AI agent credentials live in the same box as untrusted code. Two new architectures show where the blast radius actually stops.
Cybersecurity experts at RSAC 2026 highlighted the pressing need for zero trust architectures for AI agents. Four separate keynotes from Microsoft, Cisco, CrowdStrike, and Splunk all emphasized the importance of extending zero trust principles to AI. The consensus was clear – traditional access control measures are no longer sufficient to secure AI agents in enterprise environments.
Matt Caulfield, VP of Product for Identity and Duo at Cisco, emphasized the need to go beyond traditional authentication methods and continuously verify every action taken by AI agents. The use of AI agents is widespread, with 79% of organizations already deploying them. However, only a small percentage reported having full security approval for their AI agent fleet, highlighting a significant gap in security readiness.
The default enterprise agent pattern is a monolithic container where every component trusts each other, leading to a potential security risk. CrowdStrike’s CTO, Elia Zaitsev, compared securing agents to securing highly privileged users, stressing the importance of a defense-in-depth strategy.
CrowdStrike CEO George Kurtz highlighted the ClawHavoc supply chain campaign targeting the OpenClaw agentic framework, underscoring the need for robust security measures for AI agents. To address this gap, two companies, Anthropic and Nvidia, introduced new zero-trust architectures for AI agents.
Anthropic’s Managed Agents architecture separates AI agents into three components – a brain, hands, and session – ensuring that credentials are kept outside the execution environment. This design eliminates the risk of credential exposure in case of a compromise and enhances performance.
On the other hand, Nvidia’s NemoClaw architecture wraps AI agents in four security layers and monitors every action within the sandbox. While this approach enhances runtime visibility, it requires more operator staffing to manage and monitor agent activity.
The key difference between the two architectures lies in the proximity of credentials to the execution environment. Anthropic removes credentials from the blast radius entirely, while Nvidia’s design keeps credentials within the sandbox, albeit with policy-gated access.
As organizations evaluate and adopt these new zero-trust architectures for AI agents, several priorities emerge. These include auditing deployed agents for the monolithic pattern, requiring credential isolation in deployment RFPs, testing session recovery capabilities, staffing for the observability model, and tracking indirect prompt injection roadmaps.
In conclusion, the shift towards zero trust architectures for AI agents is crucial in mitigating security risks in enterprise environments. The emergence of new architectures like Anthropic’s Managed Agents and Nvidia’s NemoClaw signifies a step towards enhancing the security of AI agents. By prioritizing security measures and addressing key gaps, organizations can better protect their AI infrastructure and reduce the risk of breaches.
