Non-human identities already outnumber human users 82-to-1 in enterprises. Agentic AI is now minting new credentials at machine speed in environments where the existing inventory was never properly governed in the first place. That collision is producing an attack surface that current IAM tooling is not architected to see, let alone control.
AI-assisted social engineering has eliminated the imperfection signals that detection tooling was built to find. The residual signal lives in behavior, not content. The vendors built for content scanning cannot pivot, and the gap is where the next significant security company gets built.
Eight AI agent framework RCEs in a single week, a first-ever AI proxy addition to CISA's KEV catalog, and CrowdStrike's $1.1 billion identity bet all converging in the same week signals that the agentic AI security market has moved from thesis to demonstrated demand.
Eight AI agent framework CVEs in one week and ShinyHunters' no-exploit identity breach wave validate the two fastest-growing investment theses in cybersecurity, while CIRCIA's 316,000-entity reporting mandate positions a multi-year compliance procurement cycle.
Weekly market intelligence: Linx Security's $50M identity bet, $4.62B in Q2 cybersecurity funding, and why NIS2 enforcement and CIRCIA deadlines are about to reshape enterprise buying criteria.
Security