- Agentic AI is set to flood enterprises with non-human identities
- SASE platforms weren’t built for this new user class
- Vendors like Versa are racing to adapt with new controls and acquisitions
Security has already gone from hard to harder with the rise of AI as the technology has helped bad actors just as much as it has helped defenders. But the proliferation of AI agents is about to make the situation infinitely more complex. And SASE providers Versa Networks, Cisco, Palo Alto and others are now scrambling to get battlements in place before the fight heats up.
Traditional security systems were built to protect against human actors and their finite numbers. But agentic AI will introduce an infinite number of non-human entities trying to access the network.
“Clearly non-human users are going to outnumber human users,” Kevin Sheu, Versa’s VP of Product Marketing, told Fierce. “I think the last number I saw was in the 80 to 1 range, and my guess is that number will only go up further.”
Knowing which agents to trust and which not to will be critical for enterprises. With agents capable of taking multiple actions and potentially wreaking havoc on their systems, they can’t afford to get it wrong.
The World Economic Forum (WEF) issued a warning in October, noting “Agentic AIs can spawn [non-human identities] in security blind spots that often receive broad, persistent access to sensitive data and systems without the safeguards typically applied to humans … The use of NHIs significantly multiplies an enterprise’s potential attack surface and creates new risks in places that were previously considered secure.”
WEF noted that zero trust architectures have been widely adopted but argued these often stop short of covering non-human entities.
Indeed, Gartner noted in December that SASE providers would need to adapt given agentic AI has created a new class of users that their platforms “were not built to secure.”
Human hands on the wheel
Versa isn’t taking the challenge lightly. The company introduced a zero trust MCP server for SecOps teams in April 2025 and followed up with the debut of its Verbo AI assistant late in the year. Now, it’s extending its zero-trust approach to the Verbo agent at the execution layer as a precursor for the rollout of similar capabilities to agents across the ecosystem.
In a nutshell, the update will ensure that Verbo’s actions are verified with its human user before they’re executed. The idea, Sheu said, is to “put control back in the user’s hands.”
It is still tied to the user at the end of the day. So, it’s about the user enabling and authorizing actions into your system, Sheu said. “Every time the AI tool or app wants to take an action, it checks with the user and then it’s actually that original user who’s tied to the zero-trust construct.”
Asked how this human hands on the wheel approach could possibly scale in a world where agents will wildly outnumber people, Sheu said it will be up to users to decide how much control to delegate to their agents via configuration and policy settings. Some actions they might be comfortable pushing fully autonomous, while others may be so sensitive they want to review every time.
There is, it seems, no easy answer to the agentic security question. Sheu himself noted that there is now an “n x n combination of things that can be accessed,” with human users, agents, models and MCP servers all in the mix. Many of these actions are “pretty much unsecured today,” Sheu said. The goal is to progressively secure more and more of these combinations using an extensible framework.
“There are so many combinations, you want to do this in a unified way because as more use cases come up, you don’t want to be deploying more and more fragmented and disconnected mechanisms to control these things,” Sheu said.
He added Versa has plans for “fairly large scale releases” of new tools in the coming months, but didn’t offer additional specifics.
Everyone’s problem
Versa, of course, isn’t the only one attacking this problem. Cisco in March introduced zero trust access for agentic AI and upped the ante earlier this month when it announced a deal to acquire Astrix, a cybersecurity firm that specializes in non-human entities.
“Astrix wisely avoids broad, ambiguous AI security promises. Instead, the company focuses strictly on the actual mechanisms of access: programmable tokens, API keys, and service accounts. This gives Cisco a definitive identity provider layer tailored almost exclusively for machines,” Futurum Group’s Fernando Montenegro wrote in a research note about the deal.
Palo Alto has been making similar moves, expanding its agentic security capabilities within Prisma SASE and acquiring both agentic endpoint security specialist Koi and AI gateway platform Portkey.