A CEO’s AI agent rewrote the company’s security policy. Not because it was compromised, but because it wanted to fix a problem, lacked permissions, and removed the restriction itself. Every identity check passed. CrowdStrike CEO George Kurtz disclosed the incident and a second one at his RSAC 2026 keynote, both at Fortune 50 companies.

The credential was valid. The access was authorized. The action was catastrophic.

That sequence breaks the core assumption underneath the IAM systems most enterprises run in production today: that a valid credential plus authorized access equals a safe outcome. Identity systems were built for one user, one session, one set of hands on a keyboard. Agents break all three assumptions at once.

In an exclusive interview with VentureBeat at RSAC 2026, Matt Caulfield, VP of Identity and Duo at Cisco, (pictured above) walked through the architecture his team is building to close that gap and outlined a six-stage identity maturity model for governing agentic AI. The urgency is measurable: Cisco President Jeetu Patel told VentureBeat at the same conference that 85% of enterprises are running agent pilots while only 5% have reached production — an 80-point gap that the identity work is designed to close.

The identity stack was built for a workforce that has fingerprints

“Most of the existing IAM tools that we have at our disposal are just entirely built for a different era,” Caulfield told VentureBeat. “They were built for human scale, not really for agents.”

The default enterprise instinct is to shove agents into existing identity categories: human user; machine identity; pick one. “Agents are a third kind of new type of identity,” Caulfield said. “They’re neither human. They’re neither machine. They’re somewhere in the middle where they have broad access to resources like humans, but they operate at machine scale and speed like machines, and they entirely lack any form of judgment.”

Etay Maor, VP of Threat Intelligence at Cato Networks, put a number on the exposure. He ran a live Censys scan and counted nearly 500,000 internet-facing OpenClaw instances. The week before, he found 230,000, discovering a doubling in seven days.

Kayne McGladrey, an IEEE senior member who advises enterprises on identity risk, made the same diagnosis independently. Organizations are cloning human user accounts to agentic systems, McGladrey told VentureBeat, except agents consume far more permissions than humans would because of the speed, the scale, and the intent.

A human employee goes through a background check, an interview, and an onboarding process. Agents skip all three. The onboarding assumptions baked into modern IAM do not apply. Scale compounds the failure. Caulfield pointed to projections where a trillion agents could operate globally. “We barely know how many people are in an average organization,” he said, “let alone the number of agents.”

Access control verifies the badge. It does not watch what happens next.

Zero trust still applies to agentic AI, Caulfield argued. But only if security teams push it past access and into action-level enforcement. “We really need to shift our thinking to more action-level control,” he told VentureBeat. “What action is that agent taking?”

A human employee with authorized access to a system will not execute 500 API calls in three seconds. An agent will. Traditional zero trust verifies that an identity can reach an application. It doesn’t scrutinize what that identity does once inside.

Carter Rees, VP of Artificial Intelligence at Reputation, identified the structural reason. The flat authorization plane of an LLM fails to respect user permissions, Rees told VentureBeat. An agent operating on that flat plane does not need to escalate privileges. It already has them. That is why access control alone cannot contain what agents do after authentication.

CrowdStrike CTO Elia Zaitsev described the detection gap to VentureBeat. In most default logging configurations, an agent’s activity is indistinguishable from a human. Distinguishing the two requires walking the process tree, tracing whether a browser session was launched by a human or spawned by an agent in the background. Most enterprise logging cannot make that distinction.

Caulfield’s identity layer and Zaitsev’s telemetry layer are solving two halves of the same problem. No single vendor closes both gaps.

“At any moment in time, that agent can go rogue and can lose its mind,” Caulfield said. “Agents read the wrong website or email, and their intentions can just change overnight.”

How the request lifecycle works when agents have their own identity

Five vendors shipped agent identity frameworks at RSAC 2026, including Cisco, CrowdStrike, Palo Alto Networks, Microsoft, and Cato Networks. Caulfield walked through how Cisco’s identity-layer approach works in practice.

