A new report on AI agent security confirms what many of us in the trenches have suspected: we are shipping agents with credentials and permissions that are fundamentally insecure. According to a global study, two-thirds of organizations using AI agents believe they have already accessed data beyond their intended scope. The core takeaway is that the identity and access management patterns we built for humans are failing for autonomous, millisecond-speed agents. the detection-to-execution speed mismatch The fundamental problem is a mismatch of timescales. The study found that it takes organizations an average of 14 hours to detect a compromised AI agent. An agent, however, operates in milliseconds. That massive gap between machine execution speed and human detection speed creates a critical window of vulnerability. A misconfigured or compromised agent can move laterally across multiple core systems using valid credentials long before a human security team even receives an alert.…