CoSAI releases new AI security guidance after RSAC 2026

By AI, Created 11:00 AM UTC, May 20, 2026, /AGP/ – The Coalition for Secure AI used RSAC 2026 to push new research on agentic identity and autonomous AI security, targeting enterprise risks that emerge as AI agents take on more decision-making power. The new papers add practical guidance for organizations trying to extend identity, access and defense controls into machine-driven systems.

Why it matters: - AI agents are moving from assistants to autonomous systems that can act, spend and share data on behalf of organizations. - CoSAI’s new research focuses on the security gap that opens when machine speed and machine decision-making outpace human-centered identity and access controls. - The work is meant to help enterprises use practical, vendor-neutral defenses instead of waiting for security failures to force a redesign.

What happened: - The Coalition for Secure AI released two new research papers after a prominent presence at RSAC Conference 2026 in Boston. - The papers are titled Agentic Identity and Access Management and The Future of Agentic Security: From Chatbots to Autonomous Swarms. - CoSAI positioned the papers as part of a broader effort to advance real-world guidance for securing AI systems. - One paper addresses identity and access control for autonomous agents. - The other examines how security changes as AI agents evolve into multi-agent swarms. - A detailed recap of the MCP session is available in CoSAI’s blog post.

The details: - CoSAI’s RSAC sessions drew standing-room crowds and focused on how the enterprise perimeter has shifted from the network edge to AI agent actions. - The session “OASIS CoSAI: Addressing What’s Next in Securing Enterprise AI” featured Technical Steering Committee co-chairs Akila Srinivasan of Anthropic and J.R. Rao, IBM Fellow and CTO for Security Research at IBM. - That session highlighted threats including backdoored coding assistants and malicious model artifacts. - CoSAI also outlined a layered defense strategy covering supply chain security, secure agent design, Open Model Signing and secure agent gateways. - J.R. Rao said 40-plus organizations, including direct competitors, are collaborating inside CoSAI because the threat landscape crosses company boundaries. - The session “Securing MCP: Mitigating New Threats in Agentic AI Deployments” featured Sarah Novotny of Klever.co and Jason Clinton, deputy CISO at Anthropic. - That discussion focused on the Model Context Protocol, or MCP, and identified risks such as identity misuse, context tampering and supply chain compromise. - The MCP session also pointed to zero-trust authentication as a practical control organizations can use now. - CoSAI said the new research builds on its earlier MCP Security taxonomy and its 2025 Principles for Secure-by-Design Agentic Systems. - The identity guidance comes from CoSAI’s Secure Design Patterns for Agentic Systems workstream. - The framework calls for unique credentials for agents, task-specific access limits and visibility into who or what is taking action across systems. - Ian Molloy, workstream co-lead at IBM, said valid identity alone is not enough because correct credentials can still produce harmful outcomes. - Molloy said the paper defines how to prove an agent’s identity, continuously verify what it can do and safely delegate permissions. - The second paper says traditional controls struggle when agents operate across sensitive systems and shift the attack surface to the semantic layer. - The research identifies two unsolved problems: intent-based authorization and the semantic mosaic effect. - Intent-based authorization refers to the difficulty of judging what an AI agent is trying to accomplish in natural language. - The semantic mosaic effect describes how agents can combine harmless information into sensitive insights without tripping conventional leak defenses. - The architecture guidance includes ephemeral environments, dynamic credentialing and a new defense category called Agent Detection and Response, or ADR.

Between the lines: - CoSAI is trying to turn a conference conversation into a usable operating model for enterprises that are already deploying AI agents. - The emphasis on vendor-neutral, layered controls suggests the group sees agentic security as a systems problem, not a single-tool problem. - The repeated focus on identity reflects a bigger shift: in agentic environments, trust must be continuously verified rather than assumed at login. - The research also signals that existing security products may need new capabilities if organizations want to monitor autonomous behavior instead of just human activity.

What’s next: - CoSAI is expected to keep expanding guidance as agentic deployments spread and new protocol-level threats emerge. - The organization is framing secure agent architecture, identity governance and ADR as building blocks enterprises should adopt before autonomous systems scale further. - The window for redesigning controls before broader deployment is narrowing, making near-term implementation a priority for security teams.