The Duo agent identity platform registers agents as first-class identity objects, with their own policies, authentication requirements, and lifecycle management. The enforcement routes all agent traffic through an AI gateway supporting both MCP and traditional REST or GraphQL protocols. When an agent makes a request, the gateway authenticates the user, verifies that the agent is permitted, encodes the authorization into an OAuth token, and then inspects the specific action and determines in real time whether it should proceed.

“No solution to agent AI is really complete unless you have both pieces,” Caulfield told VentureBeat. “The identity piece, the access gateway piece. And then the third piece would be observability.”

Cisco announced its intent to acquire Astrix Security on May 4, signaling that agent identity discovery is now a board-level investment thesis. The deal also suggests that even vendors building identity platforms recognize that the discovery problem is harder than expected.

Six-stage identity maturity model for agentic AI

When a company shows up claiming 500 agents in production, Caulfield doesn’t accept the number. “How do you know it’s 500 and not 5,000?”

Most organizations don’t have a source of truth for agents. Caulfield outlined a six-stage engagement model.

Discovery first: identify every agent, where it runs, and who deployed it. Onboarding: register agents in the identity directory, tie each one to an accountable human, and define permitted actions. Control and enforcement: place a gateway between agents and resources, inspect every request and response. Behavioral monitoring: record all agent activity, flag anomalies, and build the audit trail. Runtime isolation contains agents on endpoints when they go rogue. Compliance mapping ties agent controls to audit frameworks before the auditor shows up. The six stages are not proprietary to any single vendor. They describe the sequence every enterprise will follow regardless of which platform delivers each stage.

Maor’s Censys data complicates step one before it even starts. Organizations beginning discovery should assume their agent exposure is already visible to adversaries. Step four has its own problem. Zaitsev’s process-tree work shows that even organizations logging agent activity may not be capturing the right data. And step three depends on something Rees found most enterprises lack: a gateway that inspects actions, not just access, because the LLM does not respect the permission boundaries the identity layer sets.

Agentic identity prescriptive matrix

What to audit at each maturity stage, what operational readiness looks like, and the red flag that means the stage is failing. Use this to evaluate any platform or combination of platforms.

Source: VentureBeat analysis of RSAC 2026 interviews (Caulfield, Zaitsev, Maor) and independent practitioner validation (McGladrey, Rees). May 2026.

Compliance frameworks have not caught up

“If you were to go through an audit today as a chief security officer, the auditor’s probably gonna have to figure out, hey, there are agents here,” Caulfield told VentureBeat. “Which one of your controls is actually supposed to be applied to it? I don’t see the word agents anywhere in your policies.”

McGladrey’s practitioner experience confirms the gap. The Cloud Security Alliance published an NIST AI RMF Agentic Profile in April 2026, proposing autonomy-tier classification and runtime behavioral metrics. But SOC 2, ISO 27001, and PCI DSS have not operationalized agent identities. The compliance frameworks McGladrey works with inside enterprises were written for humans. Agent identities do not appear in any control catalog he has encountered. The gap is a lagging indicator; the risk is not.

Security director action plan

VentureBeat identified five actions from the combined findings of Caulfield, Zaitsev, Maor, McGladrey, and Rees.

1. Run an agent census and assume adversaries already did.

   Every agent, every MCP server those agents touch, every human accountable. Maor’s Censys data confirms agent infrastructure is already visible from the public internet. NIST’s NCCoE reached the same conclusion in its February 2026 concept paper on AI agent identity and authorization.

2. Stop cloning human accounts for agents.

   McGladrey found that enterprises default to copying human user profiles, and permission sprawl starts on day one. Agents need to be a distinct identity type with scope limits that reflect what they actually do.

3. Audit every MCP and API access path.

   Five vendors shipped MCP gateways at RSAC 2026. The capability exists. What matters is whether agents route through one or connect directly to tools with no action-level inspection.

