RSA 2026 was wall-to-wall agent security. One major platform vendor announced a control plane for agent identities, generally available in May. A consortium of identity and authentication companies unveiled a framework requiring cryptographic human approval before agents execute high-stakes actions. A governance startup launched a discovery platform for mapping which agents touch which systems. Threat containment was the shared framing.

Look at what they actually built. One product assigns agents unique identities, onboards them through governance workflows, and logs their actions for audit. Another constructs structured profiles of each agent: what it connects to, what identities it uses, what it's authorized to do. A third describes agents needing "accountable human managers."

Strip away the security branding and you're looking at org charts.

The average enterprise now runs 37 AI agents. Most were never reviewed by a security team. More than half operate without oversight or logging. Only 24.4% of organizations can see which of their agents are talking to each other. The security industry looked at this and saw a threat surface, which it is. The tools they're reaching for, though, tell a more specific story: onboarding, identity management, accountability structures. The vocabulary of workforce management.

Everyone reaches for the shadow IT comparison. A decade ago, employees adopted Dropbox and unsanctioned SaaS tools faster than governance could follow. By 2015, Gartner estimated 30–40 percent of enterprise IT spending happened outside the central IT budget. The analogy is useful for about thirty seconds. Shadow IT was passive infrastructure. A rogue project board sat there until someone used it. An agent acts. It calls APIs, writes to databases, triggers workflows, invokes other agents. When Delinea surveyed over 2,000 IT decision-makers this year, 90% reported organizational pressure to loosen identity controls so AI initiatives could move faster. Shadow IT gave you unsanctioned infrastructure. Agents gave you an unsanctioned workforce.

Individual teams spin up agents to solve local problems. Those agents get connected to shared systems. They acquire permissions. They trigger processes that other agents depend on. None of this is designed. It emerges the way informal reporting lines emerge in any organization where the formal structure doesn't match the actual work. But a human shadow hierarchy takes months to crystallize. An agent can be connected to production systems in minutes. And only 9% of organizations can stop it before it completes an action.

The security industry is building HR for agents. That phrase sounds glib, but it's worth sitting with. The products announced at RSA onboard agents. They assign them to human managers. They construct identity profiles and access reviews. They sort agent actions into tiers of consequentiality, routine versus high-stakes, the way organizations sort employee decision authority. The industry reached for workforce management vocabulary because the problem is a workforce problem.

The trajectory is where it gets interesting. The parallel structure runs continuously. It doesn't wait for meetings. Three-quarters of enterprises can't see how it's wired together. Inquiries about multi-agent architectures surged over 1,400% between early 2024 and mid-2025, according to Gartner, meaning agents are increasingly being designed to coordinate with other agents. The communication graph between agents is growing denser while the humans who nominally manage them lose visibility into how those connections form. At some point the agent org chart becomes more interconnected than the human one it was built to serve. The security vendors seem to sense this. Their governance tools already assume a workforce that needs to be managed, a permanent organizational layer that keeps growing faster than anyone can draw the lines.