Your #AI #agent has the same credentials as your senior analyst. It also never logs off, never triggers a session timeout, and chains API calls at machine speed across every downstream system simultaneously.
CyberArk documented a 2026 supply chain attack on the OpenAI plugin ecosystem that compromised agent credentials across 47 enterprise deployments. Attackers had access to financial records for six months. Nobody noticed, because the fraud detection stack was calibrated for human behaviour patterns. Agents don't have behaviour patterns. They have execution loops.
The security team authenticated the agent. The attacker inherited the session. The payment system saw a valid credential doing valid things at 3 AM on a Sunday at 400 requests per second, and flagged nothing.
One credential was compromised. The other was governed. Most institutions can't tell you which one their agents are running on.
CyberArk documented a 2026 supply chain attack on the OpenAI plugin ecosystem that compromised agent credentials across 47 enterprise deployments. Attackers had access to financial records for six months. Nobody noticed, because the fraud detection stack was calibrated for human behaviour patterns. Agents don't have behaviour patterns. They have execution loops.
The security team authenticated the agent. The attacker inherited the session. The payment system saw a valid credential doing valid things at 3 AM on a Sunday at 400 requests per second, and flagged nothing.
One credential was compromised. The other was governed. Most institutions can't tell you which one their agents are running on.