4. Fix logging so it distinguishes agents from humans.

   Zaitsev’s process-tree method reveals that agent-initiated actions are invisible in most default configurations. Rees found authorization planes so flat that access logs alone miss the actual behavior. Logging has to capture what agents did, not just what they were allowed to reach.

   Advertisement

5. Build the compliance case before the auditor shows up.

   The CSA published a NIST AI RMF Agentic Profile proposing agent governance extensions. Most audit catalogs have not caught up. Caulfield told VentureBeat that auditors will see agents in production and find no controls mapped to them. The documentation needs to exist before that conversation starts.

Mundi Ventures’ EU-backed Kembara fund has made its first major investment by co-leading a $160m round with DCVC in the UK’s Quantum Motion.

The UK-based Quantum Motion specialises in silicon transistor-based quantum computing, and said it will use the Series C investment “to commercialise its scalable and energy-efficient approach to quantum computing” and to help deliver “utility-scale and commercially viable quantum computers that fit inside existing standard data centres and racks”.

Since its last funding round in 2023, the company has expanded internationally, with new offices and labs in Spain and Australia, and has deepened its manufacturing partnership with GlobalFoundries as part of its bid to tie directly into commercial semiconductor supply chains, it said.

“Quantum computing will only achieve its full potential if it can be built on a platform that scales, and we believe silicon is the strongest route to achieving that,” said Dr James Palles-Dimmock, CEO of Quantum Motion. “We are pleased to be joined by investors who share our vision and understand what it takes to build a foundational company in this field.”

Yann de Vries, partner and co-founder of Kembara, said: “If you believe quantum computing is going to be world-changing, as we do, then the obvious next question is which of the many ways of building one will actually work at scale? This investment signals our strong belief in where the answer lies.”

With an ultimate target of €1bn, Spain’s Mundi Ventures closed on €750m in February for its Kembara fund for deep tech and climate start-ups. The fund aims to address the scaling gap in European deep tech funding with its focus on Series B and C funding of €15m-€40m, and beyond, for European companies.

“Quantum is critical infrastructure for the next century of computing, AI and security, and leadership will go to whoever can industrialise it,” said Dr Prineha Narang, operating partner at DCVC. “DCVC led this investment in Quantum Motion because silicon is the foundation that scales, and this team is building on the CMOS advantage to turn quantum from a demonstration into a commercial success story.”

According to the Kembara team, Europe produces 28pc of global deep tech innovation, but only 3pc of European deep tech companies successfully raise Series B or C rounds. It is that very gap that the Kembara fund is hoping to bridge using “€1bn dedicated to backing Europe’s deep tech champions at the exact moment when technology is proven and global scale becomes possible”.

“Quantum Motion’s unique approach that combines cutting-edge quantum physics with established silicon manufacturing provides a distinct global edge,” said Charlotte Lawrence, managing director of direct equity at the British Business Bank, a new investor in the company with this round. “We are no longer just theorising about quantum computing but are actively starting to build the platforms to deliver it here in the UK.”

The European Investment Fund (EIF) is a lead backer of Kembara, announcing in July last year that it would invest €350m in Kembara Fund 1. At the time, the EIF said it was the experience of the Kembara management team and its “differentiated strategy” that were key to offering its support.

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Financial analysts at Wedbush have consistently been bullish about Apple, but now has raised its target price by a whopping $50 to $400, making its greatest jump in at least the last five years.

Back in April 2025 when Trump’s tariffs first struck, Wedbush did cut its Apple price target $325 down to $250, but that was a rare drop. Now it’s made a similarly large increase, taking its price target from the $350 it set in December 2025, to $400.

This is the highest price target ever set for Apple by any investment firm, and in a note to investors seen by AppleInsider, the company’s analysts attribute it very much to AI. They believe that what Apple will reveal at WWDC 2026 in June will lead to around a fifth of the entire world’s population using AI via Apple devices over the next few years.

