Non-human identities already outnumber human users 82-to-1 in enterprises. Agentic AI is now minting new credentials at machine speed in environments where the existing inventory was never properly governed in the first place. That collision is producing an attack surface that current IAM tooling is not architected to see, let alone control.
Doctrine rarely arrives through formal announcements in cybersecurity. It emerges through repeated behavior under operational pressure. The Mythos Preview disclosure, Project Glasswing's defensive coalition, the GTG-1002 attribution, the FY 2026 NDAA's AI cybersecurity framework, and the NIST AI Agent Standards Initiative are not isolated events. They are the visible outline of an operating doctrine that has already moved past the experimental phase.
Three independent threat campaigns in early 2026 (the North Korea-attributed Contagious Interview operation, the GlassWorm Zig-dropper IDE extension malware, and the TeamPCP cascading supply chain compromise) converged on the same conclusion: developer workstations are now the highest-value initial access target in enterprise environments. The convergence is a price signal, not a coincidence.
Security