leans opinionated. The gap it names is the one platform teams keep finding on their own.

The article opens on a familiar scene. A customer-support agent triages tickets and processes refunds without incident. Security then asks under whose identity it is running. The answer is a shared service account with broad permissions, no clear ownership, no audit trail. That answer stops the rollout.

Four decisions, picked once and rarely revisited

The article walks four binary choices: shared service accounts versus per-agent workload identity; static API keys versus short-lived credentials issued through identity federation; direct credentials versus a broker that evaluates policy at request time; standard operation logging versus full identity lineage across the call chain. Each pair is a familiar workload-identity question recast for a new caller. The article argues the strict side of all four is what an auditable system looks like, and that identity lineage is hard to retrofit once a fleet of agents is in production.

The cited scale is the headline. The 2026 Tech Leader Study from Oxford Economics and IBM puts the average expected agent count per surveyed enterprise at 1,661, a 38% increase over today. The article also cites Nightfall AI saying organizations expose nearly 350 secrets per 100 employees per year, with 35% of leaked API keys still active.

Where this lands in a pipeline

OIDC token exchange for short-lived cloud credentials is the same primitive whether the caller is a deploy job or an agent. A central policy broker is the same chokepoint whether it sits in front of kubectl or in front of an agent's tool calls. Extending the workload-identity machinery you already run to a new class of caller is cheaper on day one than retrofitting identity lineage on day two hundred.

The piece is sponsored content, and it closes on a vendor pitch. The framing does not need the logo to hold up. Shortcuts at agent rollout reduce friction at the start and accumulate risk through the year. The bill comes due at security review.

Source: The New Stack (thenewstack.io)

Related
Security & supply chain

Vault wants your AI agents to ask permission, one request at a time

HashiCorp Vault Enterprise has put a new authorization model for AI agents into public preview, built on OAuth 2.0 Rich Authorization Requests so agents must declare what they want on every call instead of inheriting long-lived secrets. For pipelines that now host coding agents, it changes who is allowed to do what at runtime.

June 27, 2026Security & supply chain

Cilium publishes its CI hardening playbook, gaps and all

The Cilium project's third post in its CI/CD hardening series walks through how it manages credentials and verifies what it ships, then lists the parts it has not fixed yet. The unusual move is publishing the unfinished work.

June 26, 2026Security & supply chain

The Linux Foundation wants AI agents to prove who they are with DNS

The Linux Foundation declared its intent to launch the Agent Name Service, an open standard that anchors AI agent identity to the operator's DNS domain through ACME-issued certificates and an append-only registration log. For pipelines that already lean on workload identity, it points at where agent provenance is heading.

June 23, 2026

Turn this into your pipeline. Build it on Buddy.

Start free