Key to this belief is the recent news that Apple’s forthcoming iOS 27 will give users the option of multiple different AI models. Wedbush also expects that ultimately hundreds of AI-based apps will take advantage of improvements to Apple Intelligence.

While the $50 target increase is the largest Wedbush has made since at least 2021, the firm has consistently predicted that 2026 will be a significant year for Apple Intelligence. It has also previously predicted that Apple will charge for some AI features, and its latest report doubles down on that.

Wedbush expects that over the next few years, Apple will monetize is AI services. Including its partnership in China with Alibaba, Wedbush predicts that Apple’s AI monetization could bring it $15 billion annually.

The investor note says little further about China, other than that Apple’s AI partnership is part of it aiming to greatly increase its user base in the country. In Apple’s latest earnings call, Tim Cook called out the fact that he was “thrilled” with how the company has seen “strong double-digit growth in Greater China.”

In that same call, Cook also stressed that how with Apple Intelligence, this “is not AI as a standalone feature, but AI as an essential, intuitive part of the experience across our devices.” That fits with Wedbush’s belief that Apple will become what it calls the consumer hub of AI.

CEO handover and WWDC

These expectations around AI, though, are not Wedbush’s only reasons to increase its price target. The firm’s analysts also expect the incoming CEO John Ternus to have an impact on Apple’s hardware moves.

Wedbush believes that WWDC 2026 will be particularly significant, but is already describing this as a golden age for Apple.

Most analysts have been positive about Apple following its recent earnings announcement, but Wedbush appears to be the first to raise its target price.

WWDC 2026 takes place in the week of June 8 to June 12, with the spotlight as ever being on the opening keynote speech.

Cloudflare beat Wall Street’s revenue and earnings estimates on Wednesday, announced it would cut 1,100 employees because artificial intelligence agents now do their work, and watched its stock fall 24 per cent on Thursday. The sequence is becoming the template for the technology industry in 2026: record revenue, record layoffs, record doubt about what comes next.

First-quarter revenue was 639.8 million dollars, up 34 per cent year over year, beating the consensus estimate of 622 million. Adjusted earnings per share were 25 cents against expectations of 23 cents. Free cash flow was 84.1 million dollars. The company added a record number of customers paying more than five million dollars per year and saw a 73 per cent year-over-year increase in deals worth more than a million. By every traditional metric, the quarter was strong.

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol’ founder Boris, and some questionable AI art. It’s free, every week, in your inbox. Sign up now!

Advertisement

Then the company said it was eliminating one in five jobs.

The model

CEO Matthew Prince and co-founder Michelle Zatlyn announced in a blog post that Cloudflare is transitioning to what they called an “agentic AI-first operating model.” The company said its internal use of AI had increased more than 600 per cent in three months. Staff across engineering, human resources, finance, and marketing are running thousands of AI agent sessions per day. The framing was not that AI would assist employees. It was that AI has made certain categories of employee unnecessary.

Prince was specific about which roles are disappearing. “A lot of the support roles” behind customer-facing and engineering staff “are not going to be the roles that drive companies going forward,” he said. The language distinguished between people who build the product, people who sell the product, and people who support the people who build and sell the product. The third group is being replaced.

GitHub froze new Copilot sign-ups last month because agentic AI workflows were generating costs that exceeded what users paid, a signal that the economics of AI tools are not yet stable. Cloudflare’s bet is that the instability is temporary and that the productivity gains from running thousands of AI agent sessions per day will more than offset the cost of eliminating 1,100 human roles and paying 140 to 150 million dollars in restructuring charges.

The numbers

The financial results that accompanied the layoff announcement were not the results of a company in distress. Cloudflare now has 4,416 customers paying more than 100,000 dollars per year. It estimates that approximately 80 per cent of leading AI companies use its products. Its Workers developer platform, which runs code at the edge of Cloudflare’s network across data centres in 330 cities, is positioned as infrastructure for the AI agent economy the company says is replacing the roles it just eliminated.

