Agent authorization is broken — and authentication passing makes it worse

Anthony Grieco, Cisco’s SVP and chief security and trust officer, did not hesitate when Venture Beat asked whether rogue agent incidents are reaching Cisco’s customer base."A hundred percent. We see them regularly," Grieco told Venture Beat in an exclusive interview at RSAC 2026. "I've heard some that I can't repeat, but they do get to the places of, you know, agents are doing things that they think are the right things to do."The incidents Grieco described follow a consistent pattern: authentication passes, identity checks clear. The agent is exactly who it claims to be. Then it accesses data it was never scoped to touch or takes an action nobody authorized at that level of granularity. The failure is not identity; it's authorization."The business is saying things like, we're gonna have 500 agents per employee," Grieco told VentureBeat. "The security leaders are really focused on how to make sure that we do that securely."Cisco’s State of AI Security 2026 report found that 83% of organizations planned to deploy agentic capabilities, but only 29% felt prepared to secure them. Five vendors shipped agent identity frameworks at RSAC 2026. None closed every gap. That includes Cisco.VentureBeat mapped four authorization gaps across Grieco’s exclusive interview and five independent sources. The prescriptive matrix at the end of this story is what to do about them.The authorization gap nobody has closed yetGrieco came up through Cisco's engineering and threat research organizations before taking a role that straddles both sides of the company's security operation: building the products Cisco sells and running the program that defends Cisco itself. The authorization gap he described is specific and operational."This agent here is a finance agent, but even if it's a finance agent, it shouldn't access all finance data," Grieco told VentureBeat. "It should access the expense reports, and not just expense reports, but the individual expense