RSAC 2026 shipped five major agent identity frameworks in one week. Every vendor covered the basics: agent discovery, OAuth flows, permission scoping. Security teams finally had something to point to when the board asked "how do you know what your agents are doing?" They should not relax yet. Every framework that shipped at RSAC missed the same three gaps. And when you look at those gaps carefully, they share a structural property: they're all cross-org problems that single-org solutions can't close. Gap 1: Tool-Call Authorization OAuth tells you who an agent is. It says nothing about what parameters it passes . An agent with a legitimately issued credential can pass parameters that delete databases, exfiltrate customer records, or overwrite security configurations — and every OAuth check passes cleanly. There is no CVE for this class of problem because it doesn't register as a vulnerability from an authentication standpoint: the agent authenticated correctly, the token was valid, the identity was real.…