Full-year revenue guidance was 2.805 to 2.813 billion dollars, narrowly beating the consensus estimate of 2.8 billion. Full-year adjusted earnings guidance was 1.19 to 1.20 dollars per share, ahead of the 1.14 expected. Prince called AI “the biggest tailwind we’ve ever seen in Cloudflare’s history” and said the re-platforming of the internet around AI agents represents the company’s largest growth opportunity.

The stock market disagreed, or at least disagreed with the timing. Shares fell 24 per cent on Thursday, erasing billions in market capitalisation. The sell-off reflected not the earnings, which were strong, but the uncertainty about whether a company that just fired 20 per cent of its workforce can execute a business model transition while maintaining the growth trajectory investors had priced in.

The cuts

The 1,100 affected employees will receive base pay through the end of 2026, continued healthcare coverage through year end in the United States, and equity vesting extended to 15 August 2026. The restructuring is expected to be substantially complete by the end of the third quarter. Prince said, “Today is a hard day.”

The company’s headcount will fall from approximately 5,156 to around 4,000. The restructuring charges of 140 to 150 million dollars break down to 105 to 110 million in cash severance and benefits and 35 to 40 million in non-cash equity-related expenses. The savings are projected at a pace that Cloudflare expects to reinvest into the AI infrastructure and hiring it says will drive the next phase of growth.

Cloudflare framed the cuts as structural rather than cyclical. This is not a company reducing headcount because revenue is declining. Revenue grew 34 per cent. This is a company reducing headcount because it believes the work those employees performed is now performed by software. The distinction matters because it implies the jobs are not coming back.

The pattern

Meta and Microsoft between them cut 23,000 jobs while simultaneously increasing AI spending by tens of billions of dollars. Oracle eliminated up to 30,000 positions to fund AI data centres. Atlassian cut 1,600 in the name of AI adaptation. The tech sector has recorded more than 73,000 job cuts across 95 companies in the first four months of 2026, with projections that the full-year total will exceed the 124,000 eliminated in all of 2025.

Cloudflare’s announcement is notable because it was the most explicit in attributing the layoffs to AI replacing human work rather than AI requiring capital reallocation. Meta’s Zuckerberg said the layoffs were about freeing capital for AI infrastructure. Cloudflare’s Prince said the layoffs were about AI doing the work. The difference is between “we need your salary to buy GPUs” and “we no longer need you because the GPUs are doing your job.”

The human cost of the AI layoff wave is accumulating at a pace that the industry’s growth metrics do not capture. Google is turning Chrome into an agentic AI workplace tool, embedding AI capabilities directly into the browser that millions of knowledge workers use daily. ServiceNow projects 30 billion dollars in revenue by 2030, with a third of that coming from AI. The companies building the AI tools and the companies deploying them are both growing. The people whose work the tools replicate are not.

The tension

Cloudflare’s position is coherent but uncomfortable. The company reported its strongest quarter, told investors the AI opportunity is transformational, cut a fifth of its workforce to pursue it, and then saw a quarter of its market value disappear because investors were not sure the transformation would work. The 600 per cent increase in AI usage over three months is either evidence that the transition is already delivering results or evidence that the company is moving faster than it can manage.

Prince’s statement that certain support roles “are not going to be the roles that drive companies going forward” is a prediction about the entire industry, not just Cloudflare. If he is right, the 1,100 people losing their jobs at Cloudflare are early casualties of a restructuring that will reach every technology company and eventually every company that employs people to do work that AI agents can approximate. If he is wrong, Cloudflare just fired 20 per cent of its workforce during its best quarter, and the 24 per cent stock drop is the market’s way of saying so.

The earnings beat. The layoffs are real. The stock is down. The AI agents are running. The question Cloudflare cannot yet answer, and that no company in its position has answered, is whether a 600 per cent increase in AI usage produces a proportional increase in the value of the work, or whether it produces a proportional increase in the confidence that the work is being done without anyone checking whether it is being done well.